@opengis/fastify-table 1.0.7 → 1.0.9

package/index.js

@@ -1,22 +1,32 @@
-// import pg from 'pg';
-import fp from 'fastify-plugin';
-import config from './config.js';
-// import rclient from './redis/client.js';
-
-import redisPlugin from './redis/index.js';
-import pgPlugin from './pg/index.js';
-import tablePlugin from './table/index.js';
-import crudPlugin from './crud/index.js';
-
-async function plugin(fastify, opt) {
-  // console.log(opt);
-  config.pg = opt.pg;
-  config.redis = opt.redis;
-
-  redisPlugin(fastify);
-  await pgPlugin(fastify, opt);
-  tablePlugin(fastify, opt);
-  crudPlugin(fastify, opt);
-}
-export default fp(plugin);
-// export { rclient };
+// import pg from 'pg';
+import fp from 'fastify-plugin';
+import config from './config.js';
+// import rclient from './redis/client.js';
+
+import redisPlugin from './redis/index.js';
+import pgPlugin from './pg/index.js';
+import tablePlugin from './table/index.js';
+import crudPlugin from './crud/index.js';
+import policyPlugin from './policy/index.js';
+
+async function plugin(fastify, opt) {
+  // console.log(opt);
+  config.pg = opt.pg;
+  config.redis = opt.redis;
+
+  // independent npm start / unit test
+  if (!fastify.config) {
+    fastify.decorate('config', config);
+  }
+  if (!fastify.funcs) {
+    fastify.decorateRequest('funcs', fastify);
+  }
+
+  policyPlugin(fastify);
+  redisPlugin(fastify);
+  await pgPlugin(fastify, opt);
+  tablePlugin(fastify, opt);
+  crudPlugin(fastify, opt);
+}
+export default fp(plugin);
+// export { rclient };

package/package.json

@@ -1,23 +1,23 @@
-{
-  "name": "@opengis/fastify-table",
-  "version": "1.0.7",
-  "type": "module",
-  "description": "core-plugins",
-  "main": "index.js",
-  "scripts": {
-    "lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs,.ts,.tsx,.cts,.mts --fix --ignore-path .gitignore",
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "dependencies": {
-    "ioredis": "^5.3.2",
-    "fastify": "^4.26.1",
-    "fastify-plugin": "^4.0.0",
-    "pg": "^8.11.3"
-  },
-  "devDependencies": {
-    "eslint": "^8.49.0",
-    "eslint-config-airbnb": "^19.0.4"
-  },
-  "author": "Softpro",
-  "license": "ISC"
+{
+  "name": "@opengis/fastify-table",
+  "version": "1.0.9",
+  "type": "module",
+  "description": "core-plugins",
+  "main": "index.js",
+  "scripts": {
+    "lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs,.ts,.tsx,.cts,.mts --fix --ignore-path .gitignore",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "dependencies": {
+    "ioredis": "^5.3.2",
+    "fastify": "^4.26.1",
+    "fastify-plugin": "^4.0.0",
+    "pg": "^8.11.3"
+  },
+  "devDependencies": {
+    "eslint": "^8.49.0",
+    "eslint-config-airbnb": "^19.0.4"
+  },
+  "author": "Softpro",
+  "license": "ISC"
 }

