@opengis/fastify-table 1.0.36 → 1.0.37

package/Changelog.md

@@ -1,5 +1,9 @@
 # fastify-table
 
+## 1.0.37 - 23.05.2024
+
+- add gallery widget
+
 ## 1.0.36 - 22.05.2024
 
 - fix filter api array processing

package/crud/controllers/insert.js

@@ -1,29 +1,29 @@
-import dataInsert from '../funcs/dataInsert.js';
-import getToken from '../funcs/getToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-
-export default async function insert(req) {
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table } = loadTemplate || req.params || {};
-  if (!table) return { status: 404, message: 'table is required' };
-
-  const { funcs, session, params } = req;
-  const tokenDataString = await getToken({
-    funcs, session, token: params.table, mode: 'a', json: 0,
-  });
-
-  const { form, add } = JSON.parse(tokenDataString || '{}');
-
-  const formData = form ? await getTemplate('form', form) : {};
-
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataInsert({ table: add || table, data: req.body });
-  return { rows: res.rows };
-}
+import dataInsert from '../funcs/dataInsert.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+
+export default async function insert(req) {
+  const loadTemplate = await getTemplate('table', req.params.table);
+  const { table } = loadTemplate || req.params || {};
+  if (!table) return { status: 404, message: 'table is required' };
+
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'a', json: 0,
+  });
+
+  const { form, add } = JSON.parse(tokenDataString || '{}');
+
+  const formData = form ? await getTemplate('form', form) : {};
+
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataInsert({ table: add || table, data: req.body });
+  return { rows: res.rows };
+}

package/crud/controllers/update.js

@@ -1,31 +1,31 @@
-import dataUpdate from '../funcs/dataUpdate.js';
-import getToken from '../funcs/getToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-
-export default async function update(req) {
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table } = loadTemplate || req.params || {};
-  const { id } = req.params || {};
-  if (!req.params?.table) return { message: 'table is required', status: 404 };
-  if (!id) return { message: 'id is required', status: 404 };
-
-  const { funcs, session, params } = req;
-  const tokenDataString = await getToken({
-    funcs, session, token: params.table, mode: 'w', json: 0,
-  });
-
-  const tokenData = JSON.parse(tokenDataString || '{}');
-
-  const formData = tokenData?.form ? await getTemplate('form', tokenData.form) : {};
-
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
-  return res;
-}
+import dataUpdate from '../funcs/dataUpdate.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+
+export default async function update(req) {
+  const loadTemplate = await getTemplate('table', req.params.table);
+  const { table } = loadTemplate || req.params || {};
+  const { id } = req.params || {};
+  if (!req.params?.table) return { message: 'table is required', status: 404 };
+  if (!id) return { message: 'id is required', status: 404 };
+
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'w', json: 0,
+  });
+
+  const tokenData = JSON.parse(tokenDataString || '{}');
+
+  const formData = tokenData?.form ? await getTemplate('form', tokenData.form) : {};
+
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
+  return res;
+}

package/crud/funcs/getOpt.js

@@ -1,10 +1,10 @@
-import getRedis from '../../redis/funcs/getRedis.js';
-
-export default async function getOpt(token, funcs) {
-  const rclient = getRedis({ db: 0, funcs });
-
-  const key = `opt:${token}`;
-  const data = await rclient.get(key);
-  if (!data) return null;
-  return JSON.parse(data);
-}
+import getRedis from '../../redis/funcs/getRedis.js';
+
+export default async function getOpt(token, funcs) {
+  const rclient = getRedis({ db: 0, funcs });
+
+  const key = `opt:${token}`;
+  const data = await rclient.get(key);
+  if (!data) return null;
+  return JSON.parse(data);
+}

package/crud/funcs/setOpt.js

@@ -1,16 +1,16 @@
-import { createHash } from 'crypto';
-import getRedis from '../../redis/funcs/getRedis.js';
-
-function md5(string) {
-  return createHash('md5').update(string).digest('hex');
-}
-
-export default async function setOpt(params) {
-  const token = Buffer.from(md5(typeof params === 'object' ? JSON.stringify(params) : params), 'hex').toString('base64').replace(/[+-=]+/g, '');
-  // const token = md5(params);
-  const key = `opt:${token}`;
-
-  const rclient = getRedis({ db: 0, funcs: params.funcs });
-  await rclient.set(key, JSON.stringify(params), 'EX', 60 * 60);
-  return token;
-}
+import { createHash } from 'crypto';
+import getRedis from '../../redis/funcs/getRedis.js';
+
+function md5(string) {
+  return createHash('md5').update(string).digest('hex');
+}
+
+export default async function setOpt(params) {
+  const token = Buffer.from(md5(typeof params === 'object' ? JSON.stringify(params) : params), 'hex').toString('base64').replace(/[+-=]+/g, '');
+  // const token = md5(params);
+  const key = `opt:${token}`;
+
+  const rclient = getRedis({ db: 0, funcs: params.funcs });
+  await rclient.set(key, JSON.stringify(params), 'EX', 60 * 60);
+  return token;
+}

