@opengis/admin 0.3.33 → 0.3.35

package/server/routes/notifications/controllers/userNotifications.js

@@ -36,7 +36,7 @@ export default async function userNotifications({
 
   if (query.sql) return q;
 
-  const { rows = [] } = await pg.query(q, [uid, limit, offset]);
+  const { rows = [] } = pg.pk?.['crm.notifications'] ? await pg.query(q, [uid, limit, offset]) : {};
 
   const values = rows.map((el) => el.author_id)
     ?.filter((el, idx, arr) => el && arr.indexOf(el) === idx);

package/server/routes/widget/controllers/widget.del.js

@@ -1,5 +1,8 @@
+import { pgClients, logChanges } from "@opengis/fastify-table/utils.js";
 import { isFileExists } from "@opengis/fastify-file/utils.js";
 
+import { isAdmin } from "../../../../utils.js";
+
 async function checkAccess(pg, objectid, id) {
   const { uid, filepath } = await pg.query(`select uid, file_path as filepath from crm.files where entity_id=$1 and file_id=$2`, [objectid, id])
     .then(el => el.rows?.[0] || {});
@@ -25,39 +28,53 @@ async function checkAccess(pg, objectid, id) {
  * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
  */
 
-import { pgClients, logChanges } from "@opengis/fastify-table/utils.js";
+export default async function widgetDel(req, reply) {
+  const {
+    pg = pgClients.client, params = {}, user = {},
+  } = req;
+
+  if (!user?.uid) {
+    return reply.status(401).send('access restricted: user not authorized');
+  }
 
-export default async function widgetDel({
-  pg = pgClients.client, params = {}, session = {},
-}, reply) {
-  const { user = {} } = session.passport || {};
-  if (!user.uid) return { error: 'access restricted', status: 403 };
   const { type, objectid, id } = params;
 
-  if (!objectid) return { error: 'id required', status: 400 };
+  if (!objectid) {
+    return reply.status(400).send('not enough params: id');
+  }
 
   // force delete db entry if file not exists
   const { exists, uid } = ['file', 'gallery'].includes(type) ? await checkAccess(pg, objectid, id) : {};
 
-  if (exists && !user?.user_type?.includes?.('admin') && uid && user?.uid !== uid) {
+  if (exists && !isAdmin(req) && uid && user?.uid !== uid) {
     return reply.status(403).send('access restricted: file exists, not an author');
   }
 
   const sqls = {
-    comment: 'delete from crm.communications where entity_id=$1 and uid=$2 and communication_id=$3',
-    checklist: 'delete from crm.checklists where entity_id=$1 and uid=$2 and checklist_id=$3',
-    file: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || user?.user_type?.includes?.('admin') ? '$2=$2' : 'uid=$2'} and file_id=$3 returning uploaded_name`,
-    gallery: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || user?.user_type?.includes?.('admin') ? '$2=$2' : 'uid=$2'} and file_id=$3 returning uploaded_name`,
+    comment: `delete from crm.communications where entity_id=$1 and ${isAdmin(req) ? '$2=$2' : 'uid=$2'} and communication_id=$3`,
+    checklist: `delete from crm.checklists where entity_id=$1 and ${isAdmin(req) ? '$2=$2' : 'uid=$2'} and checklist_id=$3`,
+    file: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || isAdmin(req) ? '$2=$2' : 'uid=$2'} and file_id=$3 returning uploaded_name`,
+    gallery: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || isAdmin(req) ? '$2=$2' : 'uid=$2'} and file_id=$3 returning uploaded_name`,
   };
+
   const sql = sqls[type];
-  // console.log(sql);
-  if (!sql) return reply.status(400).send('type not valid');
+  const table = {
+    comment: 'crm.communications',
+    checklist: 'crm.checklists',
+    file: 'crm.files',
+    gallery: 'crm.files',
+  }[type];
+
+  if (!sql) {
+    return reply.status(400).send('invalid widget type');
+  }
 
   const { rows = [] } = await pg.query(sql, [objectid, user.uid, id]);
-  const table = { comment: 'crm.communications', checklist: 'crm.checklists', file: 'crm.files', gallery: 'crm.files' }[type];
+
   await logChanges({
     pg, table, id, data: rows[0], uid: user?.uid, type: 'DELETE',
   });
+
   return { data: { id }, user: { uid: user.uid, name: user.user_name } };
 
