@opengis/admin 0.3.19 → 0.3.20

package/server/routes/user/controllers/user.cls.js

@@ -1,72 +1,72 @@
-import { readFile } from 'node:fs/promises';
-import { getTemplatePath, pgClients } from '@opengis/fastify-table/utils.js';
-
-export default async function userCls(req) {
-  const {
-    pg = pgClients.client, params = {}, query = {}, user = {},
-  } = req;
-  const { uid } = user || {};
-
-  if (!uid) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  if (query.type && !['json', 'sql'].includes(query.type)) {
-    return { message: 'param type is invalid', status: 400 };
-  }
-
-  const q = `select user_clsid as id, name, type, 
-  case when type='json' then (
-      ${params?.id
-      ? `(with recursive rows as (
-        select user_clsid, code as id, name as text, icon, color, parent
-        from admin.user_cls a
-        where name=u.name
-        union all
-        select a.user_clsid, a.code, a.name, a.icon, a.color, a.parent
-        from admin.user_cls a
-        join rows b on a.parent=b.text
-      ) select json_agg(row_to_json(q)) from rows q where text<>u.name
-     )`
-      : 'select count(*)::int from admin.user_cls where parent=u.name'} ) else null end as children, 
-      case when type='sql' then data else null end as sql from admin.user_cls u
-    where (case when type='json' then parent is null else true end)
-    and uid=(select uid from admin.users where $1 in (login,uid) limit 1)
-    and parent is null and ${query.type ? `type='${query.type}'` : '1=1'} and ${params?.id ? 'u.name=$2' : '1=1'}
-    order by cdate desc`;
-
-  if (query?.sql) return q;
-
-
-  const { rows = [] } = await pg.query(q, [uid, params.id].filter((el) => el));
-
-  rows.forEach((row) => {
-    if (row.type === 'sql') delete row.children;
-    if (row.type === 'json') { delete row.sql; Object.assign(row, { children: row.children || (params?.id ? [] : 0) }); }
-  });
-
-  const clsList = query.type === 'sql' ? [] : getTemplatePath('cls'); // skip cls if type sql
-  const selectList = query.type === 'json' ? [] : getTemplatePath('select'); // skip sql if type json
-
-  const userClsNames = rows.map((el) => el.name);
-  const selectNames = selectList.map((el) => el[0]);
-
-  const arr = (clsList || []).concat(selectList || []).map((el) => ({ name: el[0], path: el[1], type: el[2] }))
-    ?.filter((el) => (params?.id ? el.name === params?.id : true))
-    ?.filter((el) => ['sql', 'json'].includes(el?.type) && !userClsNames.includes(el.name))
-    ?.filter((el) => (el?.type === 'json' ? !selectNames?.includes(el?.name) : true));
-
-  const res = await Promise.all(arr?.map(async (el) => {
-    const type = { json: 'cls', sql: 'select' }[el.type] || el.type;
-    // const clsData = await getSelect(type, el.name);
-    const str = await readFile(el.path, 'utf-8');
-    const clsData = type === 'cls' ? JSON.parse(str) : str;
-    if (type === 'cls') {
-      const children = params?.id ? clsData : clsData?.length || 0;
-      return { name: el.name, type: el.type, children };
-    }
-    return { name: el.name, type: el.type, sql: clsData?.sql || clsData };
-  }));
-
-  return { message: { rows: rows.concat(res) }, status: 200 };
-}
+import { readFile } from 'node:fs/promises';
+import { getTemplatePath, pgClients } from '@opengis/fastify-table/utils.js';
+
+export default async function userCls(req) {
+  const {
+    pg = pgClients.client, params = {}, query = {}, user = {},
+  } = req;
+  const { uid } = user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (query.type && !['json', 'sql'].includes(query.type)) {
+    return { message: 'param type is invalid', status: 400 };
+  }
+
+  const q = `select user_clsid as id, name, type, 
+  case when type='json' then (
+      ${params?.id
+      ? `(with recursive rows as (
+        select user_clsid, code as id, name as text, icon, color, parent
+        from admin.user_cls a
+        where name=u.name
+        union all
+        select a.user_clsid, a.code, a.name, a.icon, a.color, a.parent
+        from admin.user_cls a
+        join rows b on a.parent=b.text
+      ) select json_agg(row_to_json(q)) from rows q where text<>u.name
+     )`
+      : 'select count(*)::int from admin.user_cls where parent=u.name'} ) else null end as children, 
+      case when type='sql' then data else null end as sql from admin.user_cls u
+    where (case when type='json' then parent is null else true end)
+    and uid=(select uid from admin.users where $1 in (login,uid) limit 1)
+    and parent is null and ${query.type ? `type='${query.type}'` : '1=1'} and ${params?.id ? 'u.name=$2' : '1=1'}
+    order by cdate desc`;
+
+  if (query?.sql) return q;
+
+
+  const { rows = [] } = await pg.query(q, [uid, params.id].filter((el) => el));
+
+  rows.forEach((row) => {
+    if (row.type === 'sql') delete row.children;
+    if (row.type === 'json') { delete row.sql; Object.assign(row, { children: row.children || (params?.id ? [] : 0) }); }
+  });
+
+  const clsList = query.type === 'sql' ? [] : getTemplatePath('cls'); // skip cls if type sql
+  const selectList = query.type === 'json' ? [] : getTemplatePath('select'); // skip sql if type json
+
+  const userClsNames = rows.map((el) => el.name);
+  const selectNames = selectList.map((el) => el[0]);
+
+  const arr = (clsList || []).concat(selectList || []).map((el) => ({ name: el[0], path: el[1], type: el[2] }))
+    ?.filter((el) => (params?.id ? el.name === params?.id : true))
+    ?.filter((el) => ['sql', 'json'].includes(el?.type) && !userClsNames.includes(el.name))
+    ?.filter((el) => (el?.type === 'json' ? !selectNames?.includes(el?.name) : true));
+
+  const res = await Promise.all(arr?.map(async (el) => {
+    const type = { json: 'cls', sql: 'select' }[el.type] || el.type;
+    // const clsData = await getSelect(type, el.name);
+    const str = await readFile(el.path, 'utf-8');
+    const clsData = type === 'cls' ? JSON.parse(str) : str;
+    if (type === 'cls') {
+      const children = params?.id ? clsData : clsData?.length || 0;
+      return { name: el.name, type: el.type, children };
+    }
+    return { name: el.name, type: el.type, sql: clsData?.sql || clsData };
+  }));
+
+  return { message: { rows: rows.concat(res) }, status: 200 };
+}

