@opengis/cms 0.0.43 → 0.0.44

package/server/routes/cms/controllers/insertContent.js

@@ -1,218 +1,218 @@
-import { config, checkSQL, getTemplate, pgClients, dataInsert, logger } from '@opengis/fastify-table/utils.js';
-
-import inputTypes from '../utils/inputTypes.js';
-
-import updateLocalization from '../utils/updateLocalization.js';
-
-const defaultColumns = [
-    'content_id',
-    'space_id',
-    'content_type_id',
-    'created_at',
-    'updated_at',
-    'published_at',
-    'revision',
-    'locale',
-    'status',
-    'slug',
-    'title',
-    'created_by',
-    'published_by',
-    'updated_by',
-    'meta',
-];
-
-export default async function insertContent(req, reply) {
-    const {
-        pg = pgClients.client,
-        params = {},
-        user = {},
-        body = {},
-        headers = {},
-    } = req;
-
-    const { type, id = body?.id } = params;
-
-    if (!type) {
-        return reply.status(400).send('not enough params: type');
-    }
-
-    const arr = config.pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
-    left join pg_namespace b on a.relnamespace=b.oid 
-    where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
-
-    const { content_id: contentId, type: contentType } = await pg.query(
-        'select content_id, (select type from site.content_types where content_type_id=t.content_type_id) from site.contents t where slug=$1',
-        [['single', 'pages'].includes(type) ? id : type],
-    ).then(el => el.rows?.[0] || {});
-
-    const ctypeId = contentId && contentId !== 'pages' && contentType === 'single' ? await pg.query(
-        'select content_type_id from site.contents where content_id=$1',
-        [contentId],
-    ).then(el => el.rows?.[0]?.content_type_id) : null;
-
-    if (!arr.length && (ctypeId || type) !== 'pages') {
-        return reply.status(400).send('empty schema: data');
-    }
-
-    const table = arr.find(el => el === params.type);
-
-    const { ctid, dbtable, columns: contentColumns } = await pg.query(
-        'select content_type_id as ctid, table_name as dbtable, columns from site.content_types where $1 in (content_type_id, name)',
-        [type === 'single' && id ? id : (ctypeId || type)],
-    ).then(el => el.rows?.[0] || {});
-
-    const loadTable = (ctypeId || type) === 'pages' ? await getTemplate('table', 'single.default.table') : {};
-
-    const columns = (ctypeId || type) === 'pages'
-        ? (loadTable?.columns || []).concat(contentColumns.filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
-        : contentColumns;
-
-    // site.content_data, includes singletone
-    if (((!table && !dbtable) || (ctypeId || type) === 'pages')) {
-        const cid = await pg.query(
-            'select content_id from site.contents where content_type_id=$1 limit 1',
-            [ctid || 'pages'],
-        ).then(el => el.rows?.[0]?.content_id);
-
-        const ctid1 = body.content_type_id || ctid || 'pages';
-
-        if (!cid) {
-            return reply.status(404).send('contents not found');
-        }
-
-        const columnList = columns?.map?.(el => el.name) || [];
-        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
-        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
-
-        if (!Object.keys(body || {}).length) {
-            return reply.status(400).send('invalid payload');
-        }
-
-        // const xss = checkXSS({ body });
-        const sql = checkSQL({ body });
-
-        if (/*xss.error ||*/ sql.error && false) {
-            logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
-                table,
-                ...params,
-                uid: user?.uid,
-                ...(/*xss.error ? xss : */sql),
-            });
-            return reply
-                .status(409)
-                .send(
-                    `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
-                );
-        }
-
-        const client = await pg.connect();
-
-        try {
-            await client.query('begin');
-            const res = await dataInsert({
-                pg: client,
-                table: 'site.contents',
-                id,
-                data: { ...body, content_type_id: ctid1 },
-                uid: user?.uid,
-            }).then(el => el.rows?.[0] || {});
-
-            if (!res?.content_id) throw new Error('insert contents error');
-
-            await Promise.all(keys.map(async key => dataInsert({
-                pg: client,
-                table: 'site.content_data',
-                data: {
