@opengis/cms 0.0.61 → 0.0.62

package/server/routes/cms/controllers/updateContent.js

@@ -1,232 +1,232 @@
-import { config, pgClients, dataUpdate, dataInsert, getTemplate, checkSQL, logger } from '@opengis/fastify-table/utils.js';
-
-import inputTypes from '../utils/inputTypes.js';
-
-import updateLocalization from '../utils/updateLocalization.js';
-
-const defaultColumns = [
-    'content_id',
-    'space_id',
-    'content_type_id',
-    'created_at',
-    'updated_at',
-    'published_at',
-    'revision',
-    'locale',
-    'status',
-    'slug',
-    'title',
-    'created_by',
-    'published_by',
-    'updated_by',
-    'meta',
-];
-
-export default async function updateContent(req, reply) {
-    const {
-        pg = pgClients.client,
-        params = {},
-        user = {},
-        body = {},
-        headers = {},
-    } = req;
-
-    const { type, id } = params;
-
-    if (!type) {
-        return reply.status(400).send({ error: 'not enough params: type', code: 400 });
-    }
-
-    if (!id) {
-        return reply.status(400).send({ error: 'not enough params: id', code: 400 });
-    }
-
-    if (!Object.keys(body || {}).length) {
-        return reply.status(400).send({ error: 'empty body', code: 400 });
-    }
-
-    // order priority - custom columns -> default for pages
-    const { ctid, ctname, dbtable, columns: contentColumns = [] } = await pg.query('select content_type_id as ctid, name as ctname, table_name as dbtable, columns from site.content_types where content_type_id in (select content_type_id from site.contents where content_id=$1) or content_type_id=$2 order by content_type_id = \'pages\'', [id, type]).then(el => el.rows?.[0] || {});
-
-    const arr = pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
-        left join pg_namespace b on a.relnamespace=b.oid 
-        where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
-
-    if (!arr.length && type !== 'pages') {
-        return reply.status(400).send({ error: 'empty schema: data', code: 400 });
-    }
-
-    const table = arr.find(el => el === params.type);
-
-    const loadTable = type === 'pages' ? await getTemplate('table', 'single.default.table') : {};
-    const columns = type === 'pages'
-        ? (loadTable?.columns || []).concat((contentColumns || []).filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
-        : contentColumns;
-
-    // const xss = checkXSS({ body });
-    const sql = checkSQL({ body });
-
-    if (/*xss.error ||*/ sql.error && false) {
-        logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
-            table,
-            ...params,
-            uid: user?.uid,
-            ...(/*xss.error ? xss : */sql),
-        });
-        return reply
-            .status(409)
-            .send(
-                `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
-            );
-    }
-
-    // site.content_data, includes singletone
-    if (((!table && !dbtable) || ['single', 'pages'].includes(type)) && ctid) {
-        const cid = await pg.query(
-            'select content_id from site.contents where content_type_id=$1 limit 1',
-            [ctid],
-        ).then(el => el.rows?.[0]?.content_id);
-
-        const ctid1 = body.content_type_id || ctid;
-
-        if (!cid) {
-            return reply.status(404).send({ error: 'contents not found', code: 404 });
-        }
-
-        const columnList = columns?.map?.(el => el.name) || [];
-        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
-        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
-
-
-        if (!Object.keys(body || {}).length) {
-            return reply.status(400).send({ error: 'invalid payload', code: 400 });
-        }
-
-        const blocks = await pg.query(`select json_object_agg(field_key,field_value) from site.content_data where content_id=$1 and field_type='reference'`, [id])
-            .then(el => el.rows?.[0]?.json_object_agg || {});
-
-        const emptyBlock = Object.keys(body).find(key => blocks[key] && (!body[key] || typeof body[key] !== 'object' || Object.keys(body[key] || {}) === 0));
-
-        if (emptyBlock) {
-            return reply.status(400).send({ error: 'access restricted: empty/invalid block ' + emptyBlock, code: 400 });
-        }
-
-        const client = await pg.connect();
-
-        try {
-            await client.query('begin');
-
-            const res = {};
-
-            const res1 = await dataUpdate({
-                pg: client,
-                table: 'site.contents',
-                id,
-                data: { ...body, content_type_id: ctid1 },
-                uid: user?.uid,
-            });
