@opengis/cms 0.0.61 → 0.0.62

package/server/routes/cms/controllers/insertContent.js

@@ -1,227 +1,227 @@
-import { config, checkSQL, getTemplate, pgClients, dataInsert, logger } from '@opengis/fastify-table/utils.js';
-
-import inputTypes from '../utils/inputTypes.js';
-
-import updateLocalization from '../utils/updateLocalization.js';
-
-const defaultColumns = [
-    'content_id',
-    'space_id',
-    'content_type_id',
-    'created_at',
-    'updated_at',
-    'published_at',
-    'revision',
-    'locale',
-    'status',
-    'slug',
-    'title',
-    'created_by',
-    'published_by',
-    'updated_by',
-    'meta',
-];
-
-export default async function insertContent(req, reply) {
-    const {
-        pg = pgClients.client,
-        params = {},
-        user = {},
-        body = {},
-        headers = {},
-    } = req;
-
-    const { type, id = body?.id } = params;
-
-    if (!type) {
-        return reply.status(400).send({ error: 'not enough params: type', code: 400 });
-    }
-
-    const arr = config.pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
-    left join pg_namespace b on a.relnamespace=b.oid 
-    where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
-
-    const { content_id: contentId, type: contentType } = await pg.query(
-        'select content_id, (select type from site.content_types where content_type_id=t.content_type_id) from site.contents t where slug=$1',
-        [['single', 'pages'].includes(type) ? id : type],
-    ).then(el => el.rows?.[0] || {});
-
-    const ctypeId = contentId && contentId !== 'pages' && contentType === 'single' ? await pg.query(
-        'select content_type_id from site.contents where content_id=$1',
-        [contentId],
-    ).then(el => el.rows?.[0]?.content_type_id) : null;
-
-    if (!arr.length && (ctypeId || type) !== 'pages') {
-        return reply.status(400).send({ error: 'empty schema: data', code: 400 });
-    }
-
-    const table = arr.find(el => el === params.type);
-
-    const { ctid, dbtable, columns: contentColumns } = await pg.query(
-        'select content_type_id as ctid, table_name as dbtable, columns from site.content_types where $1 in (content_type_id, name)',
-        [type === 'single' && id ? id : (ctypeId || type)],
-    ).then(el => el.rows?.[0] || {});
-
-    const loadTable = (ctypeId || type) === 'pages' ? await getTemplate('table', 'single.default.table') : {};
-
-    const columns = (ctypeId || type) === 'pages'
-        ? (loadTable?.columns || []).concat((contentColumns || []).filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
-        : contentColumns;
-
-    // site.content_data, includes singletone
-    if (((!table && !dbtable) || (ctypeId || type) === 'pages')) {
-        const cid = await pg.query(
-            'select content_id from site.contents where content_type_id=$1 limit 1',
-            [ctid || 'pages'],
-        ).then(el => el.rows?.[0]?.content_id);
-
-        const ctid1 = body.content_type_id || ctid || 'pages';
-
-        if (!cid) {
-            return reply.status(404).send({ error: 'contents not found', code: 404 });
-        }
-
-        const columnList = columns?.map?.(el => el.name) || [];
-        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
-        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
-
-        if (!Object.keys(body || {}).length) {
-            return reply.status(400).send('invalid payload');
-        }
-
-        // const xss = checkXSS({ body });
-        const sql = checkSQL({ body });
-
-        if (/*xss.error ||*/ sql.error && false) {
-            logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
-                table,
-                ...params,
-                uid: user?.uid,
-                ...(/*xss.error ? xss : */sql),
-            });
-            return reply
-                .status(409)
-                .send(
-                    `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
-                );
-        }
-
-        const id1 = id || await pg.query('select next_id()').then(el => el.rows[0].next_id);
-
-        const client = await pg.connect();
-
-        try {
-            await client.query('begin');
-            await dataInsert({
-                pg: client,
-                table: 'site.content_types',
-                id: id1,
-                data: { ...body, type: 'single', name: body.slug },
-                uid: user?.uid,
-            });
-            const res = await dataInsert({
-                pg: client,
-                table: 'site.contents',
-                id: id1,
-                data: { ...body, content_type_id: id1 },
-                uid: user?.uid,
-            });
-
-            if (!res?.content_id) {
-                throw new Error('insert contents error');
-            }
-
-            await Promise.all(keys.map(async key => dataInsert({
-                pg: client,
-                table: 'site.content_data',
-                data: {
-                    field_key: key,
-                    content_id: res.content_id,
-                    object_id: res.content_id,
-                    field_type: types[key] || 'text',
-                    field_value: inputTypes[types[key] || ''] === 'json' ? undefined : body[key],