package/server/routes/user/controllers/user.info.js

@@ -1,17 +1,17 @@
-export default async function userInfo({
-  pg, session = {},
-}) {
-  const { uid } = session.passport?.user || {};
-
-  if (!uid) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  const data = await pg.query(`select user_name, sur_name, father_name, user_rnokpp, user_type, email, login from admin.users 
-  where uid=$1`, [uid]).then((res) => res.rows?.[0] || {});
-
-    const { notifications = 0 } = await pg.query(`select count(*)::int as notifications from crm.notifications 
-    where addressee_id=$1 and read is not true`, [uid]).then((res) => res.rows?.[0] || {});
-    return { uid, ...data, notifications };
-
-}
+export default async function userInfo({
+  pg, session = {},
+}) {
+  const { uid } = session.passport?.user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  const data = await pg.query(`select user_name, sur_name, father_name, user_rnokpp, user_type, email, login from admin.users 
+  where uid=$1`, [uid]).then((res) => res.rows?.[0] || {});
+
+    const { notifications = 0 } = await pg.query(`select count(*)::int as notifications from crm.notifications 
+    where addressee_id=$1 and read is not true`, [uid]).then((res) => res.rows?.[0] || {});
+    return { uid, ...data, notifications };
+
+}

package/server/routes/user/schema.js

@@ -1,14 +1,14 @@
-const userClsSchema = {
-  quertstring: {
-    sql: { type: 'string', pattern: '^(\\d)$' },
-  },
-};
-
-const userClsIdSchema = {
-  params: {
-    id: { type: 'string', pattern: '^([\\d\\w\\.]+)$' },
-  },
-};
-
-export { userClsSchema, userClsIdSchema };
-export default null;
+const userClsSchema = {
+  quertstring: {
+    sql: { type: 'string', pattern: '^(\\d)$' },
+  },
+};
+
+const userClsIdSchema = {
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w\\.]+)$' },
+  },
+};
+
+export { userClsSchema, userClsIdSchema };
+export default null;

