@opengis/fastify-table 1.0.73 → 1.0.75

package/crud/controllers/utils/xssInjection.js

@@ -1,72 +1,72 @@
-const xssInjection = [
-  'onkeypress=',
-  'onkeyup=',
-  'ondblclick=',
-  'onerror=',
-  'onmouseover=',
-  '<meta',
-  '<script',
-  'vascript:',
-  'onkeydown=',
-  'onmousedown=',
-  'onmouseenter=',
-  'onmouseleave=',
-  'onmousemove=',
-  'onmouseout=',
-  'onmouseup=',
-  'onmousewheel=',
-  'onpaste=',
-  'onscroll=',
-  'onwheel=',
-  'javascript:',
-  '\\x',
-  'eval(',
-  'onmouseover=',
-  'action=',
-  'xlink:',
-  'allowscriptaccess',
-  'href=',
-  'behavior:',
-  'onreadystatechange=',
-  'onstart=',
-  'offline=',
-  'onabort=',
-  'onafterprint=',
-  'onbeforeonload=',
-  'onbeforeprint=',
-  'onblur=',
-  'oncanplay=',
-  'oncanplaythrough=',
-  'onchange=',
-  'onclick=',
-  'oncontextmenu=',
-  'ondblclick=',
-  'ondrag=',
-  'ondragend=',
-  'ondragenter=',
-  'ondragleave=',
-  'ondragover=',
-  'ondragstart=',
-  'ondrop=',
-  'ondurationchange=',
-  'onemptied=',
-  'onended=',
-  'onerror=',
-  'onfocus=',
-  'onformchange=',
-  'onforminput=',
-  'onhaschange=',
-  'oninput=',
-  'oninvalid=',
-  'onkeydown=',
-  'onkeypress=',
-  'onkeyup=',
-  'onload=',
-  'onloadeddata=',
-  'onloadedmetadata=',
-  'onloadstart=',
-  'alert(',
-  'script:',
-];
-
-export default xssInjection;
+const xssInjection = [
+  'onkeypress=',
+  'onkeyup=',
+  'ondblclick=',
+  'onerror=',
+  'onmouseover=',
+  '<meta',
+  '<script',
+  'vascript:',
+  'onkeydown=',
+  'onmousedown=',
+  'onmouseenter=',
+  'onmouseleave=',
+  'onmousemove=',
+  'onmouseout=',
+  'onmouseup=',
+  'onmousewheel=',
+  'onpaste=',
+  'onscroll=',
+  'onwheel=',
+  'javascript:',
+  '\\x',
+  'eval(',
+  'onmouseover=',
+  'action=',
+  'xlink:',
+  'allowscriptaccess',
+  'href=',
+  'behavior:',
+  'onreadystatechange=',
+  'onstart=',
+  'offline=',
+  'onabort=',
+  'onafterprint=',
+  'onbeforeonload=',
+  'onbeforeprint=',
+  'onblur=',
+  'oncanplay=',
+  'oncanplaythrough=',
+  'onchange=',
+  'onclick=',
+  'oncontextmenu=',
+  'ondblclick=',
+  'ondrag=',
+  'ondragend=',
+  'ondragenter=',
+  'ondragleave=',
+  'ondragover=',
+  'ondragstart=',
+  'ondrop=',
+  'ondurationchange=',
+  'onemptied=',
+  'onended=',
+  'onerror=',
+  'onfocus=',
+  'onformchange=',
+  'onforminput=',
+  'onhaschange=',
+  'oninput=',
+  'oninvalid=',
+  'onkeydown=',
+  'onkeypress=',
+  'onkeyup=',
+  'onload=',
+  'onloadeddata=',
+  'onloadedmetadata=',
+  'onloadstart=',
+  'alert(',
+  'script:',
+];
+
+export default xssInjection;

package/crud/funcs/dataDelete.js

@@ -1,15 +1,15 @@
-import getPG from '../../pg/funcs/getPG.js';
-
-import getMeta from '../../pg/funcs/getMeta.js';
-
-export default async function dataDelete({
-  table, id, pg: pg1,
-}) {
-  const pg = pg1 || getPG({ name: 'client' });
-  const { pk } = await getMeta(table);
-  if (!pg.tlist?.includes(table)) return 'table not exist';
-  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
-  //  console.log(updateDataset);
-  const res = await pg.one(delQuery, [id]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+
+import getMeta from '../../pg/funcs/getMeta.js';
+
+export default async function dataDelete({
+  table, id, pg: pg1,
+}) {
+  const pg = pg1 || getPG({ name: 'client' });
+  const { pk } = await getMeta(table);
+  if (!pg.tlist?.includes(table)) return 'table not exist';
+  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
+  //  console.log(updateDataset);
+  const res = await pg.one(delQuery, [id]) || {};
+  return res;
+}