-                    field_key: key,
-                    content_id: res.content_id,
-                    object_id: res.content_id,
-                    field_type: types[key] || 'text',
-                    field_value: inputTypes[types[key] || ''] === 'json' ? undefined : body[key],
-                    field_value_object: inputTypes[types[key] || ''] === 'json' ? body[key] : undefined,
-                },
-                uid: user?.uid,
-            })));
-
-            await updateLocalization(client, res.content_id, body, ctid1, user?.uid);
-
-            if (body?.tag_list?.length) {
-                await Promise.all(body.tag_list.map(async tag => dataInsert({
-                    pg: client,
-                    table: 'site.tag_data',
-                    data: {
-                        tag_id: tag,
-                        data_id: id,
-                    },
-                    uid: user?.uid,
-                })));
-            }
-
-            await client.query('commit');
-
-            return {
-                id: res.content_id, rows: [res].filter(Boolean)
-            };
-        } catch (err) {
-            await client.query('rollback');
-            return reply.status(500).send(err.toString());
-        } finally {
-            client.release();
-        }
-    }
-
-    // custom table
-    if (!table && !dbtable) {
-        return reply.status(400).send('invalid params: type');
-    }
-
-    const client = await pg.connect();
-
-    try {
-        await client.query('begin');
-
-        // const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: inputTypes[curr.type] || 'text' }), {}) || {};
-        const { rows = [] } = await dataInsert({
-            pg: client,
-            id,
-            table: 'data.' + `"${(table || dbtable)}"`,
-            data: body,
-            referer: headers?.referer,
-            uid: user?.uid,
-        }).catch(err => {
-            if (err.message?.includes?.('unique constraint')) {
-                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^']+)/g)?.[1]);
-            }
-            throw err;
-        }) || {};
-
-        const idRes = rows?.[0]?.id;
-
-        if (!idRes) {
-            throw new Error('content insert error');
-        }
-
-        await updateLocalization(client, idRes, body, ctid, user?.uid);
-
-        if (body?.tag_list?.length) {
-            await Promise.all(body.tag_list.map(async tag => dataInsert({
-                pg: client,
-                table: 'site.tag_data',
-                data: {
-                    tag_id: tag,
-                    data_id: id || idRes,
-                },
-                uid: user?.uid,
-            })));
-        }
-
-        await client.query('commit');
-
-        return reply.status(200).send({ id: idRes, rows });
-    } catch (err) {
-        await client.query('rollback');
-        return reply.status(500).send(err.toString());
-    } finally {
-        client.release();
-    }
+import { config, checkSQL, getTemplate, pgClients, dataInsert, logger } from '@opengis/fastify-table/utils.js';
+
+import inputTypes from '../utils/inputTypes.js';
+
+import updateLocalization from '../utils/updateLocalization.js';
+
+const defaultColumns = [
+    'content_id',
+    'space_id',
+    'content_type_id',
+    'created_at',
+    'updated_at',
+    'published_at',
+    'revision',
+    'locale',
+    'status',
+    'slug',
+    'title',
+    'created_by',
+    'published_by',
+    'updated_by',
+    'meta',
+];
+
+export default async function insertContent(req, reply) {
+    const {
+        pg = pgClients.client,
+        params = {},
+        user = {},
+        body = {},
+        headers = {},
+    } = req;
+
+    const { type, id = body?.id } = params;
+
+    if (!type) {
+        return reply.status(400).send('not enough params: type');
+    }
+
+    const arr = config.pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
+    left join pg_namespace b on a.relnamespace=b.oid 
+    where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
+
+    const { content_id: contentId, type: contentType } = await pg.query(
+        'select content_id, (select type from site.content_types where content_type_id=t.content_type_id) from site.contents t where slug=$1',
+        [['single', 'pages'].includes(type) ? id : type],
+    ).then(el => el.rows?.[0] || {});
+
+    const ctypeId = contentId && contentId !== 'pages' && contentType === 'single' ? await pg.query(
+        'select content_type_id from site.contents where content_id=$1',