 }

package/server/routes/widget/controllers/widget.get.js

@@ -9,8 +9,8 @@ const username = `coalesce(u.sur_name,'')||coalesce(' '||u.user_name,'') ||coale
  */
 
 export default async function widgetGet({
-  pg = pgClients.client, user = {}, params = {}, query = {},
-}) {
+  pg = pgClients.client, user = {}, params = {}, query = {}, unittest,
+}, reply) {
   const param = user?.uid ? await getToken({
     token: params.objectid, mode: 'w', uid: user.uid,
   }) : null;
@@ -18,7 +18,7 @@ export default async function widgetGet({
   const objectid = param ? JSON.parse(param)?.id : params.objectid;
 
   if (!objectid) {
-    return { message: 'id required', status: 400 };
+    return reply.status(400).send('not enough params: id');
   }
 
   const sqls = {
@@ -87,10 +87,11 @@ export default async function widgetGet({
       isverified, uid as author, file_status FROM crm.files c where entity_id=$1 and file_status<>3 and ext = any($2) order by cdate desc`,
 
   };
+
   const sql = sqls[params.type];
 
   if (!sql) {
-    return { message: 'param type not valid', status: 400 };
+    return reply.status(400).send('invalid widget type');
   }
 
 
@@ -101,13 +102,17 @@ export default async function widgetGet({
   time.push(Date.now());
 
   /* Object info  */
-  const { tableName } = pg.pk['log.table_changes'] ? await pg.one('select entity_type as "tableName" from log.table_changes where entity_id=$1 limit 1', [objectid]) : {};
-  const { pk } = await getMeta({ table: tableName });
+  const { tableName } = pg.pk['log.table_changes'] ? await pg.query('select entity_type as "tableName" from log.table_changes where entity_id=$1 limit 1', [objectid]).then(el => el.rows?.[0] || {}) : {};
+  const { pk } = await getMeta({ pg, table: tableName });
+
+  if (!pk && !unittest) {
+    return reply.status(404).send('table not found');
+  }
 
   const q = tableName && pg.pk['admin.users'] ? `select ${username} as author, u.login, a.cdate, a.editor_date from ${tableName} a 
   left join admin.users u on a.uid=u.uid where a.${pk}=$1 limit 1` : undefined;
 
-  const data = pk && q ? await pg.one(q, [objectid]) : {};
+  const data = pk && q ? await pg.query(q, [objectid]).then(el => el.rows?.[0] || {}) : {};
 
   if (query.debug && user?.user_type === 'admin') {
     return {

package/server/routes/widget/controllers/widget.set.js

@@ -19,14 +19,19 @@ const pkList = {
 
 const galleryExtList = ['png', 'svg', 'jpg', 'jpeg', 'gif', 'mp4', 'mov', 'avi'];
 
-export default async function widgetSet(req) {
+export default async function widgetSet(req, reply) {
   const {
-    pg, params = {}, session = {}, body = {},
+    pg, params = {}, session = {}, body = {}, user = {},
   } = req;
-  const { user = {} } = session.passport || {};
   const { type, id, objectid } = params;
-  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) return { message: 'param type not valid', status: 400 };
-  if (!objectid) return { message: 'id required', status: 400 };
+
+  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) {
+    return reply.status(400).send('param type not valid');
+  }
+
+  if (!objectid) {
+    return reply.status(400).send('not enough params: id');
+  }
 
   const table = tableList[type];
 
@@ -46,22 +51,26 @@ export default async function widgetSet(req) {
     };
 
     if (type === 'gallery' && !galleryExtList.includes(extName.toLowerCase())) {
-      return { message: 'invalid file extension', status: 400 };
+      return reply.status(400).send('invalid file extension');
     }
 
     const { rows = [] } = await dataInsert({
-      table: 'crm.files', data, uid: user?.uid,
+      pg, table: 'crm.files', data, uid: user?.uid,
     });
     return {
       rowCount: 1, data: 'ok', command: 'UPLOAD', id: rows[0]?.file_id, entity_id: rows[0]?.entity_id,
     };
   }
   const { pk } = await getMeta({ pg, table });
-  if (!pk) return { message: 'table not found', status: 404 };
+
+  if (!pk) {
+    return reply.status(404).send('table not found');
+  }
 
   const data = { ...body, uid: user?.uid, entity_id: objectid };
 
   await applyHook('onWidgetSet', {
+    pg,
     link: req.path,
     id,
     objectid,
@@ -72,10 +81,10 @@ export default async function widgetSet(req) {
 
   const result = id
     ? await dataUpdate({
-      table, data, id, uid: user?.uid,
+      pg, table, data, id, uid: user?.uid,
     })
     : await dataInsert({
-      table, data, uid: user?.uid,
+      pg, table, data, uid: user?.uid,
     });
 
   return {

package/server/utils/isAdmin.js

@@ -0,0 +1,8 @@
+import { config } from '@opengis/fastify-table/utils.js';
+
+const isAdmin = (req) => process.env.NODE_ENV === 'admin'
+    || config.admin
+    || req?.hostname?.split?.(':')?.shift?.() === config.adminDomain
+    || req?.hostname?.startsWith?.('admin');
+
+export default isAdmin;

package/server/{routes/notifications/funcs → utils}/sendNotification.js

@@ -1,9 +1,11 @@
+import { handlebars, pgClients, getTemplate, getRedis, logger } from '@opengis/fastify-table/utils.js';
+
+import sendEmail from './sendEmail.js';
+
 // eslint-disable-next-line max-len, no-control-regex
 const emailReg = /(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])/g;
 