package/server/routes/util/controllers/code.generator.js

@@ -1,89 +1,89 @@
-import { getTemplate, handlebarsSync, pgClients, getToken } from "@opengis/fastify-table/utils.js";
-
-function dayOfTheYear(date) {
-  const start = new Date(date.getFullYear(), 0, 0);
-  const diff = (date - start) + ((start.getTimezoneOffset() - date.getTimezoneOffset()) * 60 * 1000);
-  const oneDay = 1000 * 60 * 60 * 24;
-  const day = Math.floor(diff / oneDay);
-  return day;
-}
-
-export default async function codeGenerator({
-  pg = pgClients.client, params = {}, user = {}, query = {},
-}, reply) {
-  const { token, column } = params;
-  const data = query.data?.split?.(';') || [];
-
-  if (!token || !column) {
-    return reply.status(400).send('not enough params: token / column');
-  }
-
-  if (!user?.uid) {
-    return reply.status(401).send('access restricted: token');
-  }
-
-  const tokenData = await getToken({ token, uid: user?.uid, json: 1 }) || {};
-
-  if (!tokenData?.form || !tokenData?.table) {
-    return reply.status(401).send('token not allow');
-  }
-
-  const loadTemplate = await getTemplate('form', tokenData.form);
-  const schema = loadTemplate?.schema || loadTemplate;
-
-  if (!schema) {
-    return reply.status(404).send('form not found');
-  }
-
-  if (!schema?.[column]?.template) {
-    return reply.status(400).send('template not specified');
-  }
-
-  const columnValue = data.find(el => el.startsWith(column))?.split('=')?.pop();
-
-  const loadTable = await getTemplate('table', tokenData.table);
-  const table = loadTable?.table || tokenData.table;
-
-  if (!pg.pk?.[table]) {
-    return reply.status(404).send('table pk not found');
-  }
-
-  const { count = 0 } = await pg.query(
-    `select count(*) from ${table} where ${columnValue ? `${column}::text = '${columnValue}'` : 'true'} limit 1`,
-  ).then(el => el.rows?.[0] || {});
-
-  const { NUMY = 0 } = await pg.query(
-    `select ${column} as "NUMY" from ${table} where ${column} is not null and date_part('year', cdate) = $1 order by cdate desc limit 1`,
-    [(new Date()).getFullYear()]
-  ).then(el => el.rows?.[0] || {});
-
-  const date = new Date();
-
-  const template = schema[column].template.match(/NUM[M|Y] \d/g)
-    .reduce((acc, curr) => acc.replace(
-      curr.startsWith('{{{') ? `{{{${curr}}}}` : `{{${curr}}}`,
-      handlebarsSync.compile(`{{paddingNumber value padding}}`)({ padding: curr.substring(4, curr.length)?.trim?.(), value: curr.startsWith('NUMY') ? NUMY : +count + 1 })),
-      schema[column].template
-    );
-  const result = handlebarsSync.compile(template)({
-    HH: date.getHours(),                      // hours 24h: 14:00 = 14
-    HH12: (date.getHours() + 24) % 12 || 12,  // hours 12h: 14:00 = 2
-    HH24: date.getHours(),                    // hours 24h: 14:00 = 14
-    MI: date.getMinutes(),                    // minutes
-    SS: date.getSeconds(),                    // seconds
-
-    YYYY: date.getFullYear(),                           // full year: 2025
-    YY: date.getFullYear().toString().substring(2, 4),  // last 2 digits of year: 25
-
-    MONTH: date.toLocaleString('en', { month: 'long' }).toUpperCase(),               // month name: MARCH
-    MON: date.toLocaleString('en', { month: 'long' }).substring(0, 3).toUpperCase(), // month name abbrev: MAR
-    MM: date.getMonth() + 1,                                                         // month number: 1 - january, 12 - december
-
-    D: date.getDay(),         // day of the week: 1 - monday, 7 - sunday
-    DD: date.getDate(),       // day of the month: january 4 = 4
-    DDD: dayOfTheYear(date),  // day of the year: march 4 = 63
-    ...data,
-  });
-