-            Object.assign(res, res1);
-
-            const objectId = (ctname === 'pages' || ['single', 'pages'].includes(type)) && id ? id : cid;
-            await client.query(`delete from site.content_data where object_id=$1`, [objectId]);
-            await Promise.all(keys.map(async key => dataInsert({
-                pg: client,
-                table: 'site.content_data',
-                data: {
-                    field_key: key,
-                    content_id: objectId,
-                    object_id: objectId,
-                    field_type: types[key] || 'text',
-                    field_value: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? undefined : body[key],
-                    field_value_object: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? body[key] : undefined,
-                },
-                uid: user?.uid,
-            })));
-
-            // if pages allow localization, update localization
-            const localeRes = await updateLocalization(client, id, body, type === 'pages' ? type : ctid1, user?.uid);
-
-            if (Object.hasOwn(body, 'tag_list')) {
-                await client.query('delete from site.tag_data where data_id=$1', [id]);
-                if (body.tag_list?.length) {
-                    await Promise.all(body.tag_list.map(async tag => dataInsert({
-                        pg: client,
-                        table: 'site.tag_data',
-                        data: {
-                            tag_id: tag,
-                            data_id: id,
-                        },
-                        uid: user?.uid,
-                    })));
-                    Object.assign(res, { tag_list: body.tag_list });
-                }
-            }
-
-            await client.query('commit');
-
-            return {
-                id, ...res || {}, ...(keys || []).reduce((acc, curr) => ({ ...acc, [curr]: body[curr] }), {}), ...(localeRes || {})
-            };
-        } catch (err) {
-            await client.query('rollback');
-            return reply.status(500).send({ error: err.toString(), code: 500 });
-        } finally {
-            client.release();
-        }
-    }
-
-    if (!table && !dbtable) {
-        return reply.status(400).send({ error: 'invalid params: type', code: 400 });
-    }
-
-    const client = await pg.connect();
-
-    try {
-        await client.query('begin');
-
-        const result = await dataUpdate({
-            pg: client,
-            id,
-            table: 'data.' + `"${(table || dbtable)}"`,
-            data: body,
-            referer: headers?.referer,
-            uid: user?.uid,
-        }).catch(err => {
-            if (err.message?.includes?.('unique constraint')) {
-                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^"]+)/g)?.[1]);
-            }
-            throw err;
-        });
-
-        await updateLocalization(client, result?.id, body, ctid, user?.uid);
-
-        if (Object.hasOwn(body, 'tag_list')) {
-            await client.query('delete from site.tag_data where data_id=$1', [id]);
-            if (body.tag_list?.length) {
-                await Promise.all(body.tag_list.map(async tag => dataInsert({
-                    pg: client,
-                    table: 'site.tag_data',
-                    data: {
-                        tag_id: tag?.id,
-                        data_id: id,
-                    },
-                    uid: user?.uid,
-                })));
-                Object.assign(result, { tag_list: body.tag_list });
-            }
-        }
-
-        await client.query('commit');
-
-        if (!result?.id) {
-            return reply.status(404).send({ error: 'content not found', code: 404 });
-        }
-
-        return reply.status(200).send(result);
-    } catch (err) {
-        await client.query('rollback');
-        return reply.status(500).send({ error: err.toString(), code: 500 });
-    } finally {
-        client.release();
-    }
+import { config, pgClients, dataUpdate, dataInsert, getTemplate, checkSQL, logger } from '@opengis/fastify-table/utils.js';
+
+import inputTypes from '../utils/inputTypes.js';
+
+import updateLocalization from '../utils/updateLocalization.js';
+
+const defaultColumns = [
+    'content_id',
+    'space_id',
+    'content_type_id',
+    'created_at',
+    'updated_at',
+    'published_at',
+    'revision',
+    'locale',
+    'status',
+    'slug',
+    'title',
+    'created_by',
+    'published_by',
+    'updated_by',
+    'meta',
+];
+
+export default async function updateContent(req, reply) {
+    const {
+        pg = pgClients.client,
