@opengis/fastify-table 1.0.42 → 1.0.44

package/Changelog.md

@@ -1,5 +1,13 @@
 # fastify-table
 
+## 1.0.44 - 18.06.2024
+
+- add extra data support (form DataTable)
+
+## 1.0.43 - 14.06.2024
+
+- add settings api, funcs, migration
+
 ## 1.0.42 - 12.06.2024
 
 - table cardSql support

package/crud/controllers/insert.js

@@ -1,29 +1,42 @@
-import dataInsert from '../funcs/dataInsert.js';
-import getToken from '../funcs/getToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-
-export default async function insert(req) {
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table } = loadTemplate || req.params || {};
-  if (!table) return { status: 404, message: 'table is required' };
-
-  const { funcs, session, params } = req;
-  const tokenDataString = await getToken({
-    funcs, session, token: params.table, mode: 'a', json: 0,
-  });
-
-  const { form, add } = JSON.parse(tokenDataString || '{}');
-
-  const formData = form ? await getTemplate('form', form) : {};
-
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataInsert({ table: add || table, data: req.body });
-  return { rows: res.rows };
-}
+import dataInsert from '../funcs/dataInsert.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+
+export default async function insert(req) {
+  const loadTemplate = await getTemplate('table', req.params.table);
+  const { table } = loadTemplate || req.params || {};
+  if (!table) return { status: 404, message: 'table is required' };
+
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'a', json: 0,
+  });
+
+  const { form, add } = JSON.parse(tokenDataString || '{}');
+
+  const formData = form || loadTemplate?.form ? (await getTemplate('form', form || loadTemplate?.form) || {}) : {};
+
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataInsert({ table: add || table, data: req.body });
+
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && req.body[key].length);
+  if (extraKeys?.length) {
+    res.extra = {};
+    await Promise.all(extraKeys?.map(async (key) => {
+      const extraRows = await Promise.all(req.body[key].map(async (row) => {
+        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: req.body[formData[key].parent_id] } });
+        return extraRes?.rows?.[0];
+      }));
+      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
+    }));
+  }
+
+  return { rows: res.rows, extra: res.extra };
+}

package/crud/controllers/update.js

@@ -1,31 +1,49 @@
-import dataUpdate from '../funcs/dataUpdate.js';
-import getToken from '../funcs/getToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-
-export default async function update(req) {
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table } = loadTemplate || req.params || {};
-  const { id } = req.params || {};
-  if (!req.params?.table) return { message: 'table is required', status: 404 };
-  if (!id) return { message: 'id is required', status: 404 };
-
-  const { funcs, session, params } = req;
-  const tokenDataString = await getToken({
-    funcs, session, token: params.table, mode: 'w', json: 0,
-  });
-
-  const tokenData = JSON.parse(tokenDataString || '{}');
-
-  const formData = tokenData?.form ? await getTemplate('form', tokenData.form) : {};
-
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
-  return res;
-}
+import dataUpdate from '../funcs/dataUpdate.js';
+import dataInsert from '../funcs/dataInsert.js';
+import pgClients from '../../pg/pgClients.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+
+export default async function update(req) {
+  const loadTemplate = await getTemplate('table', req.params.table);
+  const { table } = loadTemplate || req.params || {};
+  const { id } = req.params || {};
+  if (!req.params?.table) return { message: 'table is required', status: 404 };
+  if (!id) return { message: 'id is required', status: 404 };
+
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'w', json: 0,
+  });
+
+  const tokenData = JSON.parse(tokenDataString || '{}');
+
+  const formData = tokenData?.form || loadTemplate?.form ? await getTemplate('form', tokenData.form || loadTemplate?.form) : {};
+
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
+
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && req.body[key].length);
+  if (extraKeys?.length) {
+    res.extra = {};
+    await Promise.all(extraKeys?.map(async (key) => {
+      // delete old extra data
+      await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [req.body[formData[key].parent_id]]);
+      // insert new extra data
+      const extraRows = await Promise.all(req.body[key].map(async (row) => {
+        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: req.body[formData[key].parent_id] } });
+        return extraRes?.rows?.[0];
+      }));
+      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
+    }));
+  }
+
+  return res;
+}

package/index.js

@@ -13,6 +13,7 @@ import notificationPlugin from './notification/index.js';
 import widgetPlugin from './widget/index.js';
 import crudPlugin from './crud/index.js';
 import policyPlugin from './policy/index.js';
+import settingsPlugin from './settings/index.js';
 
 import pgClients from './pg/pgClients.js';
 