+        [contentId],
+    ).then(el => el.rows?.[0]?.content_type_id) : null;
+
+    if (!arr.length && (ctypeId || type) !== 'pages') {
+        return reply.status(400).send('empty schema: data');
+    }
+
+    const table = arr.find(el => el === params.type);
+
+    const { ctid, dbtable, columns: contentColumns } = await pg.query(
+        'select content_type_id as ctid, table_name as dbtable, columns from site.content_types where $1 in (content_type_id, name)',
+        [type === 'single' && id ? id : (ctypeId || type)],
+    ).then(el => el.rows?.[0] || {});
+
+    const loadTable = (ctypeId || type) === 'pages' ? await getTemplate('table', 'single.default.table') : {};
+
+    const columns = (ctypeId || type) === 'pages'
+        ? (loadTable?.columns || []).concat(contentColumns.filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
+        : contentColumns;
+
+    // site.content_data, includes singletone
+    if (((!table && !dbtable) || (ctypeId || type) === 'pages')) {
+        const cid = await pg.query(
+            'select content_id from site.contents where content_type_id=$1 limit 1',
+            [ctid || 'pages'],
+        ).then(el => el.rows?.[0]?.content_id);
+
+        const ctid1 = body.content_type_id || ctid || 'pages';
+
+        if (!cid) {
+            return reply.status(404).send('contents not found');
+        }
+
+        const columnList = columns?.map?.(el => el.name) || [];
+        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
+        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
+
+        if (!Object.keys(body || {}).length) {
+            return reply.status(400).send('invalid payload');
+        }
+
+        // const xss = checkXSS({ body });
+        const sql = checkSQL({ body });
+
+        if (/*xss.error ||*/ sql.error && false) {
+            logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
+                table,
+                ...params,
+                uid: user?.uid,
+                ...(/*xss.error ? xss : */sql),
+            });
+            return reply
+                .status(409)
+                .send(
+                    `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
+                );
+        }
+
+        const client = await pg.connect();
+
+        try {
+            await client.query('begin');
+            const res = await dataInsert({
+                pg: client,
+                table: 'site.contents',
+                id,
+                data: { ...body, content_type_id: ctid1 },
+                uid: user?.uid,
+            }).then(el => el.rows?.[0] || {});
+
+            if (!res?.content_id) throw new Error('insert contents error');
+
+            await Promise.all(keys.map(async key => dataInsert({
+                pg: client,
+                table: 'site.content_data',
+                data: {
+                    field_key: key,
+                    content_id: res.content_id,
+                    object_id: res.content_id,
+                    field_type: types[key] || 'text',
+                    field_value: inputTypes[types[key] || ''] === 'json' ? undefined : body[key],
+                    field_value_object: inputTypes[types[key] || ''] === 'json' ? body[key] : undefined,
+                },
+                uid: user?.uid,
+            })));
+
+            await updateLocalization(client, res.content_id, body, ctid1, user?.uid);
+
+            if (body?.tag_list?.length) {
+                await Promise.all(body.tag_list.map(async tag => dataInsert({
+                    pg: client,
+                    table: 'site.tag_data',
+                    data: {
+                        tag_id: tag,
+                        data_id: id,
+                    },
+                    uid: user?.uid,
+                })));
+            }
+
+            await client.query('commit');
+
+            return {
+                id: res.content_id, rows: [res].filter(Boolean)
+            };
+        } catch (err) {
+            await client.query('rollback');
+            return reply.status(500).send(err.toString());
+        } finally {
+            client.release();
+        }
+    }
+
+    // custom table
+    if (!table && !dbtable) {
+        return reply.status(400).send('invalid params: type');
+    }
+
+    const client = await pg.connect();
+
+    try {
+        await client.query('begin');
+
+        // const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: inputTypes[curr.type] || 'text' }), {}) || {};