+        params = {},
+        user = {},
+        body = {},
+        headers = {},
+    } = req;
+
+    const { type, id } = params;
+
+    if (!type) {
+        return reply.status(400).send({ error: 'not enough params: type', code: 400 });
+    }
+
+    if (!id) {
+        return reply.status(400).send({ error: 'not enough params: id', code: 400 });
+    }
+
+    if (!Object.keys(body || {}).length) {
+        return reply.status(400).send({ error: 'empty body', code: 400 });
+    }
+
+    // order priority - custom columns -> default for pages
+    const { ctid, ctname, dbtable, columns: contentColumns = [] } = await pg.query('select content_type_id as ctid, name as ctname, table_name as dbtable, columns from site.content_types where content_type_id in (select content_type_id from site.contents where content_id=$1) or content_type_id=$2 order by content_type_id = \'pages\'', [id, type]).then(el => el.rows?.[0] || {});
+
+    const arr = pg ? await pg.query(`select array_agg(relname)::text[] from pg_class a 
+        left join pg_namespace b on a.relnamespace=b.oid 
+        where a.relam=2 and b.nspname='data'`).then(el => el.rows?.[0]?.array_agg || []) : [];
+
+    if (!arr.length && type !== 'pages') {
+        return reply.status(400).send({ error: 'empty schema: data', code: 400 });
+    }
+
+    const table = arr.find(el => el === params.type);
+
+    const loadTable = type === 'pages' ? await getTemplate('table', 'single.default.table') : {};
+    const columns = type === 'pages'
+        ? (loadTable?.columns || []).concat((contentColumns || []).filter(col => loadTable?.columns.findIndex(el => el.name === col.name) === -1))
+        : contentColumns;
+
+    // const xss = checkXSS({ body });
+    const sql = checkSQL({ body });
+
+    if (/*xss.error ||*/ sql.error && false) {
+        logger.file(`injection/${/*xss.error ? 'xss' : */'sql'}/cms`, {
+            table,
+            ...params,
+            uid: user?.uid,
+            ...(/*xss.error ? xss : */sql),
+        });
+        return reply
+            .status(409)
+            .send(
+                `Дані містять заборонені ${/*xss.error ? 'xss' : */'sql'} символи. Приберіть їх та спробуйте ще раз`
+            );
+    }
+
+    // site.content_data, includes singletone
+    if (((!table && !dbtable) || ['single', 'pages'].includes(type)) && ctid) {
+        const cid = await pg.query(
+            'select content_id from site.contents where content_type_id=$1 limit 1',
+            [ctid],
+        ).then(el => el.rows?.[0]?.content_id);
+
+        const ctid1 = body.content_type_id || ctid;
+
+        if (!cid) {
+            return reply.status(404).send({ error: 'contents not found', code: 404 });
+        }
+
+        const columnList = columns?.map?.(el => el.name) || [];
+        const types = columns?.reduce?.((acc, curr) => ({ ...acc, [curr.name]: curr.type || 'text' }), {}) || {};
+        const keys = Object.keys(body || {}).filter(key => columnList.includes(key) && !defaultColumns.includes(key));
+
+
+        if (!Object.keys(body || {}).length) {
+            return reply.status(400).send({ error: 'invalid payload', code: 400 });
+        }
+
+        const blocks = await pg.query(`select json_object_agg(field_key,field_value) from site.content_data where content_id=$1 and field_type='reference'`, [id])
+            .then(el => el.rows?.[0]?.json_object_agg || {});
+
+        const emptyBlock = Object.keys(body).find(key => blocks[key] && (!body[key] || typeof body[key] !== 'object' || Object.keys(body[key] || {}) === 0));
+
+        if (emptyBlock) {
+            return reply.status(400).send({ error: 'access restricted: empty/invalid block ' + emptyBlock, code: 400 });
+        }
+
+        const client = await pg.connect();
+
+        try {
+            await client.query('begin');
+
+            const res = {};
+
+            const res1 = await dataUpdate({
+                pg: client,
+                table: 'site.contents',
+                id,
+                data: { ...body, content_type_id: ctid1 },
+                uid: user?.uid,
+            });
+            Object.assign(res, res1);
+
+            const objectId = (ctname === 'pages' || ['single', 'pages'].includes(type)) && id ? id : cid;
+            await client.query(`delete from site.content_data where object_id=$1`, [objectId]);
+            await Promise.all(keys.map(async key => dataInsert({
+                pg: client,
+                table: 'site.content_data',
+                data: {
+                    field_key: key,
+                    content_id: objectId,
+                    object_id: objectId,