-  return reply.status(200).send(result);
-}
+import { getTemplate, handlebarsSync, pgClients, getToken } from "@opengis/fastify-table/utils.js";
+
+function dayOfTheYear(date) {
+  const start = new Date(date.getFullYear(), 0, 0);
+  const diff = (date - start) + ((start.getTimezoneOffset() - date.getTimezoneOffset()) * 60 * 1000);
+  const oneDay = 1000 * 60 * 60 * 24;
+  const day = Math.floor(diff / oneDay);
+  return day;
+}
+
+export default async function codeGenerator({
+  pg = pgClients.client, params = {}, user = {}, query = {},
+}, reply) {
+  const { token, column } = params;
+  const data = query.data?.split?.(';') || [];
+
+  if (!token || !column) {
+    return reply.status(400).send('not enough params: token / column');
+  }
+
+  if (!user?.uid) {
+    return reply.status(401).send('access restricted: token');
+  }
+
+  const tokenData = await getToken({ token, uid: user?.uid, json: 1 }) || {};
+
+  if (!tokenData?.form || !tokenData?.table) {
+    return reply.status(401).send('token not allow');
+  }
+
+  const loadTemplate = await getTemplate('form', tokenData.form);
+  const schema = loadTemplate?.schema || loadTemplate;
+
+  if (!schema) {
+    return reply.status(404).send('form not found');
+  }
+
+  if (!schema?.[column]?.template) {
+    return reply.status(400).send('template not specified');
+  }
+
+  const columnValue = data.find(el => el.startsWith(column))?.split('=')?.pop();
+
+  const loadTable = await getTemplate('table', tokenData.table);
+  const table = loadTable?.table || tokenData.table;
+
+  if (!pg.pk?.[table]) {
+    return reply.status(404).send('table pk not found');
+  }
+
+  const { count = 0 } = await pg.query(
+    `select count(*) from ${table} where ${columnValue ? `${column}::text = '${columnValue}'` : 'true'} limit 1`,
+  ).then(el => el.rows?.[0] || {});
+
+  const { NUMY = 0 } = await pg.query(
+    `select ${column} as "NUMY" from ${table} where ${column} is not null and date_part('year', cdate) = $1 order by cdate desc limit 1`,
+    [(new Date()).getFullYear()]
+  ).then(el => el.rows?.[0] || {});
+
+  const date = new Date();
+
+  const template = schema[column].template.match(/NUM[M|Y] \d/g)
+    .reduce((acc, curr) => acc.replace(
+      curr.startsWith('{{{') ? `{{{${curr}}}}` : `{{${curr}}}`,
+      handlebarsSync.compile(`{{paddingNumber value padding}}`)({ padding: curr.substring(4, curr.length)?.trim?.(), value: curr.startsWith('NUMY') ? NUMY : +count + 1 })),
+      schema[column].template
+    );
+  const result = handlebarsSync.compile(template)({
+    HH: date.getHours(),                      // hours 24h: 14:00 = 14
+    HH12: (date.getHours() + 24) % 12 || 12,  // hours 12h: 14:00 = 2
+    HH24: date.getHours(),                    // hours 24h: 14:00 = 14
+    MI: date.getMinutes(),                    // minutes
+    SS: date.getSeconds(),                    // seconds
+
+    YYYY: date.getFullYear(),                           // full year: 2025
+    YY: date.getFullYear().toString().substring(2, 4),  // last 2 digits of year: 25
+
+    MONTH: date.toLocaleString('en', { month: 'long' }).toUpperCase(),               // month name: MARCH
+    MON: date.toLocaleString('en', { month: 'long' }).substring(0, 3).toUpperCase(), // month name abbrev: MAR
+    MM: date.getMonth() + 1,                                                         // month number: 1 - january, 12 - december
+
+    D: date.getDay(),         // day of the week: 1 - monday, 7 - sunday
+    DD: date.getDate(),       // day of the month: january 4 = 4
+    DDD: dayOfTheYear(date),  // day of the year: march 4 = 63
+    ...data,
+  });
+
+  return reply.status(200).send(result);
+}