-                    field_value_object: inputTypes[types[key] || ''] === 'json' ? body[key] : undefined,
-                },
-                uid: user?.uid,
-            })));
-
-            await updateLocalization(client, res.content_id, body, ctid1, user?.uid);
-
-            if (body?.tag_list?.length) {
-                await Promise.all(body.tag_list.map(async tag => dataInsert({
-                    pg: client,
-                    table: 'site.tag_data',
-                    data: {
-                        tag_id: tag,
-                        data_id: id,
-                    },
-                    uid: user?.uid,
-                })));
-            }
-
-            await client.query('commit');
-
-            return {
-                id: res.content_id, rows: [res].filter(Boolean)
-            };
-        } catch (err) {
-            await client.query('rollback');
-            return reply.status(500).send({ error: err.toString(), code: 500 });
-        } finally {
-            client.release();
-        }
-    }
-
-    // custom table
-    if (!table && !dbtable) {
-        return reply.status(400).send({ error: 'invalid params: type', code: 400 });
-    }
-
-    const client = await pg.connect();
-
-    try {
-        await client.query('begin');
-
-        // const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: inputTypes[curr.type] || 'text' }), {}) || {};
-        const row = await dataInsert({
-            pg: client,
-            id,
-            table: 'data.' + `"${(table || dbtable)}"`,
-            data: body,
-            referer: headers?.referer,
-            uid: user?.uid,
-        }).catch(err => {
-            if (err.message?.includes?.('unique constraint')) {
-                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^']+)/g)?.[1] || err.message.split('unique constraint')[1]);
-            }
-            throw err;
-        });
-
-        if (!row?.id) {
-            throw new Error('content insert error');
-        }
-
-        await updateLocalization(client, row.id, body, ctid, user?.uid);
-
-        if (body?.tag_list?.length) {
-            await Promise.all(body.tag_list.map(async tag => dataInsert({
-                pg: client,
-                table: 'site.tag_data',
-                data: {
-                    tag_id: tag,
-                    data_id: id || row.id,
-                },
-                uid: user?.uid,
-            })));
-        }
-
-        await client.query('commit');
-
-        return reply.status(200).send({ id: row.id, rows: [row] });
-    } catch (err) {
-        await client.query('rollback');
-        return reply.status(500).send({ error: err.toString(), code: 500 });
-    } finally {
-        client.release();
-    }
+import { config, checkSQL, getTemplate, pgClients, dataInsert, logger } from '@opengis/fastify-table/utils.js';
+
+import inputTypes from '../utils/inputTypes.js';
+
+import updateLocalization from '../utils/updateLocalization.js';
+
+const defaultColumns = [
+    'content_id',
+    'space_id',
+    'content_type_id',
+    'created_at',
+    'updated_at',
+    'published_at',
+    'revision',
+    'locale',
+    'status',
+    'slug',
+    'title',
+    'created_by',
+    'published_by',
+    'updated_by',
+    'meta',
+];
+
+export default async function insertContent(req, reply) {
+    const {
+        pg = pgClients.client,
+        params = {},
+        user = {},
+        body = {},
+        headers = {},
+    } = req;
+
+    const { type, id = body?.id } = params;
+
+    if (!type) {
+        return reply.status(400).send({ error: 'not enough params: type', code: 400 });
+    }
+
+    const arr = config.pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
+    left join pg_namespace b on a.relnamespace=b.oid 
+    where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
+
+    const { content_id: contentId, type: contentType } = await pg.query(
+        'select content_id, (select type from site.content_types where content_type_id=t.content_type_id) from site.contents t where slug=$1',
+        [['single', 'pages'].includes(type) ? id : type],
+    ).then(el => el.rows?.[0] || {});
+
+    const ctypeId = contentId && contentId !== 'pages' && contentType === 'single' ? await pg.query(
+        'select content_type_id from site.contents where content_id=$1',
+        [contentId],
+    ).then(el => el.rows?.[0]?.content_type_id) : null;
+
+    if (!arr.length && (ctypeId || type) !== 'pages') {
+        return reply.status(400).send({ error: 'empty schema: data', code: 400 });
+    }
+
+    const table = arr.find(el => el === params.type);
+
+    const { ctid, dbtable, columns: contentColumns } = await pg.query(
+        'select content_type_id as ctid, table_name as dbtable, columns from site.content_types where $1 in (content_type_id, name)',
+        [type === 'single' && id ? id : (ctypeId || type)],
+    ).then(el => el.rows?.[0] || {});
+
+    const loadTable = (ctypeId || type) === 'pages' ? await getTemplate('table', 'single.default.table') : {};
+
+    const columns = (ctypeId || type) === 'pages'
+        ? (loadTable?.columns || []).concat((contentColumns || []).filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
+        : contentColumns;
+
+    // site.content_data, includes singletone
+    if (((!table && !dbtable) || (ctypeId || type) === 'pages')) {