package/crud/index.js

@@ -1,29 +1,29 @@
-import getOPt from './funcs/getOpt.js';
-import setOpt from './funcs/setOpt.js';
-import isFileExists from './funcs/isFileExists.js';
-import dataUpdate from './funcs/dataUpdate.js';
-import dataInsert from './funcs/dataInsert.js';
-
-import update from './controllers/update.js';
-import insert from './controllers/insert.js';
-import deleteCrud from './controllers/deleteCrud.js';
-
-// import config from '../config.js';
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  // funcs
-  fastify.decorate('setOpt', setOpt);
-  fastify.decorate('getOpt', getOPt);
-  fastify.decorate('dataUpdate', dataUpdate);
-  fastify.decorate('dataInsert', dataInsert);
-
-  fastify.decorate('isFileExists', isFileExists);
-
-  // api
-  fastify.put(`${prefix}/table/:table/:id`, {}, update);
-  fastify.delete(`${prefix}/table/:table/:id`, {}, deleteCrud);
-  fastify.post(`${prefix}/table/:table`, {}, insert);
-}
-
-export default plugin;
+import getOPt from './funcs/getOpt.js';
+import setOpt from './funcs/setOpt.js';
+import isFileExists from './funcs/isFileExists.js';
+import dataUpdate from './funcs/dataUpdate.js';
+import dataInsert from './funcs/dataInsert.js';
+
+import update from './controllers/update.js';
+import insert from './controllers/insert.js';
+import deleteCrud from './controllers/deleteCrud.js';
+
+// import config from '../config.js';
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  // funcs
+  fastify.decorate('setOpt', setOpt);
+  fastify.decorate('getOpt', getOPt);
+  fastify.decorate('dataUpdate', dataUpdate);
+  fastify.decorate('dataInsert', dataInsert);
+
+  fastify.decorate('isFileExists', isFileExists);
+
+  // api
+  fastify.put(`${prefix}/table/:table/:id`, {}, update);
+  fastify.delete(`${prefix}/table/:table/:id`, {}, deleteCrud);
+  fastify.post(`${prefix}/table/:table`, {}, insert);
+}
+
+export default plugin;

package/helper.js

@@ -1,28 +1,28 @@
-// This file contains code that we reuse
-// between our tests.
-import Fastify from 'fastify';
-import config from './test/config.js';
-import appService from './index.js';
-
-import rclient from './redis/client.js';
-import pgClients from './pg/pgClients.js';
-
-// automatically build and tear down our instance
-async function build(t) {
-  // you can set all the options supported by the fastify CLI command
-  // const argv = [AppPath]
-  process.env.NODE_ENV = 'production';
-  const app = Fastify({ logger: false });
-  app.register(appService, config);
-  // close the app after we are done
-  t.after(() => {
-    // console.log('close app');
-    pgClients.client.end();
-    rclient.quit();
-    app.close();
-  });
-
-  return app;
-}
-
-export default build;
+// This file contains code that we reuse
+// between our tests.
+import Fastify from 'fastify';
+import config from './test/config.js';
+import appService from './index.js';
+
+import rclient from './redis/client.js';
+import pgClients from './pg/pgClients.js';
+
+// automatically build and tear down our instance
+async function build(t) {
+  // you can set all the options supported by the fastify CLI command
+  // const argv = [AppPath]
+  process.env.NODE_ENV = 'production';
+  const app = Fastify({ logger: false });
+  app.register(appService, config);
+  // close the app after we are done
+  t.after(() => {
+    // console.log('close app');
+    pgClients.client.end();
+    rclient.quit();
+    app.close();
+  });
+
+  return app;
+}
+
+export default build;