+        const { rows = [] } = await dataInsert({
+            pg: client,
+            id,
+            table: 'data.' + `"${(table || dbtable)}"`,
+            data: body,
+            referer: headers?.referer,
+            uid: user?.uid,
+        }).catch(err => {
+            if (err.message?.includes?.('unique constraint')) {
+                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^']+)/g)?.[1]);
+            }
+            throw err;
+        }) || {};
+
+        const idRes = rows?.[0]?.id;
+
+        if (!idRes) {
+            throw new Error('content insert error');
+        }
+
+        await updateLocalization(client, idRes, body, ctid, user?.uid);
+
+        if (body?.tag_list?.length) {
+            await Promise.all(body.tag_list.map(async tag => dataInsert({
+                pg: client,
+                table: 'site.tag_data',
+                data: {
+                    tag_id: tag,
+                    data_id: id || idRes,
+                },
+                uid: user?.uid,
+            })));
+        }
+
+        await client.query('commit');
+
+        return reply.status(200).send({ id: idRes, rows });
+    } catch (err) {
+        await client.query('rollback');
+        return reply.status(500).send(err.toString());
+    } finally {
+        client.release();
+    }
 }

package/server/routes/cms/controllers/listMedia.js

@@ -1,95 +1,95 @@
-import path from 'node:path';
-import { existsSync, mkdirSync } from 'node:fs';
-import { readdir, stat } from 'node:fs/promises';
-
-import { config, getFolder, pgClients, getMimeType } from '@opengis/fastify-table/utils.js';
-import { createHash } from 'node:crypto';
-
-// path.resolve() converts POSIX paths from getFolder to valid Windows paths (Bun/Node fs require this on Windows)
-const rootDir = path.resolve(getFolder(config, 'local'));
-const dir = '/files';
-
-mkdirSync(path.join(rootDir, dir), { recursive: true });
-
-export default async function listMedia(req, reply) {
-    const { pg = pgClients.client, query = {} } = req;
-    const { subdir: subdir1 = '', search } = query;
-
-    if (!pg.pk?.['site.media']) {
-        return reply.status(404).send('table not found');
-    }
-
-    if (typeof subdir1 !== 'string' || subdir1.includes('..')) {
-        return reply.status(403).send('invalid params: subdir');
-    }
-
-    const subdir = subdir1.replace(/\/{2,}/g, '/');
-    const relpath = path.join(dir, subdir1).replace(/\\/g, '/');
-    const dirpath = path.join(rootDir, relpath).replace(/\\/g, '/');
-
-    if (!existsSync(dirpath)) {
-        return { data: [], relpath, msg: 'directory not exists' };
-    }
-
-    const isDirectory = (await stat(dirpath)).isDirectory();
-
-    const allItems = isDirectory ? await readdir(dirpath, { withFileTypes: true, recursive: true }) : [];
-    const items = isDirectory ? await readdir(dirpath, { withFileTypes: true }) : [];
-
-    const rows = await pg.query(
-        `select 
-            media_id as id, filename, filetype, filesize, url, description, alt,
-            mime, preview_url, created_at, updated_at, created_by, updated_by
-        from site.media
-        where ${subdir ? 'subdir = $1' : (search ? '1=1' : 'subdir is null')} ${search ? `and filename ilike '%${search.replace(/'/g, "''")}%'` : ''}`,
-        [subdir].filter(Boolean),
-    ).then(el => el.rows || []); // ?.filter(row => items.map(el => el.name).includes(row.filename))
-
-    const subdirs = items
-        .filter(el => el.isDirectory())
-        .map(el => ({ type: 'dir', name: el.name }))
-        .filter(el => search ? el.name.includes(search) : true);
-
-    if (subdirs.length) {
-        await Promise.all(subdirs.map(async (item) => {
-            const items = isDirectory ? await readdir(path.join(dirpath, item.name)) : [];
-            Object.assign(item, { count: items.length });
-        }));
-    }
-
-    const result = { relpath };
-
-    if (config.debug) {
-        Object.assign(result, { rootDir });
-    }
-
-    const files = (search ? allItems.filter(el => el.name.includes(search)) : items)
-        .filter(el => el.isFile())
-        .map(el => {
-            const media = rows.find(row => row.filename === el.name);
-            const filepath = media ? media.url : ('/files/' + (el.path.split('/files/')[1] ? el.path.split('/files/')[1] + '/' : '') + el.name);
-            return media ? {
-                type: 'file',
-                ...media,
-                url: `${req.routeOptions.url}/${media.id}/file`,
