@opengis/cms 0.0.26 → 0.0.28

package/server/routes/cms/controllers/translate.js

@@ -1,90 +1,90 @@
-import { pgClients, eventStream } from "@opengis/fastify-table/utils.js";
-
-import insertContentLocalization from "../utils/insertContentLocalization.js";
-
-const getCollectionId = async (id, pg) => pg.query(`select content_type_id as id, table_name as table, columns FROM site.content_types
-where $1 in (content_type_id, name)`, [id]).then(el => el.rows?.[0] || {});
-
-function sequence(arr, data, fn) {
-    return arr.reduce((promise, id) => promise.then(() => fn({
-        ...data, id,
-    })), Promise.resolve());
-}
-
-export async function translateContent({
-    pg = pgClients.client, query, user,
-}, reply) {
-    if (!query.id) {
-        return reply.status(400).send({ error: 'not enough query params: id', code: 400 });
-    }
-    if (!query.to) {
-        return reply.status(400).send({ error: 'not enough query params: to', code: 400 });
-    }
-
-    const { id, collection = 'pages', from = 'uk', to, nocache } = query;
-    const { id: collectionId, table, columns = [] } = await getCollectionId(collection, pg);
-
-    if (!collectionId) {
-        return reply.status(404).send({ error: 'collection not found', code: 404 });
-    }
-
-    const schemaKeys = columns.filter(el => el.name && el.localization).map(el => el.name);
-
-    if (!schemaKeys.length) {
-        return reply.status(400).send({ error: 'collection does not contain any fields with localization enabled', code: 400 });
-    }
-
-    const result = await insertContentLocalization({ table, id, from, to, nocache, schemaKeys, user }, pg);
-
-    if (result?.error) {
-        return reply.status(result.code).send(result);
-    }
-
-    return result;
-}
-
-export async function translateCollection({
-    pg = pgClients.client, params, query, user,
-}, reply) {
-    if (!query.to) {
-        return reply.status(400).send({ error: 'not enough query params: to', code: 400 });
-    }
-
-    const { id: collectionId, table, columns = [] } = await getCollectionId(params.id, pg);
-
-    if (!collectionId) {
-        return reply.status(404).send({ error: 'collection not found', code: 404 });
-    }
-
-    const schemaKeys = columns.filter(el => el.name && el.localization).map(el => el.name);
-
-    if (!schemaKeys.length) {
-        return reply.status(400).send({ error: 'collection does not contain any fields with localization enabled', code: 400 });
-    }
-
-    const { from = 'uk', to, nocache, debug } = query;
-
-    const send = eventStream(reply);
-
-    send(`target localization: ${to}`);
-    send(`skip existing: ${!nocache}`);
-    send('localization enabled for schema keys: ' + schemaKeys.join(','));
-
-    try {
-        const ids = !table
-            ? await pg.query(`select array_agg(content_id) from site.contents where content_type_id=$1`, [collectionId]).then(el => el.rows?.[0]?.array_agg || [])
-            : await pg.query(`select array_agg(id) from data."${table}"`).then(el => el.rows?.[0]?.array_agg || []);
-
-        const skip = await pg.query('select array_agg(object_id) from site.localization where object_id=any($1::text[]) and split_part(field_key,\':\',2)=$2', [ids, to]).then(el => el.rows?.[0]?.array_agg || []);
-        const filteredIds = nocache ? ids : ids.filter(id => !skip.includes(id));
-
-        send(`target localization already exists for ${ids.length - filteredIds.length}/${ids.length} rows`);
-
-        await sequence(debug ? filteredIds.slice(0, 1) : filteredIds, { send, pg, from, to, table, nocache: true, schemaKeys, user }, insertContentLocalization);
-        return send('translation complete', true);
-    } catch (err) {
-        return send(err.toString(), true);
-    }
-}
-
+import { pgClients, eventStream } from "@opengis/fastify-table/utils.js";
+
+import insertContentLocalization from "../utils/insertContentLocalization.js";
+
+const getCollectionId = async (id, pg) => pg.query(`select content_type_id as id, table_name as table, columns FROM site.content_types
+where $1 in (content_type_id, name)`, [id]).then(el => el.rows?.[0] || {});
+
+function sequence(arr, data, fn) {
+    return arr.reduce((promise, id) => promise.then(() => fn({
+        ...data, id,
+    })), Promise.resolve());
+}
+
+export async function translateContent({
+    pg = pgClients.client, query, user,
+}, reply) {
+    if (!query.id) {
+        return reply.status(400).send({ error: 'not enough query params: id', code: 400 });
+    }
+    if (!query.to) {
+        return reply.status(400).send({ error: 'not enough query params: to', code: 400 });
+    }
+
+    const { id, collection = 'pages', from = 'uk', to, nocache } = query;
+    const { id: collectionId, table, columns = [] } = await getCollectionId(collection, pg);
+
+    if (!collectionId) {
+        return reply.status(404).send({ error: 'collection not found', code: 404 });
+    }
+
+    const schemaKeys = columns.filter(el => el.name && el.localization).map(el => el.name);