+                    field_type: types[key] || 'text',
+                    field_value: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? undefined : body[key],
+                    field_value_object: inputTypes[types[key] || ''] === 'json' || key === 'meta' ? body[key] : undefined,
+                },
+                uid: user?.uid,
+            })));
+
+            // if pages allow localization, update localization
+            const localeRes = await updateLocalization(client, id, body, type === 'pages' ? type : ctid1, user?.uid);
+
+            if (Object.hasOwn(body, 'tag_list')) {
+                await client.query('delete from site.tag_data where data_id=$1', [id]);
+                if (body.tag_list?.length) {
+                    await Promise.all(body.tag_list.map(async tag => dataInsert({
+                        pg: client,
+                        table: 'site.tag_data',
+                        data: {
+                            tag_id: tag,
+                            data_id: id,
+                        },
+                        uid: user?.uid,
+                    })));
+                    Object.assign(res, { tag_list: body.tag_list });
+                }
+            }
+
+            await client.query('commit');
+
+            return {
+                id, ...res || {}, ...(keys || []).reduce((acc, curr) => ({ ...acc, [curr]: body[curr] }), {}), ...(localeRes || {})
+            };
+        } catch (err) {
+            await client.query('rollback');
+            return reply.status(500).send({ error: err.toString(), code: 500 });
+        } finally {
+            client.release();
+        }
+    }
+
+    if (!table && !dbtable) {
+        return reply.status(400).send({ error: 'invalid params: type', code: 400 });
+    }
+
+    const client = await pg.connect();
+
+    try {
+        await client.query('begin');
+
+        const result = await dataUpdate({
+            pg: client,
+            id,
+            table: 'data.' + `"${(table || dbtable)}"`,
+            data: body,
+            referer: headers?.referer,
+            uid: user?.uid,
+        }).catch(err => {
+            if (err.message?.includes?.('unique constraint')) {
+                throw new Error('Порушенні унікальності: ' + err.message?.match?.(/([^"]+)/g)?.[1]);
+            }
+            throw err;
+        });
+
+        await updateLocalization(client, result?.id, body, ctid, user?.uid);
+
+        if (Object.hasOwn(body, 'tag_list')) {
+            await client.query('delete from site.tag_data where data_id=$1', [id]);
+            if (body.tag_list?.length) {
+                await Promise.all(body.tag_list.map(async tag => dataInsert({
+                    pg: client,
+                    table: 'site.tag_data',
+                    data: {
+                        tag_id: tag?.id,
+                        data_id: id,
+                    },
+                    uid: user?.uid,
+                })));
+                Object.assign(result, { tag_list: body.tag_list });
+            }
+        }
+
+        await client.query('commit');
+
+        if (!result?.id) {
+            return reply.status(404).send({ error: 'content not found', code: 404 });
+        }
+
+        return reply.status(200).send(result);
+    } catch (err) {
+        await client.query('rollback');
+        return reply.status(500).send({ error: err.toString(), code: 500 });
+    } finally {
+        client.release();
+    }
 }

package/server/routes/cms/controllers/uploadMedia.js

@@ -1,80 +1,80 @@
-import path from 'node:path';
-import { mkdir } from 'node:fs/promises';
-
-import { uploadMultiPart, config, getFolder, dataInsert, pgClients } from "@opengis/fastify-table/utils.js";
-
-// path.resolve() converts POSIX paths from getFolder to valid Windows paths (Bun/Node fs require this on Windows)
-const rootDir = path.resolve(getFolder(config, 'local'));
-const dir = '/files';
-
-export default async function uploadMedia(req, reply) {
-    const { pg = pgClients.client, user = {}, query = {} } = req;
-
-    if (!pg?.pk?.['site.media']) {
-        return reply.status(404).send('table not found');
-    }
-
-    if (query.subdir && (typeof query.subdir !== 'string' || query.subdir.includes('..'))) {
-        return reply.status(403).send('invalid query params: subdir');
-    }
-
-    // upload assets
-    if (req.headers['content-type']?.split?.(';')?.shift?.() === 'multipart/form-data') {
-        const file = await uploadMultiPart(req, { subdir: query.subdir || '', originalFilename: true }).catch(err => {