-                preview: `${req.routeOptions.url}/${media.id}/preview`,
-                filepath,
-                metadata: `${req.routeOptions.url}/${media.id}`,
-            } : {
-                id: createHash('md5').update(filepath).digest('hex'),
-                hash: true,
-                type: 'file',
-                filename: el.name,
-                filepath,
-                filetype: getMimeType(el.name)?.startsWith('image/') ? "image" : "other",
-                filesize: 0,
-                url: filepath,
-                mime: getMimeType(el.name),
-                preview: filepath,
-            }
-        });
-
-    Object.assign(result, { data: subdirs.concat(files) });
-    return result;
-
+import path from 'node:path';
+import { existsSync, mkdirSync } from 'node:fs';
+import { readdir, stat } from 'node:fs/promises';
+
+import { config, getFolder, pgClients, getMimeType } from '@opengis/fastify-table/utils.js';
+import { createHash } from 'node:crypto';
+
+// path.resolve() converts POSIX paths from getFolder to valid Windows paths (Bun/Node fs require this on Windows)
+const rootDir = path.resolve(getFolder(config, 'local'));
+const dir = '/files';
+
+mkdirSync(path.join(rootDir, dir), { recursive: true });
+
+export default async function listMedia(req, reply) {
+    const { pg = pgClients.client, query = {} } = req;
+    const { subdir: subdir1 = '', search } = query;
+
+    if (!pg.pk?.['site.media']) {
+        return reply.status(404).send('table not found');
+    }
+
+    if (typeof subdir1 !== 'string' || subdir1.includes('..')) {
+        return reply.status(403).send('invalid params: subdir');
+    }
+
+    const subdir = subdir1.replace(/\/{2,}/g, '/');
+    const relpath = path.join(dir, subdir1).replace(/\\/g, '/');
+    const dirpath = path.join(rootDir, relpath).replace(/\\/g, '/');
+
+    if (!existsSync(dirpath)) {
+        return { data: [], relpath, msg: 'directory not exists' };
+    }
+
+    const isDirectory = (await stat(dirpath)).isDirectory();
+
+    const allItems = isDirectory ? await readdir(dirpath, { withFileTypes: true, recursive: true }) : [];
+    const items = isDirectory ? await readdir(dirpath, { withFileTypes: true }) : [];
+
+    const rows = await pg.query(
+        `select 
+            media_id as id, filename, filetype, filesize, url, description, alt,
+            mime, preview_url, created_at, updated_at, created_by, updated_by
+        from site.media
+        where ${subdir ? 'subdir = $1' : (search ? '1=1' : 'subdir is null')} ${search ? `and filename ilike '%${search.replace(/'/g, "''")}%'` : ''}`,
+        [subdir].filter(Boolean),
+    ).then(el => el.rows || []); // ?.filter(row => items.map(el => el.name).includes(row.filename))
+
+    const subdirs = items
+        .filter(el => el.isDirectory())
+        .map(el => ({ type: 'dir', name: el.name }))
+        .filter(el => search ? el.name.includes(search) : true);
+
+    if (subdirs.length) {
+        await Promise.all(subdirs.map(async (item) => {
+            const items = isDirectory ? await readdir(path.join(dirpath, item.name)) : [];
+            Object.assign(item, { count: items.length });
+        }));
+    }
+
+    const result = { relpath };
+
+    if (config.debug) {
+        Object.assign(result, { rootDir });
+    }
+
+    const files = (search ? allItems.filter(el => el.name.includes(search)) : items)
+        .filter(el => el.isFile())
+        .map(el => {
+            const media = rows.find(row => row.filename === el.name);
+            const filepath = media ? media.url : ('/files/' + (el.path.split('/files/')[1] ? el.path.split('/files/')[1] + '/' : '') + el.name);
+            return media ? {
+                type: 'file',
+                ...media,
+                url: `${req.routeOptions.url}/${media.id}/file`,
+                preview: `${req.routeOptions.url}/${media.id}/preview`,
+                filepath,
+                metadata: `${req.routeOptions.url}/${media.id}`,
+            } : {
+                id: createHash('md5').update(filepath).digest('hex'),
+                hash: true,
+                type: 'file',
+                filename: el.name,
+                filepath,
+                filetype: getMimeType(el.name)?.startsWith('image/') ? "image" : "other",
+                filesize: 0,
+                url: filepath,
+                mime: getMimeType(el.name),
+                preview: filepath,
+            }
+        });
+
+    Object.assign(result, { data: subdirs.concat(files) });
+    return result;
+
 }