package/pg/funcs/autoIndex.js

@@ -1,89 +1,89 @@
-// const rclient = require('../../redis/client')
-import pgClient from '../pgClients.js';
-
-// subfunc
-const getTable = ({ table }) => table.toLowerCase().replace(/[\n\r]+/g, ' ').split(' from ')
-  .filter((el) => /^[a-z0-9_]+\.[a-z0-9_]+/.test(el))
-  .map((el) => el.split(/[ )]/)[0]);
-
-const loadedIndex = {};
-
-// main func
-async function autoIndex({ table, columns: filter, pg = pgClient.client }) {
-  if (!filter?.length || !table) return null;
-
-  const attrs = filter.map((el) => (el.name || el).replace(/'/g, '')).sort();
-  const types = filter.map((el) => (el.name ? el : { name: el }))
-    .reduce((p, el) => ({ ...p, [el.name]: el.type || '-' }), {});
-
-  const redisKey = `autoindex1:${table}:${attrs.join(';')}`;
-  const tableList = getTable({ table });
-  const existsCache = loadedIndex[redisKey];
-  if (existsCache) { return 'ok'; }
-
-  const tbs = tableList[0];
-  const [ns, tbl] = tableList[0].split('.');
-  const { rows: index } = await pg.query(`select * from pg_indexes where tablename = '${tbl}' and schemaname = '${ns}'`);
-
-  if (existsCache && index?.length > 0) { return null; }
-  // console.log('autoindex', table, filter?.map((el) => el.name || el));
-  const { rows: cols } = await pg.query(`SELECT attrelid::regclass AS tbl, attname AS aname, atttypid::regtype  AS datatype, atttypid  
-    FROM   pg_attribute WHERE  attrelid = '${tbs}'::regclass and attname = any('{ ${attrs} }')`);
-
-  const qIndex = [];
-  const indexAr = {};
-
-  // console.log(cols);
-  for (let i = 0; i < cols.length; i += 1) {
-    const el = cols[i];
-    el.relname = tbl;
-    el.nspname = ns;
-
-    const indexUsing = (el.datatype === 'geometry' ? 'gist' : null)
-      || (types[el.aname] === 'Text' || el.datatype?.includes('[]') ? 'gin' : null)
-      || 'btree';
-
-    const name = `${el.nspname}_${el.relname}_${el.aname}_${indexUsing}_idx`;
-    const exists = index.filter((ind) => ind.tablename === el.relname && ind.schemaname === el.nspname && ind.indexdef.includes(types[el.aname] === 'Text'
-      ? `gin (${el.aname} gin_trgm_ops)` : `btree (${el.aname})`));
-
-    indexAr[el.aname] = {
-      name, type: el.datatype, exists, // exists1,
-    };
-
-    // drop
-    if (exists?.length > 1) {
-      exists.filter((ind, i1) => i1).forEach((ind) => qIndex.push(`DROP INDEX if exists ${ind.schemaname}.${ind.indexname} `));
-    }
-
-    // add
-    if (exists?.length === 0) {
-      // console.log(`${name} - ${el.datatype}`);
-
-      const suffix = types[el.aname] === 'Text' ? 'gin_trgm_ops' : '';
-      if (['text'].includes(el?.datatype)) {
-        qIndex.push(`CREATE INDEX if not exists ${name} ON ${el.nspname}.${el.relname} USING ${indexUsing} (${el.aname} ${suffix})`);
-      }
-      if (indexUsing === 'gist') {
-        qIndex.push(`CREATE INDEX if not exists ${name.replace('gist', 'gist1')}  
-          ON ${el.nspname}.${el.relname} USING gist (${el.aname})`);
-
-        qIndex.push(`CREATE INDEX if not exists ${name.replace('gist', 'area')}  
-          ON ${el.nspname}.${el.relname} USING btree (st_area(st_transform(${el.aname},3857)))`);
-        qIndex.push(`CREATE INDEX if not exists ${name.replace('gist', '4326')}  
-          ON ${el.nspname}.${el.relname} USING gist (st_transform(${el.aname},4326))`);
-      }
-    }
-  }
-
-  loadedIndex[redisKey] = 1;
-  // throw qIndex;
-  if (!qIndex.length) return null;
-
-  // console.log(qIndex.filter((v, i, a) => a.indexOf(v) === i));
-  // logger.file('index', { table, filter, sql: qIndex.filter((v, i, a) => a.indexOf(v) === i) });
-  qIndex.filter((v, i, a) => a.indexOf(v) === i).map((el) => pg.one(el).catch((err) => console.log(err.toString())));
-  return 'ok';
-}
-