package/server/routes/widget/controllers/widget.del.js

@@ -1,47 +1,47 @@
-/**
- * Дістає CRM дані для vue хешує ідентифікатори, підтягує селекти
- *
- * @method DELETE
- * @summary CRM дані для обраного віджета.
- * @priority 2
- * @tag table
- * @type api
- * @requires setTokenById
- * @requires getSelect
- * @param {String} id Ідентифікатор для хешування
- * @param {Any} sql Використовується для повернення sql запиту
- * @param {String} type Тип для хешування даних
- * @errors 400, 500
- * @returns {Number} status Номер помилки
- * @returns {String|Object} error Опис помилки
- * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
- */
-
-import { pgClients, logChanges } from "@opengis/fastify-table/utils.js";
-
-export default async function widgetDel({
-  pg = pgClients.client, params = {}, session = {},
-}) {
-  const { user = {} } = session.passport || {};
-  if (!user.uid) return { error: 'access restricted', status: 403 };
-  const { type, objectid, id } = params;
-
-  if (!objectid) return { error: 'id required', status: 400 };
-
-  const sqls = {
-    comment: 'delete from crm.communications where entity_id=$1 and uid=$2 and communication_id=$3',
-    checklist: 'delete from crm.checklists where entity_id=$1 and uid=$2 and checklist_id=$3',
-    file: 'update crm.files set file_status=3 where entity_id=$1 and uid=$2 and file_id=$3 returning uploaded_name',
-    gallery: 'update crm.files set file_status=3 where entity_id=$1 and uid=$2 and file_id=$3 returning uploaded_name',
-  };
-  const sql = sqls[type];
-  if (!sql) return { error: 'type not valid', status: 401 };
-
-  const { rows = [] } = await pg.query(sql, [objectid, user.uid, id]);
-  const table = { comment: 'crm.communications', checklist: 'crm.checklists', file: 'crm.files', gallery: 'crm.files' }[type];
-  await logChanges({
-    pg, table, id, data: rows[0], uid: user?.uid, type: 'DELETE',
-  });
-  return { data: { id }, user: { uid: user.uid, name: user.user_name } };
-
-}
+/**
+ * Дістає CRM дані для vue хешує ідентифікатори, підтягує селекти
+ *
+ * @method DELETE
+ * @summary CRM дані для обраного віджета.
+ * @priority 2
+ * @tag table
+ * @type api
+ * @requires setTokenById
+ * @requires getSelect
+ * @param {String} id Ідентифікатор для хешування
+ * @param {Any} sql Використовується для повернення sql запиту
+ * @param {String} type Тип для хешування даних
+ * @errors 400, 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+
+import { pgClients, logChanges } from "@opengis/fastify-table/utils.js";
+
+export default async function widgetDel({
+  pg = pgClients.client, params = {}, session = {},
+}) {
+  const { user = {} } = session.passport || {};
+  if (!user.uid) return { error: 'access restricted', status: 403 };
+  const { type, objectid, id } = params;
+
+  if (!objectid) return { error: 'id required', status: 400 };
+
+  const sqls = {
+    comment: 'delete from crm.communications where entity_id=$1 and uid=$2 and communication_id=$3',
+    checklist: 'delete from crm.checklists where entity_id=$1 and uid=$2 and checklist_id=$3',
+    file: 'update crm.files set file_status=3 where entity_id=$1 and uid=$2 and file_id=$3 returning uploaded_name',
+    gallery: 'update crm.files set file_status=3 where entity_id=$1 and uid=$2 and file_id=$3 returning uploaded_name',
+  };
+  const sql = sqls[type];
+  if (!sql) return { error: 'type not valid', status: 401 };
+
+  const { rows = [] } = await pg.query(sql, [objectid, user.uid, id]);
+  const table = { comment: 'crm.communications', checklist: 'crm.checklists', file: 'crm.files', gallery: 'crm.files' }[type];
+  await logChanges({
+    pg, table, id, data: rows[0], uid: user?.uid, type: 'DELETE',
+  });
+  return { data: { id }, user: { uid: user.uid, name: user.user_name } };
+
+}

