@opengis/fastify-table 1.0.22 → 1.0.23

package/Changelog.md

@@ -1,5 +1,10 @@
 # fastify-table
 
+## 1.0.23 - 07.05.2024
+
+- getTemplate funcs
+- dblist api
+
 ## 1.0.22 - 03.05.2024
 
 - getFilterSQL funcs

package/crud/controllers/insert.js

@@ -1,29 +1,29 @@
-import dataInsert from '../funcs/dataInsert.js';
-import getToken from '../funcs/getToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-
-export default async function insert(req) {
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table } = loadTemplate || req.params || {};
-  if (!table) return { status: 404, message: 'table is required' };
-
-  const { funcs, session, params } = req;
-  const tokenDataString = await getToken({
-    funcs, session, token: params.table, mode: 'a', json: 0,
-  });
-
-  const { form, add } = JSON.parse(tokenDataString || '{}');
-
-  const formData = form ? await getTemplate('form', form) : {};
-
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataInsert({ table: add || table, data: req.body });
-  return { rows: res.rows };
-}
+import dataInsert from '../funcs/dataInsert.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+
+export default async function insert(req) {
+  const loadTemplate = await getTemplate('table', req.params.table);
+  const { table } = loadTemplate || req.params || {};
+  if (!table) return { status: 404, message: 'table is required' };
+
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'a', json: 0,
+  });
+
+  const { form, add } = JSON.parse(tokenDataString || '{}');
+
+  const formData = form ? await getTemplate('form', form) : {};
+
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataInsert({ table: add || table, data: req.body });
+  return { rows: res.rows };
+}

package/crud/controllers/update.js

@@ -1,31 +1,31 @@
-import dataUpdate from '../funcs/dataUpdate.js';
-import getToken from '../funcs/getToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-
-export default async function update(req) {
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table } = loadTemplate || req.params || {};
-  const { id } = req.params || {};
-  if (!req.params?.table) return { message: 'table is required', status: 404 };
-  if (!id) return { message: 'id is required', status: 404 };
-
-  const { funcs, session, params } = req;
-  const tokenDataString = await getToken({
-    funcs, session, token: params.table, mode: 'w', json: 0,
-  });
-
-  const tokenData = JSON.parse(tokenDataString || '{}');
-
-  const formData = tokenData?.form ? await getTemplate('form', tokenData.form) : {};
-
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
-  return res;
-}
+import dataUpdate from '../funcs/dataUpdate.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+
+export default async function update(req) {
+  const loadTemplate = await getTemplate('table', req.params.table);
+  const { table } = loadTemplate || req.params || {};
+  const { id } = req.params || {};
+  if (!req.params?.table) return { message: 'table is required', status: 404 };
+  if (!id) return { message: 'id is required', status: 404 };
+
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'w', json: 0,
+  });
+
+  const tokenData = JSON.parse(tokenDataString || '{}');
+
+  const formData = tokenData?.form ? await getTemplate('form', tokenData.form) : {};
+
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
+  return res;
+}

package/crud/funcs/dataInsert.js

@@ -1,24 +1,24 @@
-import getPG from '../../pg/funcs/getPG.js';
-import getMeta from '../../pg/funcs/getMeta.js';
-
-export default async function dataInsert({ table, data }) {
-  const pg = getPG({ name: 'client' });
-  if (!data) return null;
-  const { columns } = await getMeta(table);
-  if (!columns) return null;
-
-  const names = columns.map((el) => el.name);
-  const filterData = Object.keys(data)
-    .filter((el) => data[el] && names.includes(el)).map((el) => [el, data[el]]);
-
-  const insertQuery = `insert into ${table}
-
-    ( ${filterData?.map((key) => `"${key[0]}"`).join(',')}) 
-
-    values  (${filterData?.map((key, i) => `$${i + 1}`).join(',')}) 
-    
-    returning *`;
-
-  const res = await pg.query(insertQuery, [...filterData.map((el) => (typeof el[1] === 'object' ? JSON.stringify(el[1]) : el[1]))]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+import getMeta from '../../pg/funcs/getMeta.js';
+
+export default async function dataInsert({ table, data }) {
+  const pg = getPG({ name: 'client' });
+  if (!data) return null;
+  const { columns } = await getMeta(table);
+  if (!columns) return null;
+
+  const names = columns.map((el) => el.name);
+  const filterData = Object.keys(data)
+    .filter((el) => data[el] && names.includes(el)).map((el) => [el, data[el]]);
+
+  const insertQuery = `insert into ${table}
+
+    ( ${filterData?.map((key) => `"${key[0]}"`).join(',')}) 
+
+    values  (${filterData?.map((key, i) => `$${i + 1}`).join(',')}) 
+    
+    returning *`;
+
+  const res = await pg.query(insertQuery, [...filterData.map((el) => (typeof el[1] === 'object' && !Array.isArray(el[1]) ? JSON.stringify(el[1]) : el[1]))]) || {};
+  return res;
+}