-export default autoIndex;
+// const rclient = require('../../redis/client')
+import pgClient from '../pgClients.js';
+
+// subfunc
+const getTable = ({ table }) => table.toLowerCase().replace(/[\n\r]+/g, ' ').split(' from ')
+  .filter((el) => /^[a-z0-9_]+\.[a-z0-9_]+/.test(el))
+  .map((el) => el.split(/[ )]/)[0]);
+
+const loadedIndex = {};
+
+// main func
+async function autoIndex({ table, columns: filter, pg = pgClient.client }) {
+  if (!filter?.length || !table) return null;
+
+  const attrs = filter.map((el) => (el.name || el).replace(/'/g, '')).sort();
+  const types = filter.map((el) => (el.name ? el : { name: el }))
+    .reduce((p, el) => ({ ...p, [el.name]: el.type || '-' }), {});
+
+  const redisKey = `autoindex1:${table}:${attrs.join(';')}`;
+  const tableList = getTable({ table });
+  const existsCache = loadedIndex[redisKey];
+  if (existsCache) { return 'ok'; }
+
+  const tbs = tableList[0];
+  const [ns, tbl] = tableList[0].split('.');
+  const { rows: index } = await pg.query(`select * from pg_indexes where tablename = '${tbl}' and schemaname = '${ns}'`);
+
+  if (existsCache && index?.length > 0) { return null; }
+  // console.log('autoindex', table, filter?.map((el) => el.name || el));
+  const { rows: cols } = await pg.query(`SELECT attrelid::regclass AS tbl, attname AS aname, atttypid::regtype  AS datatype, atttypid  
+    FROM   pg_attribute WHERE  attrelid = '${tbs}'::regclass and attname = any('{ ${attrs} }')`);
+
+  const qIndex = [];
+  const indexAr = {};
+
+  // console.log(cols);
+  for (let i = 0; i < cols.length; i += 1) {
+    const el = cols[i];
+    el.relname = tbl;
+    el.nspname = ns;
+
+    const indexUsing = (el.datatype === 'geometry' ? 'gist' : null)
+      || (types[el.aname] === 'Text' || el.datatype?.includes('[]') ? 'gin' : null)
+      || 'btree';
+
+    const name = `${el.nspname}_${el.relname}_${el.aname}_${indexUsing}_idx`;
+    const exists = index.filter((ind) => ind.tablename === el.relname && ind.schemaname === el.nspname && ind.indexdef.includes(types[el.aname] === 'Text'
+      ? `gin (${el.aname} gin_trgm_ops)` : `btree (${el.aname})`));
+
+    indexAr[el.aname] = {
+      name, type: el.datatype, exists, // exists1,
+    };
+
+    // drop
+    if (exists?.length > 1) {
+      exists.filter((ind, i1) => i1).forEach((ind) => qIndex.push(`DROP INDEX if exists ${ind.schemaname}.${ind.indexname} `));
+    }
+
+    // add
+    if (exists?.length === 0) {
+      // console.log(`${name} - ${el.datatype}`);
+
+      const suffix = types[el.aname] === 'Text' ? 'gin_trgm_ops' : '';
+      if (['text'].includes(el?.datatype)) {
+        qIndex.push(`CREATE INDEX if not exists ${name} ON ${el.nspname}.${el.relname} USING ${indexUsing} (${el.aname} ${suffix})`);
+      }
+      if (indexUsing === 'gist') {
+        qIndex.push(`CREATE INDEX if not exists ${name.replace('gist', 'gist1')}  
+          ON ${el.nspname}.${el.relname} USING gist (${el.aname})`);
+
+        qIndex.push(`CREATE INDEX if not exists ${name.replace('gist', 'area')}  
+          ON ${el.nspname}.${el.relname} USING btree (st_area(st_transform(${el.aname},3857)))`);
+        qIndex.push(`CREATE INDEX if not exists ${name.replace('gist', '4326')}  
+          ON ${el.nspname}.${el.relname} USING gist (st_transform(${el.aname},4326))`);
+      }
+    }
+  }
+
+  loadedIndex[redisKey] = 1;
+  // throw qIndex;
+  if (!qIndex.length) return null;
+
+  // console.log(qIndex.filter((v, i, a) => a.indexOf(v) === i));
+  // logger.file('index', { table, filter, sql: qIndex.filter((v, i, a) => a.indexOf(v) === i) });
+  qIndex.filter((v, i, a) => a.indexOf(v) === i).map((el) => pg.one(el).catch((err) => console.log(err.toString())));
+  return 'ok';
+}
+
+export default autoIndex;