+
+    if (!schemaKeys.length) {
+        return reply.status(400).send({ error: 'collection does not contain any fields with localization enabled', code: 400 });
+    }
+
+    const result = await insertContentLocalization({ table, id, from, to, nocache, schemaKeys, user }, pg);
+
+    if (result?.error) {
+        return reply.status(result.code).send(result);
+    }
+
+    return result;
+}
+
+export async function translateCollection({
+    pg = pgClients.client, params, query, user,
+}, reply) {
+    if (!query.to) {
+        return reply.status(400).send({ error: 'not enough query params: to', code: 400 });
+    }
+
+    const { id: collectionId, table, columns = [] } = await getCollectionId(params.id, pg);
+
+    if (!collectionId) {
+        return reply.status(404).send({ error: 'collection not found', code: 404 });
+    }
+
+    const schemaKeys = columns.filter(el => el.name && el.localization).map(el => el.name);
+
+    if (!schemaKeys.length) {
+        return reply.status(400).send({ error: 'collection does not contain any fields with localization enabled', code: 400 });
+    }
+
+    const { from = 'uk', to, nocache, debug } = query;
+
+    const send = eventStream(reply);
+
+    send(`target localization: ${to}`);
+    send(`skip existing: ${!nocache}`);
+    send('localization enabled for schema keys: ' + schemaKeys.join(','));
+
+    try {
+        const ids = !table
+            ? await pg.query(`select array_agg(content_id) from site.contents where content_type_id=$1`, [collectionId]).then(el => el.rows?.[0]?.array_agg || [])
+            : await pg.query(`select array_agg(id) from data."${table}"`).then(el => el.rows?.[0]?.array_agg || []);
+
+        const skip = await pg.query('select array_agg(object_id) from site.localization where object_id=any($1::text[]) and split_part(field_key,\':\',2)=$2', [ids, to]).then(el => el.rows?.[0]?.array_agg || []);
+        const filteredIds = nocache ? ids : ids.filter(id => !skip.includes(id));
+
+        send(`target localization already exists for ${ids.length - filteredIds.length}/${ids.length} rows`);
+
+        await sequence(debug ? filteredIds.slice(0, 1) : filteredIds, { send, pg, from, to, table, nocache: true, schemaKeys, user }, insertContentLocalization);
+        return send('translation complete', true);
+    } catch (err) {
+        return send(err.toString(), true);
+    }
+}
+
 export default null;

package/server/routes/cms/controllers/updateContent.js

@@ -1,239 +1,239 @@
-import { config, pgClients, dataUpdate, dataInsert, getTemplate, checkSQL, logger } from '@opengis/fastify-table/utils.js';
-
-import { existsSync, readFileSync } from 'node:fs';
-
-const inputTypes = existsSync('input-types.json') ? JSON.parse(readFileSync('input-types.json') || '{}') : {};
-
-import updateLocalization from '../utils/updateLocalization.js';
-
-const defaultColumns = [
-    'content_id',
-    'space_id',
-    'content_type_id',
-    'created_at',
-    'updated_at',
-    'published_at',
-    'revision',
-    'locale',
-    'status',
-    'slug',
-    'title',
-    'created_by',
-    'published_by',
-    'updated_by',
-    'meta',
-];
-
-export default async function updateContent(req, reply) {
-    const {
-        pg = pgClients.client,
-        params = {},
-        user = {},
-        body = {},
-        headers = {},
-    } = req;
-
-    const { type, id } = params;
-
-    if (!type) {
-        return reply.status(400).send('not enough params: type');
-    }
-
-    if (!id) {
-        return reply.status(400).send('not enough params: id');
-    }
-
-    if (!Object.keys(body || {}).length) {
-        return reply.status(400).send('empty body');
-    }
-
-    const arr = config.pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
-    left join pg_namespace b on a.relnamespace=b.oid 
-    where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
-
-    if (!arr.length) {
-        return reply.status(400).send('empty schema: data');
-    }
-
-    const table = arr.find(el => el === params.type);
-
-    // order priority - custom columns -> default for pages
-    const { ctid, ctname, dbtable, columns: contentColumns = [] } = await pg.query('select content_type_id as ctid, name as ctname, table_name as dbtable, columns from site.content_types where content_type_id in (select content_type_id from site.contents where content_id=$1) or content_type_id=$2 order by content_type_id = \'pages\'', [id, type]).then(el => el.rows?.[0] || {});
-
-
-    const loadTable = type === 'pages' ? await getTemplate('table', 'single.default.table') : {};
-    const columns = type === 'pages'
-        ? (loadTable?.columns || []).concat(contentColumns.filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
-        : contentColumns;
-
-    // const xss = checkXSS({ body });
-    const sql = checkSQL({ body });
-
-    if (/*xss.error ||*/ sql.error && false) {
-        logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