package/crud/funcs/dataUpdate.js

@@ -1,20 +1,20 @@
-import getPG from '../../pg/funcs/getPG.js';
-
-import getMeta from '../../pg/funcs/getMeta.js';
-
-export default async function dataUpdate({
-  table, id, data,
-}) {
-  const pg = getPG({ name: 'client' });
-  const { columns, pk } = await getMeta(table);
-
-  const names = columns?.map((el) => el.name);
-  const filterData = Object.keys(data)
-    .filter((el) => data[el] && names?.includes(el)).map((el) => [el, data[el]]);
-
-  const updateQuery = `UPDATE ${table} SET ${filterData?.map((key, i) => `"${key[0]}"=$${i + 2}`).join(',')} 
-      WHERE ${pk} = $1 returning *`;
-  //  console.log(updateDataset);
-  const res = await pg.query(updateQuery, [id, ...filterData.map((el) => (typeof el[1] === 'object' ? JSON.stringify(el[1]) : el[1]))]).then(el => el?.rows?.[0]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+
+import getMeta from '../../pg/funcs/getMeta.js';
+
+export default async function dataUpdate({
+  table, id, data,
+}) {
+  const pg = getPG({ name: 'client' });
+  const { columns, pk } = await getMeta(table);
+
+  const names = columns?.map((el) => el.name);
+  const filterData = Object.keys(data)
+    .filter((el) => data[el] && names?.includes(el)).map((el) => [el, data[el]]);
+
+  const updateQuery = `UPDATE ${table} SET ${filterData?.map((key, i) => `"${key[0]}"=$${i + 2}`).join(',')} 
+      WHERE ${pk} = $1 returning *`;
+  //  console.log(updateDataset);
+  const res = await pg.query(updateQuery, [id, ...filterData.map((el) => (typeof el[1] === 'object' && !Array.isArray(el[1]) ? JSON.stringify(el[1]) : el[1]))]).then(el => el?.rows?.[0]) || {};
+  return res;
+}

package/crud/index.js

@@ -1,29 +1,29 @@
-import getOPt from './funcs/getOpt.js';
-import setOpt from './funcs/setOpt.js';
-import isFileExists from './funcs/isFileExists.js';
-import dataUpdate from './funcs/dataUpdate.js';
-import dataInsert from './funcs/dataInsert.js';
-
-import update from './controllers/update.js';
-import insert from './controllers/insert.js';
-import deleteCrud from './controllers/deleteCrud.js';
-
-// import config from '../config.js';
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  // funcs
-  fastify.decorate('setOpt', setOpt);
-  fastify.decorate('getOpt', getOPt);
-  fastify.decorate('dataUpdate', dataUpdate);
-  fastify.decorate('dataInsert', dataInsert);
-
-  fastify.decorate('isFileExists', isFileExists);
-
-  // api
-  fastify.put(`${prefix}/table/:table/:id`, {}, update);
-  fastify.delete(`${prefix}/table/:table/:id`, {}, deleteCrud);
-  fastify.post(`${prefix}/table/:table`, {}, insert);
-}
-
-export default plugin;
+import getOPt from './funcs/getOpt.js';
+import setOpt from './funcs/setOpt.js';
+import isFileExists from './funcs/isFileExists.js';
+import dataUpdate from './funcs/dataUpdate.js';
+import dataInsert from './funcs/dataInsert.js';
+
+import update from './controllers/update.js';
+import insert from './controllers/insert.js';
+import deleteCrud from './controllers/deleteCrud.js';
+
+// import config from '../config.js';
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  // funcs
+  fastify.decorate('setOpt', setOpt);
+  fastify.decorate('getOpt', getOPt);
+  fastify.decorate('dataUpdate', dataUpdate);
+  fastify.decorate('dataInsert', dataInsert);
+
+  fastify.decorate('isFileExists', isFileExists);
+
+  // api
+  fastify.put(`${prefix}/table/:table/:id`, {}, update);
+  fastify.delete(`${prefix}/table/:table/:id`, {}, deleteCrud);
+  fastify.post(`${prefix}/table/:table`, {}, insert);
+}
+
+export default plugin;