package/pg/funcs/getMeta.js

@@ -1,27 +1,27 @@
-// import pgClient from '../pgClients.js';
-import getPG from './getPG.js';
-
-const data = {};
-
-// decorator
-export default async function getMeta(opt) {
-  const pg = opt.pg || getPG({ name: 'client' });
-  const table = opt.table || opt;
-
-  if (data[table]) return data[table];
-
-  if (!pg.tlist.includes(table)) {
-    return { error: `${table} - not found`, status: 400 };
-  }
-
-  const { fields } = await pg.query(`select * from ${table} where $1=$1 limit 0`, [1]);
-  const { pks1 } = await pg.one(`SELECT json_object_agg(c.conrelid::regclass, a.attname) as pks1 FROM pg_constraint c 
-    left join pg_attribute a on c.conrelid=a.attrelid and a.attnum = c.conkey[1] WHERE c.contype='p'::"char"`, { cache: 0 });
-  const pk = pks1[table];
-
-  const geomAttr = fields.find((el) => pg.pgType[el.dataTypeID] === 'geometry')?.name; // change geometry text to geometry code
-
-  const res = { pk, columns: fields, geom: geomAttr };
-  data[table] = res;
-  return res;
-}
+// import pgClient from '../pgClients.js';
+import getPG from './getPG.js';
+
+const data = {};
+
+// decorator
+export default async function getMeta(opt) {
+  const pg = opt.pg || getPG({ name: 'client' });
+  const table = opt.table || opt;
+
+  if (data[table]) return data[table];
+
+  if (!pg.tlist.includes(table)) {
+    return { error: `${table} - not found`, status: 400 };
+  }
+
+  const { fields } = await pg.query(`select * from ${table} where $1=$1 limit 0`, [1]);
+  const { pks1 } = await pg.one(`SELECT json_object_agg(c.conrelid::regclass, a.attname) as pks1 FROM pg_constraint c 
+    left join pg_attribute a on c.conrelid=a.attrelid and a.attnum = c.conkey[1] WHERE c.contype='p'::"char"`, { cache: 0 });
+  const pk = pks1[table];
+
+  const geomAttr = fields.find((el) => pg.pgType[el.dataTypeID] === 'geometry')?.name; // change geometry text to geometry code
+
+  const res = { pk, columns: fields, geom: geomAttr };
+  data[table] = res;
+  return res;
+}

package/pg/funcs/init.js

@@ -1,42 +1,42 @@
-import crypto from 'crypto';
-
-// import pg from 'pg';
-import getRedis from '../../redis/funcs/getRedis.js';
-// import config from '../config.js';
-
-async function init(client) {
-  const textQuery = `select 
-  (select json_object_agg(conrelid::regclass  ,(SELECT attname FROM pg_attribute WHERE attrelid = c.conrelid and attnum = c.conkey[1]))
-  from   pg_constraint c where contype='p' and connamespace::regnamespace::text not in ('sde')) as pk,
-  (SELECT json_object_agg(t.oid::text,pg_catalog.format_type(t.oid, NULL)) FROM pg_catalog.pg_type t) as "pgType"`;
-  const { pgType, pk } = await client.query(textQuery).then((d) => d.rows[0]);
-
-  const tlist = await client.query(`select array_agg((select nspname from pg_namespace where oid=relnamespace)||'.'||relname) tlist 
-    from pg_class where relkind in ('r','v')`).then((d) => d.rows[0].tlist);
-
-  async function one(query, param = {}) {
-    const data = await client.query(query, Array.isArray(param) ? param : param.args || []);
-    const result = ((Array.isArray(data) ? data.pop() : data)?.rows || [])[0] || {};
-    return result;
-  }
-
-  async function queryCache(query) {
-    const rclient = getRedis({ db: 0 })
-    const hash = crypto.createHash('sha1').update(query).digest('base64');
-    const keyCache = `pg:${hash}`;
-    const cache = await rclient.get(keyCache);
-    if (cache) {
-      return JSON.parse(cache);
-    }
-    const data = await client.query(query);
-    rclient.set(keyCache, JSON.stringify(data), 'EX', 60 * 60);
-    return data;
-  }
-
-  Object.assign(client, {
-    one, pgType, pk, tlist, queryCache,
-  });
-}
-
-// export default client;
-export default init;
+import crypto from 'crypto';
+
+// import pg from 'pg';
+import getRedis from '../../redis/funcs/getRedis.js';
+// import config from '../config.js';
+
+async function init(client) {
+  const textQuery = `select 
+  (select json_object_agg(conrelid::regclass  ,(SELECT attname FROM pg_attribute WHERE attrelid = c.conrelid and attnum = c.conkey[1]))
+  from   pg_constraint c where contype='p' and connamespace::regnamespace::text not in ('sde')) as pk,
+  (SELECT json_object_agg(t.oid::text,pg_catalog.format_type(t.oid, NULL)) FROM pg_catalog.pg_type t) as "pgType"`;
+  const { pgType, pk } = await client.query(textQuery).then((d) => d.rows[0]);
+
+  const tlist = await client.query(`select array_agg((select nspname from pg_namespace where oid=relnamespace)||'.'||relname) tlist 
+    from pg_class where relkind in ('r','v')`).then((d) => d.rows[0].tlist);
+
+  async function one(query, param = {}) {
+    const data = await client.query(query, Array.isArray(param) ? param : param.args || []);
+    const result = ((Array.isArray(data) ? data.pop() : data)?.rows || [])[0] || {};
+    return result;
+  }
+
+  async function queryCache(query) {
+    const rclient = getRedis({ db: 0 })
+    const hash = crypto.createHash('sha1').update(query).digest('base64');
+    const keyCache = `pg:${hash}`;
+    const cache = await rclient.get(keyCache);
+    if (cache) {
+      return JSON.parse(cache);
+    }
+    const data = await client.query(query);
+    rclient.set(keyCache, JSON.stringify(data), 'EX', 60 * 60);
+    return data;
+  }
+
+  Object.assign(client, {
+    one, pgType, pk, tlist, queryCache,
+  });
+}
+
+// export default client;
+export default init;