@@ -59,6 +60,10 @@ async function plugin(fastify, opt) {
   if (!fastify.funcs) {
     fastify.addHook('onRequest', async (req) => {
       req.funcs = fastify;
+      if (!req.user && req.session?.passport?.user) {
+        const { user } = req.session?.passport || {};
+        req.user = user;
+      }
     });
     // fastify.decorateRequest('funcs', fastify);
   }
@@ -70,6 +75,7 @@ async function plugin(fastify, opt) {
   crudPlugin(fastify, opt);
   notificationPlugin(fastify, opt);
   widgetPlugin(fastify, opt);
+  settingsPlugin(fastify, opt);
 }
 export default fp(plugin);
 // export { rclient };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.0.42",
+  "version": "1.0.44",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",

package/policy/funcs/checkPolicy.js

@@ -22,6 +22,14 @@ export default function checkPolicy(req) {
   const isServer = process.argv[2];
   const { policy = [] } = req.routeOptions?.config || {};
 
+  /*= == 0.Check superadmin access  === */
+  if (policy.includes('superadmin') && user?.user_type !== 'superadmin') {
+    log.warn({
+      name: 'api/superadmin', params, query, body: JSON.stringify(req?.body || {}).substring(30), message: 'access restricted: 0',
+    });
+    return { message: 'access restricted: 0', status: 403 };
+  }
+
   /*= == 1.File injection  === */
   if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
     log.warn({

package/server/migrations/0.sql

@@ -0,0 +1,13 @@
+CREATE EXTENSION if not exists "uuid-ossp";
+
+CREATE OR REPLACE FUNCTION next_id()
+  RETURNS text AS
+$BODY$
+DECLARE
+
+BEGIN
+    return replace(uuid_generate_v4()::text, '-', '');
+END;
+$BODY$
+  LANGUAGE plpgsql VOLATILE
+  COST 100;

package/server/migrations/crm.sql

@@ -1,37 +1,8 @@
--- next_id()
-CREATE SEQUENCE crm.cls_clsid_seq
-  INCREMENT 1
-  MINVALUE 1
-  MAXVALUE 9223372036854775807
-  START 128142470
-  CACHE 1;
-CREATE OR REPLACE FUNCTION crm.next_id()
-  RETURNS bigint AS
-$BODY$
-DECLARE
-    our_epoch bigint := 1314220021721;
-    seq_id bigint;
-    now_millis bigint;
-    shard_id int := 1;
-    result bigint;
-BEGIN
-    SELECT nextval('crm.cls_clsid_seq') % 1024 INTO seq_id;
-
-    SELECT FLOOR(EXTRACT(EPOCH FROM clock_timestamp()) * 1000) INTO now_millis;
-    result := (now_millis - our_epoch) << 23;
-    result := result | (shard_id << 10);
-    result := result | (seq_id);
-    return result;
-END;
-$BODY$
-  LANGUAGE plpgsql VOLATILE
-  COST 100;
-
 -- crm.notifications
 -- DROP TABLE IF EXISTS crm.notifications;
 CREATE TABLE IF NOT EXISTS crm.notifications();
 ALTER TABLE crm.notifications DROP CONSTRAINT IF EXISTS crm_notifications_pkey;
-ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_id text NOT NULL DEFAULT crm.next_id();
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_id text NOT NULL DEFAULT next_id();
 
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_user_id text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_type text DEFAULT 'notify'::text;
@@ -51,7 +22,7 @@ ALTER TABLE crm.notifications ADD CONSTRAINT crm_notifications_pkey PRIMARY KEY
 -- DROP TABLE IF EXISTS crm.files;
 CREATE TABLE IF NOT EXISTS crm.files();
 ALTER TABLE crm.files DROP CONSTRAINT IF EXISTS crm_files_pkey;
-ALTER TABLE crm.files ADD COLUMN IF NOT EXISTS file_id text NOT NULL DEFAULT crm.next_id();
+ALTER TABLE crm.files ADD COLUMN IF NOT EXISTS file_id text NOT NULL DEFAULT next_id();
 