package/dblist/controllers/{insertItem.js → createItem.js}

@@ -1,17 +1,17 @@
-import { randomUUID } from 'crypto';
-import { existsSync } from 'fs';
-import { readFile, writeFile } from 'fs/promises';
-
-import checkItem from './utils/checkItem.js';
-
-export default async function insertItem({ body = {} }) {
-  const check = checkItem(body.data);
-  if (check?.error) return check;
-
-  Object.assign(body.data, { id: randomUUID() });
-  const data = existsSync('dblist.json') ? JSON.parse(await readFile('dblist.json') || '[]') : [];
-  data.push(body.data);
-
-  await writeFile('dblist.json', JSON.stringify(data));
-  return { data };
-}
+import { randomUUID } from 'crypto';
+import { existsSync } from 'fs';
+import { readFile, writeFile } from 'fs/promises';
+
+import checkItem from './utils/checkItem.js';
+
+export default async function insertItem({ body = {} }) {
+  const check = checkItem(body.data);
+  if (check?.error) return check;
+
+  Object.assign(body.data, { id: randomUUID() });
+  const data = existsSync('dblist.json') ? JSON.parse(await readFile('dblist.json') || '[]') : [];
+  data.push(body.data);
+
+  await writeFile('dblist.json', JSON.stringify(data));
+  return { data };
+}

package/dblist/controllers/readItems.js

@@ -1,7 +1,8 @@
-import { existsSync } from 'fs';
-import { readFile } from 'fs/promises';
-
-export default async function readItemList() {
-  const data = existsSync('dblist.json') ? JSON.parse(await readFile('dblist.json') || '[]') : [];
-  return { data };
-}
+import { existsSync } from 'fs';
+import { readFile } from 'fs/promises';
+
+export default async function readItemList(req) {
+  const data = existsSync('dblist.json') ? JSON.parse(await readFile('dblist.json') || '[]') : [];
+  // const { user = {} } = req.session?.passport || {};
+  return { data };
+}

package/dblist/index.js

@@ -1,40 +1,40 @@
-import createItem from './controllers/insertItem.js';
-import readItemList from './controllers/readItems.js';
-import updateItem from './controllers/updateItem.js';
-import deleteItem from './controllers/deleteItem.js';
-
-export default async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  fastify.route({
-    method: 'POST',
-    url: `${prefix}/list`,
-    config: {
-      policy: [],
-    },
-    handler: createItem,
-  });
-  fastify.route({
-    method: 'GET',
-    url: `${prefix}/list`,
-    config: {
-      policy: [],
-    },
-    handler: readItemList,
-  });
-  fastify.route({
-    method: 'PUT',
-    url: `${prefix}/list/:id`,
-    config: {
-      policy: [],
-    },
-    handler: updateItem,
-  });
-  fastify.route({
-    method: 'DELETE',
-    url: `${prefix}/list/:id`,
-    config: {
-      policy: [],
-    },
-    handler: deleteItem,
-  });
-}
+import createItem from './controllers/createItem.js';
+import readItemList from './controllers/readItems.js';
+import updateItem from './controllers/updateItem.js';
+import deleteItem from './controllers/deleteItem.js';
+
+export default async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  fastify.route({
+    method: 'POST',
+    url: `${prefix}/list`,
+    config: {
+      policy: [],
+    },
+    handler: createItem,
+  });
+  fastify.route({
+    method: 'GET',
+    url: `${prefix}/list`,
+    config: {
+      policy: [],
+    },
+    handler: readItemList,
+  });
+  fastify.route({
+    method: 'PUT',
+    url: `${prefix}/list/:id`,
+    config: {
+      policy: [],
+    },
+    handler: updateItem,
+  });
+  fastify.route({
+    method: 'DELETE',
+    url: `${prefix}/list/:id`,
+    config: {
+      policy: [],
+    },
+    handler: deleteItem,
+  });
+}