package/server/routes/widget/controllers/widget.set.js

@@ -1,84 +1,84 @@
-import path from 'path';
-
-import {
-  getMeta, dataInsert, dataUpdate, applyHook,
-} from '@opengis/fastify-table/utils.js';
-
-import { uploadMultiPart } from '@opengis/fastify-file/utils.js';
-
-const tableList = {
-  comment: 'crm.communications',
-  gallery: 'crm.files',
-  checklist: 'crm.checklists',
-};
-const pkList = {
-  comment: 'communication_id',
-  checklist: 'checklist_id',
-  gallery: 'file_id',
-};
-
-const galleryExtList = ['png', 'svg', 'jpg', 'jpeg', 'gif', 'mp4', 'mov', 'avi'];
-
-export default async function widgetSet(req) {
-  const {
-    pg, params = {}, session = {}, body = {},
-  } = req;
-  const { user = {} } = session.passport || {};
-  const { type, id, objectid } = params;
-  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) return { message: 'param type not valid', status: 400 };
-  if (!objectid) return { message: 'id required', status: 400 };
-
-  const table = tableList[type];
-
-  // dsadasdad
-  if (['gallery', 'file'].includes(type) && req.headers['content-type'].split(';').shift() === "multipart/form-data") {
-    const file = await uploadMultiPart(req);
-    const extName = path.extname(file.filepath).slice(1).toLowerCase();
-
-    const data = {
-      uploaded_name: file?.originalFilename?.toLocaleLowerCase()?.replace(/'/g, '\'\''),
-      file_path: file?.relativeFilepath?.replace(/\\/g, '/'),
-      ext: extName,
-      size: file?.size,
-      file_status: 1,
-      uid: user?.uid || 1,
-      entity_id: objectid,
-    };
-
-    if (type === 'gallery' && !galleryExtList.includes(extName.toLowerCase())) {
-      return { message: 'invalid file extension', status: 400 };
-    }
-
-    const { rows = [] } = await dataInsert({
-      table: 'crm.files', data, uid: user?.uid,
-    });
-    return {
-      rowCount: 1, data: 'ok', command: 'UPLOAD', id: rows[0]?.file_id, entity_id: rows[0]?.entity_id,
-    };
-  }
-  const { pk } = await getMeta({ pg, table });
-  if (!pk) return { message: 'table not found', status: 404 };
-
-  const data = { ...body, uid: user?.uid, entity_id: objectid };
-
-  await applyHook('onWidgetSet', {
-    link: req.path,
-    id,
-    objectid,
-    session,
-    type,
-    payload: data,
-  });
-
-  const result = id
-    ? await dataUpdate({
-      table, data, id, uid: user?.uid,
-    })
-    : await dataInsert({
-      table, data, uid: user?.uid,
-    });
-
-  return {
-    rowCount: result.rowCount, data: 'ok', command: result.command, id: result.rows?.[0]?.[pkList[type]] || result?.[pkList[type]],
-  };
-}
+import path from 'path';
+
+import {
+  getMeta, dataInsert, dataUpdate, applyHook,
+} from '@opengis/fastify-table/utils.js';
+
+import { uploadMultiPart } from '@opengis/fastify-file/utils.js';
+
+const tableList = {
+  comment: 'crm.communications',
+  gallery: 'crm.files',
+  checklist: 'crm.checklists',
+};
+const pkList = {
+  comment: 'communication_id',
+  checklist: 'checklist_id',
+  gallery: 'file_id',
+};
+
+const galleryExtList = ['png', 'svg', 'jpg', 'jpeg', 'gif', 'mp4', 'mov', 'avi'];
+
+export default async function widgetSet(req) {
+  const {
+    pg, params = {}, session = {}, body = {},
+  } = req;
+  const { user = {} } = session.passport || {};
+  const { type, id, objectid } = params;
+  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) return { message: 'param type not valid', status: 400 };
+  if (!objectid) return { message: 'id required', status: 400 };
+
+  const table = tableList[type];
+
+  // dsadasdad
+  if (['gallery', 'file'].includes(type) && req.headers['content-type'].split(';').shift() === "multipart/form-data") {
+    const file = await uploadMultiPart(req);
+    const extName = path.extname(file.filepath).slice(1).toLowerCase();
+
+    const data = {
+      uploaded_name: file?.originalFilename?.toLocaleLowerCase()?.replace(/'/g, '\'\''),
+      file_path: file?.relativeFilepath?.replace(/\\/g, '/'),
+      ext: extName,
+      size: file?.size,
+      file_status: 1,
+      uid: user?.uid || 1,
+      entity_id: objectid,
+    };
+
+    if (type === 'gallery' && !galleryExtList.includes(extName.toLowerCase())) {
+      return { message: 'invalid file extension', status: 400 };
+    }
+
+    const { rows = [] } = await dataInsert({
+      table: 'crm.files', data, uid: user?.uid,
+    });
+    return {
+      rowCount: 1, data: 'ok', command: 'UPLOAD', id: rows[0]?.file_id, entity_id: rows[0]?.entity_id,
+    };
+  }
+  const { pk } = await getMeta({ pg, table });
+  if (!pk) return { message: 'table not found', status: 404 };
+
+  const data = { ...body, uid: user?.uid, entity_id: objectid };
+
+  await applyHook('onWidgetSet', {
+    link: req.path,
+    id,
+    objectid,
+    session,
+    type,
+    payload: data,
+  });
+
+  const result = id
+    ? await dataUpdate({
+      table, data, id, uid: user?.uid,
+    })
+    : await dataInsert({
+      table, data, uid: user?.uid,
+    });
+
+  return {
+    rowCount: result.rowCount, data: 'ok', command: result.command, id: result.rows?.[0]?.[pkList[type]] || result?.[pkList[type]],
+  };
+}