-            if (err.message === 'file with specified name already exists in directory') {
-                err.message = 'Файл з вказаною назвою вже існує';
-                err.statusCode = 400;
-            }
-            throw err;
-        });
-
-        const { originalFilename: filename, filetype, mimetype } = file;
-        const relpath = path.join(dir, query.subdir || '', file.originalFilename).replace(/\\/g, '/');
-
-        const id = await dataInsert({
-            pg,
-            table: 'site.media',
-            data: {
-                filename,
-                filetype,
-                subdir: query.subdir,
-                url: relpath,
-                mime: mimetype,
-                filesize: file.size,
-            },
-            uid: user?.uid,
-        }).then(el => el?.rows?.[0]?.media_id);
-
-        return reply.status(200).send({
-            res: 'ok',
-            name: filename,
-            type: 'file',
-            mimetype,
-            result: {
-                file_id: id,
-                format: file.extension,
-                size: file.size,
-                // entity_id: resultInsert?.entity_id,
-                file_path: relpath,
-                file_name: filename,
-                dir: path.dirname(relpath).replace(/\\/g, '/'),
-                native_file_name: filename,
-            },
-        });
-    }
-
-    if (!query.subdir) {
-        return reply.status(400).send('not enough query params: subdir');
-    }
-
-    // create directory
-    const relpath = path.join(dir, query.subdir).replace(/\\/g, '/');
-    const dirpath = path.join(rootDir, relpath);
-    await mkdir(dirpath, { recursive: true });
-
-    return reply.status(200).send({
-        relpath,
-        dirname: path.basename(query.subdir),
-        type: 'dir',
-    });
+import path from 'node:path';
+import { mkdir } from 'node:fs/promises';
+
+import { uploadMultiPart, config, getFolder, dataInsert, pgClients } from "@opengis/fastify-table/utils.js";
+
+// path.resolve() converts POSIX paths from getFolder to valid Windows paths (Bun/Node fs require this on Windows)
+const rootDir = path.resolve(getFolder(config, 'local'));
+const dir = '/files';
+
+export default async function uploadMedia(req, reply) {
+    const { pg = pgClients.client, user = {}, query = {} } = req;
+
+    if (!pg?.pk?.['site.media']) {
+        return reply.status(404).send('table not found');
+    }
+
+    if (query.subdir && (typeof query.subdir !== 'string' || query.subdir.includes('..'))) {
+        return reply.status(403).send('invalid query params: subdir');
+    }
+
+    // upload assets
+    if (req.headers['content-type']?.split?.(';')?.shift?.() === 'multipart/form-data') {
+        const file = await uploadMultiPart(req, { subdir: query.subdir || '', originalFilename: true }).catch(err => {
+            if (err.message === 'file with specified name already exists in directory') {
+                err.message = 'Файл з вказаною назвою вже існує';
+                err.statusCode = 400;
+            }
+            throw err;
+        });
+
+        const { originalFilename: filename, filetype, mimetype } = file;
+        const relpath = path.join(dir, query.subdir || '', file.originalFilename).replace(/\\/g, '/');
+
+        const id = await dataInsert({
+            pg,
+            table: 'site.media',
+            data: {
+                filename,
+                filetype,
+                subdir: query.subdir,
+                url: relpath,
+                mime: mimetype,
+                filesize: file.size,
+            },
+            uid: user?.uid,
+        }).then(el => el?.rows?.[0]?.media_id);
+
+        return reply.status(200).send({
+            res: 'ok',
+            name: filename,
+            type: 'file',
+            mimetype,
+            result: {
+                file_id: id,
+                format: file.extension,
+                size: file.size,
+                // entity_id: resultInsert?.entity_id,
+                file_path: relpath,
+                file_name: filename,
+                dir: path.dirname(relpath).replace(/\\/g, '/'),
+                native_file_name: filename,
+            },
+        });
+    }
+
+    if (!query.subdir) {
+        return reply.status(400).send('not enough query params: subdir');
+    }
+
+    // create directory
+    const relpath = path.join(dir, query.subdir).replace(/\\/g, '/');
+    const dirpath = path.join(rootDir, relpath);
+    await mkdir(dirpath, { recursive: true });
+
+    return reply.status(200).send({
+        relpath,
+        dirname: path.basename(query.subdir),
+        type: 'dir',
+    });
 }