package/notification/controllers/userNotifications.js

@@ -1,19 +1,19 @@
-export default async function userNotifications({
-  pg, session = {}, query = {},
-}) {
-  const time = Date.now();
-  try {
-    const { uid } = session.passport?.user || {};
-    if (!uid) return { error: 'access restricted', status: 403 };
-
-    const queryFunc = query.nocache ? pg.query : pg.queryCache;
-
-    // queryCache not supports $1 params
-    const { rows } = await queryFunc(`select notification_id as id, notification_type as type, 
-      notification_status as status, title, body, link, uid from crm.notification where uid='${uid}'`);
-    return { time: Date.now() - time, total: rows?.length, rows };
-  }
-  catch (err) {
-    return { error: err.toString(), status: 500 };
-  }
-}
+export default async function userNotifications({
+  pg, session = {}, query = {},
+}) {
+  const time = Date.now();
+  try {
+    const { uid } = session.passport?.user || {};
+    if (!uid) return { error: 'access restricted', status: 403 };
+
+    const queryFunc = query.nocache ? pg.query : pg.queryCache;
+
+    // queryCache not supports $1 params
+    const { rows } = await queryFunc(`select notification_id as id, notification_type as type, 
+      notification_status as status, title, body, link, uid from crm.notification where uid='${uid}'`);
+    return { time: Date.now() - time, total: rows?.length, rows };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/notification/funcs/addNotification.js

@@ -1,8 +1,8 @@
-export default async function addNotification({
-  pg, session = {}, title, body, link, notificationType, uid: uid1,
-}) {
-  const uid = uid1 || session.passport?.user?.uid || {};
-  const { id, status } = await pg.one(`insert into crm.notification(title, body, link, notification_type, uid) 
-  values($1,$2,$3,$4,$5) returning notification_id as id, notification_status as status`, [title, body, link, notificationType, uid]);
-  return { id, status };
-}
+export default async function addNotification({
+  pg, session = {}, title, body, link, notificationType, uid: uid1,
+}) {
+  const uid = uid1 || session.passport?.user?.uid || {};
+  const { id, status } = await pg.one(`insert into crm.notification(title, body, link, notification_type, uid) 
+  values($1,$2,$3,$4,$5) returning notification_id as id, notification_status as status`, [title, body, link, notificationType, uid]);
+  return { id, status };
+}

package/notification/index.js

@@ -1,19 +1,19 @@
-// api
-import userNotifications from './controllers/userNotifications.js';
-// funcs
-import addNotification from './funcs/addNotification.js';
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  fastify.route({
-    method: 'GET',
-    url: `${prefix}/notification`,
-    config: {
-      policy: ['user'], // implement user auth check policy??
-    },
-    handler: userNotifications,
-  });
-  fastify.decorate('addNotification', addNotification);
-}
-
-export default plugin;
+// api
+import userNotifications from './controllers/userNotifications.js';
+// funcs
+import addNotification from './funcs/addNotification.js';
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  fastify.route({
+    method: 'GET',
+    url: `${prefix}/notification`,
+    config: {
+      policy: ['user'], // implement user auth check policy??
+    },
+    handler: userNotifications,
+  });
+  fastify.decorate('addNotification', addNotification);
+}
+
+export default plugin;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.0.36",
+  "version": "1.0.37",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",

package/pg/pgClients.js

@@ -1,20 +1,20 @@
-import pg from 'pg';
-import config from '../config.js';
-import init from './funcs/init.js';
-
-const pgClients = {};
-if (config.pg) {
-  const client = new pg.Pool({
-    host: config.pg?.host || '127.0.0.1',
-    port: config.pg?.port || 5432,
-    database: config.pg?.database || 'postgres',
-    user: config.pg?.user || 'postgres',
-    password: config.pg?.password || 'postgres',
-  });
-  client.init = async () => {
-    await init(client);
-  };
-  client.init();
-  pgClients.client = client;
-}
-export default pgClients;
+import pg from 'pg';
+import config from '../config.js';
+import init from './funcs/init.js';
+
+const pgClients = {};
+if (config.pg) {
+  const client = new pg.Pool({
+    host: config.pg?.host || '127.0.0.1',
+    port: config.pg?.port || 5432,
+    database: config.pg?.database || 'postgres',
+    user: config.pg?.user || 'postgres',
+    password: config.pg?.password || 'postgres',
+  });
+  client.init = async () => {
+    await init(client);
+  };
+  client.init();
+  pgClients.client = client;
+}
+export default pgClients;