package/helper.js

@@ -1,28 +1,28 @@
-// This file contains code that we reuse
-// between our tests.
-import Fastify from 'fastify';
-import config from './test/config.js';
-import appService from './index.js';
-
-import rclient from './redis/client.js';
-import pgClients from './pg/pgClients.js';
-
-// automatically build and tear down our instance
-async function build(t) {
-  // you can set all the options supported by the fastify CLI command
-  // const argv = [AppPath]
-  process.env.NODE_ENV = 'production';
-  const app = Fastify({ logger: false });
-  app.register(appService, config);
-  // close the app after we are done
-  t.after(() => {
-    // console.log('close app');
-    pgClients.client.end();
-    rclient.quit();
-    app.close();
-  });
-
-  return app;
-}
-
-export default build;
+// This file contains code that we reuse
+// between our tests.
+import Fastify from 'fastify';
+import config from './test/config.js';
+import appService from './index.js';
+
+import rclient from './redis/client.js';
+import pgClients from './pg/pgClients.js';
+
+// automatically build and tear down our instance
+async function build(t) {
+  // you can set all the options supported by the fastify CLI command
+  // const argv = [AppPath]
+  process.env.NODE_ENV = 'production';
+  const app = Fastify({ logger: false });
+  app.register(appService, config);
+  // close the app after we are done
+  t.after(() => {
+    // console.log('close app');
+    pgClients.client.end();
+    rclient.quit();
+    app.close();
+  });
+
+  return app;
+}
+
+export default build;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.0.22",
+  "version": "1.0.23",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",

package/table/index.js

@@ -5,6 +5,7 @@ import filter from './controllers/filter.js';
 import form from './controllers/form.js';
 import metaFormat from './funcs/metaFormat/index.js';
 import getFilterSQL from './funcs/getFilterSQL/index.js';
+import getTemplate from './controllers/utils/getTemplate.js';
 
 const tableSchema = {
   querystring: {
@@ -29,6 +30,7 @@ async function plugin(fastify, config = {}) {
   const prefix = config.prefix || '/api';
   fastify.decorate('metaFormat', metaFormat);
   fastify.decorate('getFilterSQL', getFilterSQL);
+  fastify.decorate('getTemplate', getTemplate);
 
   fastify.get(`${prefix}/suggest/:data`, {}, suggest);
   fastify.get(`${prefix}/data/:table/:id?`, { schema: tableSchema }, data); // vs.crm.data.api с node

package/test/api/crud.test.js

@@ -1,50 +1,56 @@
-import { test } from 'node:test';
-import assert from 'node:assert';
-
-import build from '../../helper.js';
-
-import config from '../config.js';
-
-test('api crud', async (t) => {
-  const app = await build(t);
-  const prefix = config.prefix || '/api';
-
-  await t.test('POST /insert', async () => {
-    const res = await app.inject({
-      method: 'POST',
-      url: `${prefix}/crud/gis.dataset`,
-      body: { dataset_name: '111', dataset_id: '5400000' },
-    });
-
-    const rep = JSON.parse(res?.body);
-    // rep.dataset_id
-    // console.log(rep);
-    // pgClients.client.query('delete from gis.dataset where dataset_id=$1', [rep.dataset_id]);
-    assert.ok(rep.dataset_id);
-  });
-
-  await t.test('PUT /update', async () => {
-    const res = await app.inject({
-      method: 'PUT',
-      url: `${prefix}/crud/gis.dataset/5400000`,
-      body: { editor_id: '11' },
-    });
-
-    const rep = JSON.parse(res?.body);
-    // rep.dataset_id
-    // console.log(rep);
-    assert.equal(rep.editor_id, '11');
-  });
-
-  await t.test('DELETE /delete', async () => {
-    const res = await app.inject({
-      method: 'DELETE',
-      url: `${prefix}/crud/gis.dataset/5400000`,
-    });
-
-    const rep = JSON.parse(res?.body);
-    // rep.dataset_id
-    // console.log(rep);
-    assert.ok(rep);
-  });
-});
+import { test } from 'node:test';
+import assert from 'node:assert';
+
+import build from '../../helper.js';
+
+import config from '../config.js';
+
+test('api crud', async (t) => {
+  const app = await build(t);
+  const prefix = config.prefix || '/api';
+
+  await t.test('POST /insert', async () => {
+    const res = await app.inject({
+      method: 'POST',
+      url: `${prefix}/table/gis.map`,
+      body: {
+        alias: 'testMap',
+        map_id: '5400000',
+        ord: 1,
+        enabled: false,
+        tags: ['unit', 'test'],
+      },
+    });
+
+    const rep = JSON.parse(res?.body);
+    assert.ok(rep.rows ? rep.rows[0]?.map_id : rep.map_id);
+  });
+
+  await t.test('PUT /update', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: `${prefix}/table/gis.map/5400000`,
+      body: {
+        editor_id: '11',
+        alias: 'testMapEdit',
+        map_id: '5400000',
+        ord: 2,
+        enabled: true,
+        tags: ['unittest'],
+      },
+    });
+
+    const rep = JSON.parse(res?.body);
+    assert.equal(rep.rows ? rep.rows[0]?.editor_id : rep.editor_id, '11');
+  });
+
+  await t.test('DELETE /delete', async () => {
+    const res = await app.inject({
+      method: 'DELETE',
+      url: `${prefix}/table/gis.map/5400000`,
+    });
+
+    const rep = JSON.parse(res?.body);
+    assert.ok(rep);
+  });
+});