-            table,
-            ...params,
-            uid: user?.uid,
-            ...(/*xss.error ? xss : */sql),
-        });
-        return reply
-            .status(409)
-            .send(
-                `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
-            );
-    }
-
-    // site.content_data, includes singletone
-    if (((!table && !dbtable) || ['single', 'pages'].includes(type)) && ctid) {
-        const cid = await pg.query(
-            'select content_id from site.contents where content_type_id=$1 limit 1',
-            [ctid],
-        ).then(el => el.rows?.[0]?.content_id);
-
-        const ctid1 = body.content_type_id || ctid;
-
-        if (!cid) {
-            return reply.status(404).send('contents not found');
-        }
-
-        const contentId = cid === 'pages'
-            ? await pg.query('select content_id from site.content_data where object_id=$1', [id]).then(el => el.rows?.[0]?.content_id)
-            : cid;
-
-        if (!contentId) {
-            return reply.status(404).send('contents not found: 2');
-        }
-
-        const columnList = columns?.map?.(el => el.name) || [];
-        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
-        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
-
-
-        if (!Object.keys(body || {}).length) {
-            return reply.status(400).send('invalid payload');
-        }
-
-        const blocks = await pg.query(`select json_object_agg(field_key,field_value) from site.content_data where content_id=$1 and field_type='reference'`, [id])
-            .then(el => el.rows?.[0]?.json_object_agg || {});
-
-        const emptyBlock = Object.keys(body).find(key => blocks[key] && (!body[key] || typeof body[key] !== 'object' || Object.keys(body[key] || {}) === 0));
-
-        if (emptyBlock) {
-            return reply.status(400).send('access restricted: empty/invalid block ' + emptyBlock);
-        }
-
-        const client = await pg.connect();
-
-        try {
-            await client.query('begin');
-            const res = await dataUpdate({
-                pg: client,
-                table: 'site.contents',
-                id,
-                data: { ...body, content_type_id: ctid1 },
-                uid: user?.uid,
-            });
-            await client.query(`delete from site.content_data where content_id=$1`, [contentId]);
-            const objectId = (ctname === 'pages' || ['single', 'pages'].includes(type)) && id ? id : cid;
-            await client.query(`delete from site.content_data where object_id=$1`, [objectId]);
-            await Promise.all(keys.map(async key => dataInsert({
-                pg: client,
-                table: 'site.content_data',
-                data: {
-                    field_key: key,
-                    content_id: objectId,
-                    object_id: objectId,
-                    field_type: types[key] || 'text',
-                    field_value: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? undefined : body[key],
-                    field_value_object: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? body[key] : undefined,
-                },
-                uid: user?.uid,
-            })));
-
-            // if pages allow localization, update localization
-            const localeRes = await updateLocalization(client, id, body, type === 'pages' ? type : ctid1, user?.uid);
-
-            if (Object.hasOwn(body, 'tag_list')) {
-                await client.query('delete from site.tag_data where data_id=$1', [id]);
-                if (body.tag_list?.length) {
-                    await Promise.all(body.tag_list.map(async tag => dataInsert({
-                        pg: client,
-                        table: 'site.tag_data',
-                        data: {
-                            tag_id: tag,
-                            data_id: id,
-                        },
-                        uid: user?.uid,
-                    })));
-                    Object.assign(res, { tag_list: body.tag_list });
-                }
-            }
-
-            await client.query('commit');
-
-            return {
-                id, ...res || {}, ...(keys || []).reduce((acc, curr) => ({ ...acc, [curr]: body[curr] }), {}), ...(localeRes || {})
-            };
-        } catch (err) {
-            await client.query('rollback');
-            return reply.status(500).send(err.toString());
-        } finally {
-            client.release();
-        }
-    }
-
-    if (!table && !dbtable) {
-        return reply.status(400).send('invalid params: type');
-    }
-
-    const client = await pg.connect();
-
-    try {
-        await client.query('begin');
-
-        const result = await dataUpdate({
-            pg: client,
-            id,
-            table: 'data.' + `"${(table || dbtable)}"`,
-            data: body,
-            referer: headers?.referer,
-            uid: user?.uid,
-        }).catch(err => {