package/policy/funcs/checkPolicy.js

@@ -1,74 +1,74 @@
-import block from './sqlInjection.js';
-
-/**
- * Middleware func
- *
- * @type function
- * @alias checkPolicy
- * @summary Функція дозволяє налаштувати доступ до сайту або API для адмін. та публічної частини веб-ресурсу
- * @param {String} path - назва апі
- * @returns {object|null} Returns object
- */
-
-export default function checkPolicy(req) {
-  const {
-    originalUrl: path, hostname, query, params, headers: hs, log, sid = 35, funcs = {},
-  } = req;
-  const user = req.user || req.session?.passport?.user;
-
-  const { config } = funcs;
-  const isUser = config.debug || !!user;
-
-  const isServer = process.argv[2];
-  const { policy = [] } = req.routeOptions?.config || {};
-
-  /*= == 1.File injection  === */
-  if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
-    log.warn({
-      name: 'injection/file', params, query, message: 'access restricted: 1',
-    });
-    return { message: 'access restricted: 1', status: 403 };
-  }
-
-  /*= == 1.1 File  === */
-  const allowExtPublic = ['.png', '.jpg', '.svg'];
-  const ext = path.toLowerCase().substr(-4);
-  if (path.includes('files/') && allowExtPublic.includes(ext)) return null;
-
-  /*= == 2.SQL Injection policy: no-sql === */
-  if (!policy.includes('no-sql')) {
-    const stopWords = block.filter((el) => path.includes(el));
-    if (stopWords?.length) {
-      log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
-      return { message: 'access restricted: 2', status: 403 };
-    }
-  }
-  /* Check is Not API */
-  const isApi = ['/files/', '/api/format/', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
-  if (!isApi) return null;
-
-  /*= == 3. policy: referer === */
-  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
-    log.warn({ name: 'referer', message: 'access restricted: 3' });
-    return { message: 'access restricted: 3', status: 403 };
-  }
-
-  /*= == policy: public === */
-  if (policy.includes('public')) {
-    return null;
-  }
-
-  /*= == 4. policy: site auth === */
-  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
-    log.warn({ name: 'site', message: 'access restricted: 4' });
-    return { message: 'access restricted: 4', status: 403 };
-  }
-
-  /*= == 5. base policy: block api  === */
-  if (sid === 35 && !isUser && isServer && !config.local && !config.debug) {
-    log.warn({ name: 'api', message: 'access restricted: 5' });
-    return { message: 'access restricted: 5', status: 403 };
-  }
-
-  return null;
-}
+import block from './sqlInjection.js';
+
+/**
+ * Middleware func
+ *
+ * @type function
+ * @alias checkPolicy
+ * @summary Функція дозволяє налаштувати доступ до сайту або API для адмін. та публічної частини веб-ресурсу
+ * @param {String} path - назва апі
+ * @returns {object|null} Returns object
+ */
+
+export default function checkPolicy(req) {
+  const {
+    originalUrl: path, hostname, query, params, headers: hs, log, sid = 35, funcs = {},
+  } = req;
+  const user = req.user || req.session?.passport?.user;
+
+  const { config } = funcs;
+  const isUser = config.debug || !!user;
+
+  const isServer = process.argv[2];
+  const { policy = [] } = req.routeOptions?.config || {};
+
+  /*= == 1.File injection  === */
+  if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
+    log.warn({
+      name: 'injection/file', params, query, message: 'access restricted: 1',
+    });
+    return { message: 'access restricted: 1', status: 403 };
+  }
+
+  /*= == 1.1 File  === */
+  const allowExtPublic = ['.png', '.jpg', '.svg'];
+  const ext = path.toLowerCase().substr(-4);
+  if (path.includes('files/') && allowExtPublic.includes(ext)) return null;
+
+  /*= == 2.SQL Injection policy: no-sql === */
+  if (!policy.includes('no-sql')) {
+    const stopWords = block.filter((el) => path.includes(el));
+    if (stopWords?.length) {
+      log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
+      return { message: 'access restricted: 2', status: 403 };
+    }
+  }
+  /* Check is Not API */
+  const isApi = ['/files/', '/api/format/', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
+  if (!isApi) return null;
+
+  /*= == 3. policy: referer === */
+  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
+    log.warn({ name: 'referer', message: 'access restricted: 3' });
+    return { message: 'access restricted: 3', status: 403 };
+  }
+
+  /*= == policy: public === */
+  if (policy.includes('public')) {
+    return null;
+  }
+
+  /*= == 4. policy: site auth === */
+  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
+    log.warn({ name: 'site', message: 'access restricted: 4' });
+    return { message: 'access restricted: 4', status: 403 };
+  }
+
+  /*= == 5. base policy: block api  === */
+  if (sid === 35 && !isUser && isServer && !config.local && !config.debug) {
+    log.warn({ name: 'api', message: 'access restricted: 5' });
+    return { message: 'access restricted: 5', status: 403 };
+  }
+
+  return null;
+}