package/pg/funcs/pgClients.js

@@ -1,2 +1,2 @@
-const pgClients = {};
-export default pgClients;
+const pgClients = {};
+export default pgClients;

package/pg/index.js

@@ -1,35 +1,35 @@
-// import fp from 'fastify-plugin';
-//import pg from 'pg';
-import pgClients from './funcs/pgClients.js';
-import init from './funcs/init.js';
-import autoIndex from './funcs/autoIndex.js';
-import getMeta from './funcs/getMeta.js';
-import getPG from './funcs/getPG.js';
-
-function close() {
-  // console.log('pg close');
-  Object.keys(pgClients).forEach((el) => {
-    // console.log(el);
-    pgClients[el].end();
-  });
-
-  // return pgClients.client.end();
-}
-
-async function plugin(fastify, config) {
-  const client = getPG({ ...config.pg || {}, name: 'client' })
-  await init(client);
-  fastify.addHook('onRequest', async (req) => {
-    // req.funcs = fastify;
-    req.pg = client;
-  });
-  //pgClients.client = client;
-
-  // fastify.decorate('pg', client);
-  fastify.decorate('autoIndex', autoIndex);
-  fastify.decorate('getMeta', getMeta);
-  fastify.decorate('getPG', getPG);
-  fastify.addHook('onClose', close);
-}
-
-export default plugin;
+// import fp from 'fastify-plugin';
+//import pg from 'pg';
+import pgClients from './funcs/pgClients.js';
+import init from './funcs/init.js';
+import autoIndex from './funcs/autoIndex.js';
+import getMeta from './funcs/getMeta.js';
+import getPG from './funcs/getPG.js';
+
+function close() {
+  // console.log('pg close');
+  Object.keys(pgClients).forEach((el) => {
+    // console.log(el);
+    pgClients[el].end();
+  });
+
+  // return pgClients.client.end();
+}
+
+async function plugin(fastify, config) {
+  const client = getPG({ ...config.pg || {}, name: 'client' })
+  await init(client);
+  fastify.addHook('onRequest', async (req) => {
+    // req.funcs = fastify;
+    req.pg = client;
+  });
+  //pgClients.client = client;
+
+  // fastify.decorate('pg', client);
+  fastify.decorate('autoIndex', autoIndex);
+  fastify.decorate('getMeta', getMeta);
+  fastify.decorate('getPG', getPG);
+  fastify.addHook('onClose', close);
+}
+
+export default plugin;