+        const cid = await pg.query(
+            'select content_id from site.contents where content_type_id=$1 limit 1',
+            [ctid || 'pages'],
+        ).then(el => el.rows?.[0]?.content_id);
+
+        const ctid1 = body.content_type_id || ctid || 'pages';
+
+        if (!cid) {
+            return reply.status(404).send({ error: 'contents not found', code: 404 });
+        }
+
+        const columnList = columns?.map?.(el => el.name) || [];
+        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
+        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
+
+        if (!Object.keys(body || {}).length) {
+            return reply.status(400).send('invalid payload');
+        }
+
+        // const xss = checkXSS({ body });
+        const sql = checkSQL({ body });
+
+        if (/*xss.error ||*/ sql.error && false) {
+            logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
+                table,
+                ...params,
+                uid: user?.uid,
+                ...(/*xss.error ? xss : */sql),
+            });
+            return reply
+                .status(409)
+                .send(
+                    `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
+                );
+        }
+
+        const id1 = id || await pg.query('select next_id()').then(el => el.rows[0].next_id);
+
+        const client = await pg.connect();
+
+        try {
+            await client.query('begin');
+            await dataInsert({
+                pg: client,
+                table: 'site.content_types',
+                id: id1,
+                data: { ...body, type: 'single', name: body.slug },
+                uid: user?.uid,
+            });
+            const res = await dataInsert({
+                pg: client,
+                table: 'site.contents',
+                id: id1,
+                data: { ...body, content_type_id: id1 },
+                uid: user?.uid,
+            });
+
+            if (!res?.content_id) {
+                throw new Error('insert contents error');
+            }
+
+            await Promise.all(keys.map(async key => dataInsert({
+                pg: client,
+                table: 'site.content_data',
+                data: {
+                    field_key: key,
+                    content_id: res.content_id,
+                    object_id: res.content_id,
+                    field_type: types[key] || 'text',
+                    field_value: inputTypes[types[key] || ''] === 'json' ? undefined : body[key],
+                    field_value_object: inputTypes[types[key] || ''] === 'json' ? body[key] : undefined,
+                },
+                uid: user?.uid,
+            })));
+
+            await updateLocalization(client, res.content_id, body, ctid1, user?.uid);
+
+            if (body?.tag_list?.length) {
+                await Promise.all(body.tag_list.map(async tag => dataInsert({
+                    pg: client,
+                    table: 'site.tag_data',
+                    data: {
+                        tag_id: tag,
+                        data_id: id,
+                    },
+                    uid: user?.uid,
+                })));
+            }
+
+            await client.query('commit');
+
+            return {
+                id: res.content_id, rows: [res].filter(Boolean)
+            };
+        } catch (err) {
+            await client.query('rollback');
+            return reply.status(500).send({ error: err.toString(), code: 500 });
+        } finally {
+            client.release();
+        }
+    }
+
+    // custom table
+    if (!table && !dbtable) {
+        return reply.status(400).send({ error: 'invalid params: type', code: 400 });
+    }
+
+    const client = await pg.connect();
+
+    try {
+        await client.query('begin');
+
+        // const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: inputTypes[curr.type] || 'text' }), {}) || {};
+        const row = await dataInsert({
+            pg: client,
+            id,
+            table: 'data.' + `"${(table || dbtable)}"`,
+            data: body,
+            referer: headers?.referer,
+            uid: user?.uid,
+        }).catch(err => {
+            if (err.message?.includes?.('unique constraint')) {
+                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^']+)/g)?.[1] || err.message.split('unique constraint')[1]);
+            }
+            throw err;
+        });
+
+        if (!row?.id) {
+            throw new Error('content insert error');
+        }
+
+        await updateLocalization(client, row.id, body, ctid, user?.uid);
+
+        if (body?.tag_list?.length) {
+            await Promise.all(body.tag_list.map(async tag => dataInsert({
+                pg: client,
+                table: 'site.tag_data',
+                data: {
+                    tag_id: tag,
+                    data_id: id || row.id,
+                },
+                uid: user?.uid,
+            })));
+        }
+
+        await client.query('commit');
+
+        return reply.status(200).send({ id: row.id, rows: [row] });
+    } catch (err) {
+        await client.query('rollback');
+        return reply.status(500).send({ error: err.toString(), code: 500 });
+    } finally {
+        client.release();
+    }
 }