package/test/api/crud.xss.test.js

@@ -1,68 +1,68 @@
-import { test } from 'node:test';
-import assert from 'node:assert';
-
-import build from '../../helper.js';
-
-import setToken from '../../crud/funcs/setToken.js';
-import config from '../config.js';
-
-test('api crud xss', async (t) => {
-  const app = await build(t);
-  const session = { passport: { user: { uid: '1' } } };
-  app.decorateRequest('session', session);
-
-  const prefix = config.prefix || '/api';
-
-  let addTokens;
-  let editTokens;
-
-  // before
-  t.test('setToken', async () => {
-    addTokens = setToken({
-      ids: [JSON.stringify({ add: 'gis.dataset', form: 'test.dataset.form' })],
-      mode: 'a',
-      uid: 1,
-      array: 1,
-    });
-    editTokens = setToken({
-      ids: [JSON.stringify({ id: '5400000', table: 'gis.dataset', form: 'test.dataset.form' })],
-      mode: 'w',
-      uid: 1,
-      array: 1,
-    });
-    assert.ok(addTokens.length === 1 && editTokens.length === 1, 'invalid token');
-  });
-
-  await t.test('POST /insert', async () => {
-    const res = await app.inject({
-      method: 'POST',
-      url: `${prefix}/crud/${addTokens[0]}`,
-      body: { dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>', dataset_id: '5400000' },
-    });
-
-    const rep = JSON.parse(res?.body);
-
-    assert.ok(rep.status, 409);
-  });
-
-  await t.test('PUT /update', async () => {
-    const res = await app.inject({
-      method: 'PUT',
-      url: `${prefix}/crud/${editTokens[0]}/${editTokens[0]}`,
-      body: { editor_id: '11', dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>' },
-    });
-
-    const rep = JSON.parse(res?.body);
-
-    assert.equal(rep.status, 409);
-  });
-  await t.test('DELETE /delete', async () => {
-    const res = await app.inject({
-      method: 'DELETE',
-      url: `${prefix}/crud/gis.dataset/5400000`,
-    });
-
-    const rep = JSON.parse(res?.body);
-    assert.ok(rep);
-  });
-});
+import { test } from 'node:test';
+import assert from 'node:assert';
+
+import build from '../../helper.js';
+
+import setToken from '../../crud/funcs/setToken.js';
+import config from '../config.js';
+
+test('api crud xss', async (t) => {
+  const app = await build(t);
+  const session = { passport: { user: { uid: '1' } } };
+  app.decorateRequest('session', session);
+
+  const prefix = config.prefix || '/api';
+
+  let addTokens;
+  let editTokens;
+
+  // before
+  t.test('setToken', async () => {
+    addTokens = setToken({
+      ids: [JSON.stringify({ add: 'gis.dataset', form: 'test.dataset.form' })],
+      mode: 'a',
+      uid: 1,
+      array: 1,
+    });
+    editTokens = setToken({
+      ids: [JSON.stringify({ id: '5400000', table: 'gis.dataset', form: 'test.dataset.form' })],
+      mode: 'w',
+      uid: 1,
+      array: 1,
+    });
+    assert.ok(addTokens.length === 1 && editTokens.length === 1, 'invalid token');
+  });
+
+  await t.test('POST /insert', async () => {
+    const res = await app.inject({
+      method: 'POST',
+      url: `${prefix}/table/${addTokens[0]}`,
+      body: { dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>', dataset_id: '5400000' },
+    });
+
+    const rep = JSON.parse(res?.body);
+
+    assert.ok(rep.status, 409);
+  });
+
+  await t.test('PUT /update', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: `${prefix}/table/${editTokens[0]}/${editTokens[0]}`,
+      body: { editor_id: '11', dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>' },
+    });
+
+    const rep = JSON.parse(res?.body);
+
+    assert.equal(rep.status, 409);
+  });
+  await t.test('DELETE /delete', async () => {
+    const res = await app.inject({
+      method: 'DELETE',
+      url: `${prefix}/table/gis.dataset/5400000`,
+    });
+
+    const rep = JSON.parse(res?.body);
+    assert.ok(rep);
+  });
+});