package/pg/pgClients.js

@@ -1,17 +1,17 @@
-import pg from 'pg';
-import config from '../config.js';
-import init from './funcs/init.js';
-
-const pgClients = {};
-if (config.pg) {
-  const client = new pg.Pool({
-    host: config.pg?.host || '127.0.0.1',
-    port: config.pg?.port || 5432,
-    database: config.pg?.database || 'postgres',
-    user: config.pg?.user || 'postgres',
-    password: config.pg?.password || 'postgres',
-  });
-  await init(client);
-  pgClients.client = client;
-}
-export default pgClients;
+import pg from 'pg';
+import config from '../config.js';
+import init from './funcs/init.js';
+
+const pgClients = {};
+if (config.pg) {
+  const client = new pg.Pool({
+    host: config.pg?.host || '127.0.0.1',
+    port: config.pg?.port || 5432,
+    database: config.pg?.database || 'postgres',
+    user: config.pg?.user || 'postgres',
+    password: config.pg?.password || 'postgres',
+  });
+  await init(client);
+  pgClients.client = client;
+}
+export default pgClients;

package/policy/funcs/checkPolicy.js

@@ -0,0 +1,74 @@
+import block from './sqlInjection.js';
+
+/**
+ * Middleware func
+ *
+ * @type function
+ * @alias checkPolicy
+ * @summary Функція дозволяє налаштувати доступ до сайту або API для адмін. та публічної частини веб-ресурсу
+ * @param {String} path - назва апі
+ * @returns {object|null} Returns object
+ */
+
+export default function checkPolicy(req) {
+  const {
+    originalUrl: path, hostname, query, params, headers: hs, log, sid = 35, funcs = {},
+  } = req;
+  const user = req.user || req.session?.passport?.user;
+
+  const { config } = funcs;
+  const isUser = config.debug || !!user;
+
+  const isServer = process.argv[2];
+  const { policy = [] } = req.routeOptions?.config || {};
+
+  /*= == 1.File injection  === */
+  if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
+    log.warn({
+      name: 'injection/file', params, query, message: 'access restricted: 1',
+    });
+    return { message: 'access restricted: 1', status: 403 };
+  }
+
+  /*= == 1.1 File  === */
+  const allowExtPublic = ['.png', '.jpg', '.svg'];
+  const ext = path.toLowerCase().substr(-4);
+  if (path.includes('files/') && allowExtPublic.includes(ext)) return null;
+
+  /*= == 2.SQL Injection policy: no-sql === */
+  if (!policy.includes('no-sql')) {
+    const stopWords = block.filter((el) => path.includes(el));
+    if (stopWords?.length) {
+      log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
+      return { message: 'access restricted: 2', status: 403 };
+    }
+  }
+  /* Check is Not API */
+  const isApi = ['/files/', '/api/format/', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
+  if (!isApi) return null;
+
+  /*= == 3. policy: referer === */
+  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
+    log.warn({ name: 'referer', message: 'access restricted: 3' });
+    return { message: 'access restricted: 3', status: 403 };
+  }
+
+  /*= == policy: public === */
+  if (policy.includes('public')) {
+    return null;
+  }
+
+  /*= == 4. policy: site auth === */
+  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
+    log.warn({ name: 'site', message: 'access restricted: 4' });
+    return { message: 'access restricted: 4', status: 403 };
+  }
+
+  /*= == 5. base policy: block api  === */
+  if (sid === 35 && !isUser && isServer && !config.local && !config.debug) {
+    log.warn({ name: 'api', message: 'access restricted: 5' });
+    return { message: 'access restricted: 5', status: 403 };
+  }
+
+  return null;
+}

package/policy/funcs/sqlInjection.js

@@ -0,0 +1,33 @@
+const sqlInjection = [
+  '()',
+  '^',
+  '*',
+  'like ',
+  '@variable',
+  '@@variable',
+  'group by ',
+  'union ',
+  'select ',
+  'having ',
+  'as injectx',
+  'where ',
+  'rlike ',
+  'if(',
+  'sleep(',
+  'waitfor delay',
+  'benchmark(',
+  'pg_sleep(',
+  "'\\\"",
+  'randomblob(',
+  'order by ',
+  'union all ',
+  '+or',
+  'or ',
+  'and ',
+  "'' ",
+  '"""  ',
+  '<script',
+  'javascript:',
+]
+
+export default sqlInjection;

package/policy/index.js

@@ -0,0 +1,14 @@
+// import fp from 'fastify-plugin';
+
+import checkPolicy from './funcs/checkPolicy.js';
+
+async function plugin(fastify) {
+  fastify.addHook('onRequest', async (request, reply) => {
+    const hookData = checkPolicy(request);
+    if (hookData?.status && hookData?.message) {
+      return reply.status(hookData?.status).send(hookData.message);
+    }
+  });
+}
+
+export default plugin;