-            if (err.message?.includes?.('unique constraint')) {
-                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^"]+)/g)?.[1]);
-            }
-            throw err;
-        });
-
-        await updateLocalization(client, result?.id, body, ctid, user?.uid);
-
-        if (Object.hasOwn(body, 'tag_list')) {
-            await client.query('delete from site.tag_data where data_id=$1', [id]);
-            if (body.tag_list?.length) {
-                await Promise.all(body.tag_list.map(async tag => dataInsert({
-                    pg: client,
-                    table: 'site.tag_data',
-                    data: {
-                        tag_id: tag?.id,
-                        data_id: id,
-                    },
-                    uid: user?.uid,
-                })));
-                Object.assign(result, { tag_list: body.tag_list });
-            }
-        }
-
-        await client.query('commit');
-
-        if (!result?.id) {
-            return reply.status(404).send('content not found');
-        }
-
-        return reply.status(200).send(result);
-    } catch (err) {
-        await client.query('rollback');
-        return reply.status(500).send(err.toString());
-    } finally {
-        client.release();
-    }
+import { config, pgClients, dataUpdate, dataInsert, getTemplate, checkSQL, logger } from '@opengis/fastify-table/utils.js';
+
+import { existsSync, readFileSync } from 'node:fs';
+
+const inputTypes = existsSync('input-types.json') ? JSON.parse(readFileSync('input-types.json') || '{}') : {};
+
+import updateLocalization from '../utils/updateLocalization.js';
+
+const defaultColumns = [
+    'content_id',
+    'space_id',
+    'content_type_id',
+    'created_at',
+    'updated_at',
+    'published_at',
+    'revision',
+    'locale',
+    'status',
+    'slug',
+    'title',
+    'created_by',
+    'published_by',
+    'updated_by',
+    'meta',
+];
+
+export default async function updateContent(req, reply) {
+    const {
+        pg = pgClients.client,
+        params = {},
+        user = {},
+        body = {},
+        headers = {},
+    } = req;
+
+    const { type, id } = params;
+
+    if (!type) {
+        return reply.status(400).send('not enough params: type');
+    }
+
+    if (!id) {
+        return reply.status(400).send('not enough params: id');
+    }
+
+    if (!Object.keys(body || {}).length) {
+        return reply.status(400).send('empty body');
+    }
+
+    const arr = config.pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
+    left join pg_namespace b on a.relnamespace=b.oid 
+    where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
+
+    if (!arr.length) {
+        return reply.status(400).send('empty schema: data');
+    }
+
+    const table = arr.find(el => el === params.type);
+
+    // order priority - custom columns -> default for pages
+    const { ctid, ctname, dbtable, columns: contentColumns = [] } = await pg.query('select content_type_id as ctid, name as ctname, table_name as dbtable, columns from site.content_types where content_type_id in (select content_type_id from site.contents where content_id=$1) or content_type_id=$2 order by content_type_id = \'pages\'', [id, type]).then(el => el.rows?.[0] || {});
+
+
+    const loadTable = type === 'pages' ? await getTemplate('table', 'single.default.table') : {};
+    const columns = type === 'pages'
+        ? (loadTable?.columns || []).concat(contentColumns.filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
+        : contentColumns;
+
+    // const xss = checkXSS({ body });
+    const sql = checkSQL({ body });
+
+    if (/*xss.error ||*/ sql.error && false) {
+        logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
+            table,
+            ...params,
+            uid: user?.uid,
+            ...(/*xss.error ? xss : */sql),
+        });
+        return reply
+            .status(409)
+            .send(
+                `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
+            );
+    }
+
+    // site.content_data, includes singletone
+    if (((!table && !dbtable) || ['single', 'pages'].includes(type)) && ctid) {
+        const cid = await pg.query(
+            'select content_id from site.contents where content_type_id=$1 limit 1',
+            [ctid],
+        ).then(el => el.rows?.[0]?.content_id);
+
+        const ctid1 = body.content_type_id || ctid;
+
+        if (!cid) {
+            return reply.status(404).send('contents not found');
+        }
+
+        const contentId = cid === 'pages'
+            ? await pg.query('select content_id from site.content_data where object_id=$1', [id]).then(el => el.rows?.[0]?.content_id)
+            : cid;
+
+        if (!contentId) {
+            return reply.status(404).send('contents not found: 2');
+        }
+
+        const columnList = columns?.map?.(el => el.name) || [];
+        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
+        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