-import sendEmail from './utils/sendEmail.js';
-
-import { handlebars, pgClients, getTemplate, getRedis, logger } from '@opengis/fastify-table/utils.js';
+const rclient = getRedis();
 
 async function generateNotificationContent({
   pg, table, template, id, message, data: data1,
@@ -35,10 +37,6 @@ export default async function notification({
   id,
   nocache,
 }) {
-  const rclient = getRedis();
-
-  if (!pg) throw new Error('need pg');
-
   if (pg?.readonly) {
     return null;
   }
@@ -46,7 +44,6 @@ export default async function notification({
   const keyTo = `${pg.options?.database}:mail:${provider[0]}:${to || ''}${id || ''}${table || ''}${title || ''}`;
   const uniqueTo = await rclient.setnx(keyTo, 1);
 
-
   if (!uniqueTo && !nocache) {
     logger.file('notification/sent', { keyTo, send: uniqueTo, nocache });
     return `already sent: ${keyTo}`;

package/utils.js

@@ -1,9 +1,9 @@
 import yamlSafe from 'js-yaml';
 
 
-
-import addNotification from './server/routes/notifications/funcs/addNotification.js';
-import sendNotification from './server/routes/notifications/funcs/sendNotification.js';
+import isAdmin from './server/utils/isAdmin.js';
+import addNotification from './server/utils/addNotification.js';
+import sendNotification from './server/utils/sendNotification.js';
 
 import getAdminAccess from './server/plugins/access/funcs/getAdminAccess.js';
 
@@ -19,6 +19,7 @@ Object.assign(yamlSafe, { loadSafe });
 
 export default null;
 export {
+  isAdmin,
   yamlSafe,
   addNotification,
   sendNotification,

package/server/routes/dblist/controllers/readItems.js

@@ -1,20 +0,0 @@
-import { dblist, getRedis } from '@opengis/fastify-table/utils.js';
-
-import formatData from '../utils/formatData.js';
-
-const rclient = getRedis();
-
-export default async function readItemList(req) {
-  const rows = formatData(dblist);
-  const uid = req.session.passport?.user?.uid // login db
-    || req.session.passport?.user?.username // login passwd
-    || '2';
-
-  const key = `current-db:${uid}`;
-  const ttl = await rclient.ttl(key);
-  const currentId = await rclient.get(key);
-  rclient.setex(key, 60 * 60 * 10000, currentId);
-
-  const { originalMaxAge, expires } = req.session?.cookie || {};
-  return { ttl, current: currentId || rows[0]?.id, rows, user: { ...req.user, originalMaxAge, expires, uid }, };
-}

package/server/routes/dblist/controllers/setItem.js

@@ -1,22 +0,0 @@
-import { dblist, getRedis } from '@opengis/fastify-table/utils.js';
-
-export default async function setItem(req) {
-  const { params = {} } = req;
-  const { id } = params;
-
-  if (!id) return { error: 'not enough params', status: 400 };
-
-  const current = dblist.find((el) => [el.id, el.key].includes(id));
-  if (!current?.database) {
-    return { error: 'invalid param id', status: 400 };
-  }
-
-  const rclient = getRedis();
-  const uid = req.session.passport?.user?.uid // login db
-    || req.session.passport?.user?.username // login passwd
-    || '2';
-
-  await rclient.setex(`current-db:${uid}`, 60 * 60 * 10000, id);
-
-  return { current: id };
-}

package/server/routes/dblist/index.mjs

@@ -1,18 +0,0 @@
-import readItemList from './controllers/readItems.js';
-import setItem from './controllers/setItem.js';
-
-export default async function plugin(fastify) {
-
-  fastify.route({
-    method: 'GET',
-    url: '/db-list',
-    config: { policy: ['site'] },
-    handler: readItemList,
-  });
-  fastify.route({
-    method: 'GET',
-    url: '/db-list/:id',
-    config: { policy: ['site'] },
-    handler: setItem,
-  });
-}

package/server/routes/dblist/utils/formatData.js

@@ -1,7 +0,0 @@
-const showKeys = ['id', 'key', 'title'];
-
-export default function formatData(data = []) {
-  return data?.length
-    ? data.map((el) => Object.keys(el).filter((key) => showKeys.includes(key)).reduce((acc, curr) => Object.assign(acc, { [curr]: el[curr] }), {}))
-    : [];
-}