 ALTER TABLE crm.files ADD COLUMN IF NOT EXISTS uploaded_name text;
 ALTER TABLE crm.files ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
@@ -77,7 +48,7 @@ ALTER TABLE crm.files ADD CONSTRAINT crm_files_pkey PRIMARY KEY (file_id);
 -- DROP TABLE IF EXISTS crm.communications;
 CREATE TABLE IF NOT EXISTS crm.communications();
 ALTER TABLE crm.communications DROP CONSTRAINT IF EXISTS crm_communications_pkey;
-ALTER TABLE crm.communications ADD COLUMN IF NOT EXISTS communication_id text NOT NULL DEFAULT crm.next_id();
+ALTER TABLE crm.communications ADD COLUMN IF NOT EXISTS communication_id text NOT NULL DEFAULT next_id();
 
 ALTER TABLE crm.communications ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
 ALTER TABLE crm.communications ADD COLUMN IF NOT EXISTS entity_type text; -- table_name
@@ -104,7 +75,7 @@ ALTER TABLE crm.communications ADD CONSTRAINT crm_communications_pkey PRIMARY KE
 -- DROP TABLE IF EXISTS crm.checklists;
 CREATE TABLE IF NOT EXISTS crm.checklists();
 ALTER TABLE crm.checklists DROP CONSTRAINT IF EXISTS crm_checklists_pkey;
-ALTER TABLE crm.checklists ADD COLUMN IF NOT EXISTS checklist_id text NOT NULL DEFAULT crm.next_id();
+ALTER TABLE crm.checklists ADD COLUMN IF NOT EXISTS checklist_id text NOT NULL DEFAULT next_id();
 
 ALTER TABLE crm.checklists ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
 ALTER TABLE crm.checklists ADD COLUMN IF NOT EXISTS entity_type text; -- table_name
@@ -126,7 +97,9 @@ ALTER TABLE crm.checklists ADD CONSTRAINT crm_checklists_pkey PRIMARY KEY (check
 -- crm.cls
 -- DROP TABLE IF EXISTS crm.cls;
 CREATE TABLE IF NOT EXISTS crm.cls();
-ALTER TABLE crm.cls ADD COLUMN IF NOT EXISTS cls_id text NOT NULL DEFAULT crm.next_id();
+ALTER TABLE crm.cls DROP CONSTRAINT IF EXISTS crm_cls_pkey;
+ALTER TABLE crm.cls DROP CONSTRAINT IF EXISTS crm_cls_unique;
+ALTER TABLE crm.cls ADD COLUMN IF NOT EXISTS cls_id text NOT NULL DEFAULT next_id();
 
 ALTER TABLE crm.cls ADD COLUMN IF NOT EXISTS name text;
 ALTER TABLE crm.cls ADD COLUMN IF NOT EXISTS data text;

package/server/migrations/log.sql

@@ -1,6 +1,6 @@
 CREATE TABLE IF NOT EXISTS log.table_changes();
 ALTER TABLE log.table_changes DROP CONSTRAINT IF EXISTS log_table_changes_pkey;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS table_change_id text NOT NULL DEFAULT admin.next_id();
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS table_change_id text NOT NULL DEFAULT next_id();
 
 ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_type text;
 ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
@@ -28,7 +28,7 @@ CREATE TABLE IF NOT EXISTS log.user_auth();
 ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_pkey;
 ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_user_id_fkey;
 
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_auth_id text NOT NULL DEFAULT admin.next_id();
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_auth_id text NOT NULL DEFAULT next_id();
 
 ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_id text;
 ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_auth_date timestamp without time zone;
@@ -39,4 +39,4 @@ ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS cdate timestamp without time
 ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_id text;
 ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
 ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_pkey PRIMARY KEY (user_auth_id);
-ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_user_id_fkey FOREIGN KEY (user_id) REFERENCES admin.users (uid) MATCH SIMPLE;
+-- ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_user_id_fkey FOREIGN KEY (user_id) REFERENCES admin.users (uid) MATCH SIMPLE;

package/server/migrations/setting.sql

@@ -0,0 +1,27 @@
+-- DROP TABLE setting.property;
+CREATE TABLE IF NOT EXISTS setting.property();
+ALTER TABLE setting.property DROP CONSTRAINT IF EXISTS setting_property_pkey;
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS property_id text NOT NULL DEFAULT next_id();
+
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS property_entity text;
+COMMENT ON COLUMN setting.property.property_entity IS 'Сутність';
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS property_key text;
+COMMENT ON COLUMN setting.property.property_key IS 'Ключ';
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS property_text text;
+COMMENT ON COLUMN setting.property.property_text IS 'Текстове значення налаштування';
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS property_int integer;
+COMMENT ON COLUMN setting.property.property_int IS 'Цілочислове значения';
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS property_json json;
+COMMENT ON COLUMN setting.property.property_json IS 'Значення налаштування';
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS level text;
+COMMENT ON COLUMN setting.property.level IS 'Рівень (user/system)';
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS object_id text;
+COMMENT ON COLUMN setting.property.object_id IS 'ID Об''єкту';
+
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS uid text NOT NULL DEFAULT '1'::text;
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT now();
+ALTER TABLE setting.property ADD COLUMN IF NOT EXISTS files json;
+
+ALTER TABLE setting.property ADD CONSTRAINT setting_property_pkey PRIMARY KEY(property_id);

package/settings/controllers/settings.get.js

@@ -0,0 +1,24 @@
+export default async function getSettingsAPI({
+  pg, funcs, params = {},
+}) {
+  const { key } = params;
+
+  if (!pg?.pk?.['setting.property']) {
+    return { message: 'table not found', status: 404 };
+  }
+
+  try {
+    const res = await funcs.getSettings({ pg, key });
+    if (key) {
+      if (!res) {
+        return { message: `settings not found: ${key}`, status: 404 };
+      }
+      return { message: res, status: 200 };
+    }
+    const { rows } = res || { };
+    return { message: { total: rows.length || 0, rows }, status: 200 };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/settings/controllers/settings.post.js

@@ -0,0 +1,14 @@
+export default async function postSettingsAPI({
+  pg, funcs, body = {},
+}) {
+  const { key, val } = body;
+  if (!key || !val) {
+    return { message: 'not enough params', status: 400 };
+  }
+  const res = await funcs.setSettings({
+    pg, funcs, key, val,
+  });
+  if (res?.error) return res;
+
+  return { message: res, status: 200 };
+}

package/settings/funcs/getSettings.js

@@ -0,0 +1,12 @@
+export default async function getSettings({ pg, key }) {
+  const sql = `select property_id as id, property_entity, property_key, property_text,
+  property_int, property_json, level, object_id, uid, cdate, editor_id, editor_date from setting.property
+  where ${key ? 'property_key=$1' : '1=1'}`;
+
+  if (!key) {
+    const { rows } = await pg.query(sql);
+    return { rows };
+  }
+  const data = await pg.one(sql, [key]);
+  return data;
+}

package/settings/funcs/setSettings.js

@@ -0,0 +1,29 @@
+const table = 'setting.property';
+
+function checkValueType(val) {
+  if (val) {
+    if (typeof val === 'object') {
+      return 'property_json';
+    }
+    if (typeof val === 'number' || (!/\D/.test(val.toString()) && val.length <= 10)) {
+      return 'property_int';
+    }
+  }
+  return 'property_text';
+}
+
+export default async function setSettings({
+  pg, funcs, key, val,
+}) {
+  try {
+    const columnType = checkValueType(val);
+    const data = { property_key: key, [columnType]: val };
+
+    await pg.query('delete from setting.property where property_key=$1', [key]);
+    const { rows } = await funcs.dataInsert({ pg, table, data });
+    return { key, val, data: rows };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/settings/index.js