+
+
+        if (!Object.keys(body || {}).length) {
+            return reply.status(400).send('invalid payload');
+        }
+
+        const blocks = await pg.query(`select json_object_agg(field_key,field_value) from site.content_data where content_id=$1 and field_type='reference'`, [id])
+            .then(el => el.rows?.[0]?.json_object_agg || {});
+
+        const emptyBlock = Object.keys(body).find(key => blocks[key] && (!body[key] || typeof body[key] !== 'object' || Object.keys(body[key] || {}) === 0));
+
+        if (emptyBlock) {
+            return reply.status(400).send('access restricted: empty/invalid block ' + emptyBlock);
+        }
+
+        const client = await pg.connect();
+
+        try {
+            await client.query('begin');
+            const res = await dataUpdate({
+                pg: client,
+                table: 'site.contents',
+                id,
+                data: { ...body, content_type_id: ctid1 },
+                uid: user?.uid,
+            });
+            await client.query(`delete from site.content_data where content_id=$1`, [contentId]);
+            const objectId = (ctname === 'pages' || ['single', 'pages'].includes(type)) && id ? id : cid;
+            await client.query(`delete from site.content_data where object_id=$1`, [objectId]);
+            await Promise.all(keys.map(async key => dataInsert({
+                pg: client,
+                table: 'site.content_data',
+                data: {
+                    field_key: key,
+                    content_id: objectId,
+                    object_id: objectId,
+                    field_type: types[key] || 'text',
+                    field_value: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? undefined : body[key],
+                    field_value_object: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? body[key] : undefined,
+                },
+                uid: user?.uid,
+            })));
+
+            // if pages allow localization, update localization
+            const localeRes = await updateLocalization(client, id, body, type === 'pages' ? type : ctid1, user?.uid);
+
+            if (Object.hasOwn(body, 'tag_list')) {
+                await client.query('delete from site.tag_data where data_id=$1', [id]);
+                if (body.tag_list?.length) {
+                    await Promise.all(body.tag_list.map(async tag => dataInsert({
+                        pg: client,
+                        table: 'site.tag_data',
+                        data: {
+                            tag_id: tag,
+                            data_id: id,
+                        },
+                        uid: user?.uid,
+                    })));
+                    Object.assign(res, { tag_list: body.tag_list });
+                }
+            }
+
+            await client.query('commit');
+
+            return {
+                id, ...res || {}, ...(keys || []).reduce((acc, curr) => ({ ...acc, [curr]: body[curr] }), {}), ...(localeRes || {})
+            };
+        } catch (err) {
+            await client.query('rollback');
+            return reply.status(500).send(err.toString());
+        } finally {
+            client.release();
+        }
+    }
+
+    if (!table && !dbtable) {
+        return reply.status(400).send('invalid params: type');
+    }
+
+    const client = await pg.connect();
+
+    try {
+        await client.query('begin');
+
+        const result = await dataUpdate({
+            pg: client,
+            id,
+            table: 'data.' + `"${(table || dbtable)}"`,
+            data: body,
+            referer: headers?.referer,
+            uid: user?.uid,
+        }).catch(err => {
+            if (err.message?.includes?.('unique constraint')) {
+                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^"]+)/g)?.[1]);
+            }
+            throw err;
+        });
+
+        await updateLocalization(client, result?.id, body, ctid, user?.uid);
+
+        if (Object.hasOwn(body, 'tag_list')) {
+            await client.query('delete from site.tag_data where data_id=$1', [id]);
+            if (body.tag_list?.length) {
+                await Promise.all(body.tag_list.map(async tag => dataInsert({
+                    pg: client,
+                    table: 'site.tag_data',
+                    data: {
+                        tag_id: tag?.id,
+                        data_id: id,
+                    },
+                    uid: user?.uid,
+                })));
+                Object.assign(result, { tag_list: body.tag_list });
+            }
+        }
+
+        await client.query('commit');
+
+        if (!result?.id) {
+            return reply.status(404).send('content not found');
+        }
+
+        return reply.status(200).send(result);
+    } catch (err) {
+        await client.query('rollback');
+        return reply.status(500).send(err.toString());
+    } finally {
+        client.release();
+    }
 }