@@ -0,0 +1,22 @@
+import getSettingsAPI from './controllers/settings.get.js';
+import postSettingsAPI from './controllers/settings.post.js';
+import getSettingsFunc from './funcs/getSettings.js';
+import setSettingsFunc from './funcs/setSettings.js';
+
+async function plugin(fastify, config = { }) {
+  const prefix = config.prefix || '/api';
+  fastify.decorate('getSettings', getSettingsFunc);
+  fastify.decorate('setSettings', setSettingsFunc);
+  fastify.get(`${prefix}/settings/:key?`, {}, getSettingsAPI);
+
+  fastify.route({
+    method: 'POST',
+    path: `${prefix}/settings`,
+    config: {
+      policy: ['superadmin'],
+    },
+    handler: postSettingsAPI,
+  });
+}
+
+export default plugin;

package/table/controllers/data.js

@@ -1,60 +1,72 @@
-import getTemplate from './utils/getTemplate.js';
-import getFilterSQL from '../funcs/getFilterSQL/index.js';
-import getMeta from '../../pg/funcs/getMeta.js';
-import metaFormat from '../funcs/metaFormat/index.js';
-
-const maxLimit = 100;
-export default async function data(req) {
-  const time = Date.now();
-  const {
-    pg, params, query = {},
-  } = req;
-
-  const loadTable = await getTemplate('table', params.table);
-
-  if (!loadTable) { return { status: 404, message: 'not found' }; }
-
-  const {
-    table, columns, sql, cardSql, filters, form, meta,
-  } = loadTable;
-  const { pk } = await getMeta(table);
-
-  const cols = columns.map((el) => el.name || el).join(',');
-  const sqlTable = sql?.filter?.((el) => !el?.disabled && el?.sql?.replace).map((el, i) => ` left join lateral (${el.sql}) ${el.name || `t${i}`} on 1=1 `)?.join('') || '';
-  const cardSqlFiltered = params.id ? cardSql?.filter?.((el) => !el?.disabled && el?.name && el?.sql?.replace) : [];
-  const cardSqlTable = cardSqlFiltered.length ? cardSqlFiltered.map((el, i) => ` left join lateral (select json_agg(row_to_json(q)) as ${el.name} from (${el.sql})q) ct${i}  on 1=1 `).join('') || '' : '';
-
-  const fData = query.filter ? await getFilterSQL({
-    filter: query.filter,
-    table: params.table,
-    json: 1,
-  }) : {};
-
-  const keyQuery = query.key && loadTable.key && !params.id ? `${loadTable.key}=$1` : null;
-
-  const limit = Math.min(maxLimit, +(query.limit || 10));
-
-  const offset = query.page && query.page > 0 ? ` offset ${(query.page - 1) * limit}` : '';
-  // id, query, filter
-  const [orderColumn, orderDir] = (query.order || loadTable.order || '').split(/[- ]/);
-
-  const order = cols.includes(orderColumn) && orderColumn?.length ? `order by ${orderColumn} ${query.desc || orderDir === 'desc' ? 'desc' : ''}` : '';
-  const state = loadTable.filterState && query.state ? loadTable.filterState[query.state]?.sql : null;
-  const custom = loadTable.filterCustom && query.custom ? loadTable.filterCustom[query.custom]?.sql : null;
-  const search = loadTable.meta?.search && query.search ? `(${loadTable.meta?.search.split(',').map(el => `${el} ilike '%${query.search}%'`).join(' or ')})` : null;
-
-  const where = [(params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, state, custom, search].filter((el) => el);
-  const cardColumns = cardSqlFiltered.length ? `,${cardSqlFiltered.map((el) => el.name)}` : '';
-  const q = `select  ${pk ? `"${pk}" as id,` : ''} ${query.id || query.key ? '*' : cols || '*'} ${cardColumns} from ${table} t ${sqlTable} ${cardSqlTable} where ${where.join(' and ') || 'true'} ${order} ${offset}  limit ${limit}`;
-
-  if (query.sql === '1') { return q; }
-
-  const { rows } = await pg.query(q, (params.id ? [params.id] : null) || (query.key && loadTable.key ? [query.key] : []));
-
-  const total = keyQuery || params.id ? rows.length : await pg.queryCache(`select count(*) from ${table} t where ${where.join(' and ') || 'true'}`).then((el) => el?.rows[0]?.count);
-
-  await metaFormat({ rows, table: params.table });
-  return {
-    time: Date.now() - time, total, count: rows.length, pk, form, rows, meta, columns, filters,
-  };
-}
+import getTemplate from './utils/getTemplate.js';
+import getFilterSQL from '../funcs/getFilterSQL/index.js';
+import getMeta from '../../pg/funcs/getMeta.js';
+import metaFormat from '../funcs/metaFormat/index.js';
+
+const maxLimit = 100;
+export default async function data(req) {
+  const time = Date.now();
+  const {
+    pg, params, query = {},
+  } = req;
+
+  const loadTable = await getTemplate('table', params.table);
+
+  if (!loadTable) { return { status: 404, message: 'not found' }; }
+
+  const {
+    table, columns, sql, cardSql, filters, form, meta,
+  } = loadTable;
+  const { pk } = await getMeta(table);
+
+  const cols = columns.map((el) => el.name || el).join(',');
+  const sqlTable = sql?.filter?.((el) => !el?.disabled && el?.sql?.replace).map((el, i) => ` left join lateral (${el.sql}) ${el.name || `t${i}`} on 1=1 `)?.join('') || '';
+  const cardSqlFiltered = params.id ? cardSql?.filter?.((el) => !el?.disabled && el?.name && el?.sql?.replace) : [];
+  const cardSqlTable = cardSqlFiltered.length ? cardSqlFiltered.map((el, i) => ` left join lateral (select json_agg(row_to_json(q)) as ${el.name} from (${el.sql})q) ct${i}  on 1=1 `).join('') || '' : '';
+
+  const fData = query.filter ? await getFilterSQL({
+    filter: query.filter,
+    table: params.table,
+    json: 1,
+  }) : {};
+
+  const keyQuery = query.key && loadTable.key && !params.id ? `${loadTable.key}=$1` : null;
+
+  const limit = Math.min(maxLimit, +(query.limit || 10));
+
+  const offset = query.page && query.page > 0 ? ` offset ${(query.page - 1) * limit}` : '';
+  // id, query, filter
+  const [orderColumn, orderDir] = (query.order || loadTable.order || '').split(/[- ]/);
+
+  const order = cols.includes(orderColumn) && orderColumn?.length ? `order by ${orderColumn} ${query.desc || orderDir === 'desc' ? 'desc' : ''}` : '';
+  const state = loadTable.filterState && query.state ? loadTable.filterState[query.state]?.sql : null;
+  const custom = loadTable.filterCustom && query.custom ? loadTable.filterCustom[query.custom]?.sql : null;
+  const search = loadTable.meta?.search && query.search ? `(${loadTable.meta?.search.split(',').map(el => `${el} ilike '%${query.search}%'`).join(' or ')})` : null;
+
+  const where = [(params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, state, custom, search].filter((el) => el);
+  const cardColumns = cardSqlFiltered.length ? `,${cardSqlFiltered.map((el) => el.name)}` : '';
+  const q = `select  ${pk ? `"${pk}" as id,` : ''} ${query.id || query.key ? '*' : cols || '*'} ${cardColumns} from ${table} t ${sqlTable} ${cardSqlTable} where ${where.join(' and ') || 'true'} ${order} ${offset}  limit ${limit}`;
+
+  if (query.sql === '1') { return q; }
+
+  const { rows } = await pg.query(q, (params.id ? [params.id] : null) || (query.key && loadTable.key ? [query.key] : []));
+
+  const formData = form ? (await getTemplate('form', form) || {}) : {};
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && formData[key]?.colModel);
+  if (extraKeys?.length) {
+    await Promise.all(rows?.map(async (row) => {
+      await Promise.all(extraKeys?.map(async (key) => {
+        const { colModel, table: extraTable, parent_id: parentId } = formData[key];
+        const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [row.id]);
+        Object.assign(row, { [key]: extraRows });
+      }));
+    }));
+  }
+
+  const total = keyQuery || params.id ? rows.length : await pg.queryCache(`select count(*) from ${table} t where ${where.join(' and ') || 'true'}`).then((el) => el?.rows[0]?.count);
+
+  await metaFormat({ rows, table: params.table });
+  return {
+    time: Date.now() - time, total, count: rows.length, pk, form, rows, meta, columns, filters,
+  };
+}