package/crud/funcs/dataInsert.js

@@ -1,24 +1,24 @@
-import getPG from '../../pg/funcs/getPG.js';
-import getMeta from '../../pg/funcs/getMeta.js';
-
-export default async function dataInsert({ table, data, pg: pg1 }) {
-  const pg = pg1 || getPG({ name: 'client' });
-  if (!data) return null;
-  const { columns } = await getMeta(table);
-  if (!columns) return null;
-
-  const names = columns.map((el) => el.name);
-  const filterData = Object.keys(data)
-    .filter((el) => data[el] && names.includes(el)).map((el) => [el, data[el]]);
-
-  const insertQuery = `insert into ${table}
-
-    ( ${filterData?.map((key) => `"${key[0]}"`).join(',')}) 
-
-    values  (${filterData?.map((key, i) => (key[0] === 'geom' ? `st_setsrid(st_geomfromgeojson($${i + 1}::json),4326)` : `$${i + 1}`)).join(',')}) 
-    
-    returning *`;
-
-  const res = await pg.query(insertQuery, [...filterData.map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]))]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+import getMeta from '../../pg/funcs/getMeta.js';
+
+export default async function dataInsert({ table, data, pg: pg1 }) {
+  const pg = pg1 || getPG({ name: 'client' });
+  if (!data) return null;
+  const { columns } = await getMeta(table);
+  if (!columns) return null;
+
+  const names = columns.map((el) => el.name);
+  const filterData = Object.keys(data)
+    .filter((el) => data[el] && names.includes(el)).map((el) => [el, data[el]]);
+
+  const insertQuery = `insert into ${table}
+
+    ( ${filterData?.map((key) => `"${key[0]}"`).join(',')}) 
+
+    values  (${filterData?.map((key, i) => (key[0] === 'geom' ? `st_setsrid(st_geomfromgeojson($${i + 1}::json),4326)` : `$${i + 1}`)).join(',')}) 
+    
+    returning *`;
+
+  const res = await pg.query(insertQuery, [...filterData.map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]))]) || {};
+  return res;
+}

package/crud/funcs/dataUpdate.js

@@ -1,24 +1,24 @@
-import getPG from '../../pg/funcs/getPG.js';
-
-import getMeta from '../../pg/funcs/getMeta.js';
-
-export default async function dataUpdate({
-  table, id, data, pg: pg1,
-}) {
-  if (!data || !table || !id) return null;
-
-  const pg = pg1 || getPG({ name: 'client' });
-  const { columns, pk } = await getMeta(table);
-
-  const names = columns?.map((el) => el.name);
-  const filterData = Object.keys(data)
-    .filter((el) => (typeof data[el] === 'boolean' ? true : data[el] && names?.includes(el)));
-
-  const filterValue = filterData.map((el) => [el, data[el]]).map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]));
-
-  const updateQuery = `UPDATE ${table} SET ${filterData?.map((key, i) => (key === 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),4326)` : `"${key}"=$${i + 2}`)).join(',')} 
-      WHERE ${pk} = $1 returning *`;
-  //  console.log(updateDataset);
-  const res = await pg.query(updateQuery, [id, ...filterValue]).then(el => el?.rows?.[0]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+
+import getMeta from '../../pg/funcs/getMeta.js';
+
+export default async function dataUpdate({
+  table, id, data, pg: pg1,
+}) {
+  if (!data || !table || !id) return null;
+
+  const pg = pg1 || getPG({ name: 'client' });
+  const { columns, pk } = await getMeta(table);
+
+  const names = columns?.map((el) => el.name);
+  const filterData = Object.keys(data)
+    .filter((el) => (typeof data[el] === 'boolean' ? true : data[el] && names?.includes(el)));
+
+  const filterValue = filterData.map((el) => [el, data[el]]).map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]));
+
+  const updateQuery = `UPDATE ${table} SET ${filterData?.map((key, i) => (key === 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),4326)` : `"${key}"=$${i + 2}`)).join(',')} 
+      WHERE ${pk} = $1 returning *`;
+  //  console.log(updateDataset);
+  const res = await pg.query(updateQuery, [id, ...filterValue]).then(el => el?.rows?.[0]) || {};
+  return res;
+}

package/crud/funcs/getAccess.js

@@ -0,0 +1,53 @@
+import getMeta from '../../pg/funcs/getMeta.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+import config from '../../config.js';
+
+const q = `select a.route_id as id, b.actions, b.scope 
+from admin.routes a 
+left join admin.access b on 
+  a.route_id=b.route_id
+left join admin.roles c on 
+  b.role_id=c.role_id 
+  and c.enabled
+left join admin.user_roles d on 
+  c.role_id=d.role_id 
+  and ( case when 
+            d.expiration is not null 
+            then d.expiration > CURRENT_DATE 
+            else 1=1 
+        end )
+where a.route_id=$1 and $2 in (b.user_uid, d.user_uid)`;
+
+export default async function getAccess(req, template, id = null) {
+  if (config.disableAccessRestriction || true) {
+    return { actions: ['get', 'edit', 'del'], my: true, query: '1=1' };
+  }
+  const { pg, session = {} } = req;
+  const { uid, user_type: userType } = session.passport?.user || {};
+  if (!uid || !template) return null;
+
+  if (!pg.pk?.['admin.access']) return null;
+
+  const { table } = await getTemplate('table', template) || {};
+  if (!table) return null;
+
+  const { scope = 'my', actions = [] } = await pg.one(q, [template, uid]);
+  // console.log(scope, actions);
+
+  const { columns = [] } = await getMeta(table);
+  const columnList = columns.map((el) => el.name || el).join(',');
+
+  const query = userType?.includes('admin') ? '1=1' : {
+    my: `uid='${uid}'`,
+    responsible: columnList.includes('responsible_id')
+      ? `responsible_id='${uid}'`
+      : `uid='${uid}'`,
+    all: '1=1',
+  }[scope];
+
+  const { my } = pg.pk?.[table] && id ? await pg.one(`select uid=$1 as my from ${table} where ${pg.pk?.[table]}=$2`, [uid, id]) : {};
+
+  return {
+    scope, actions, query, my,
+  };
+}

package/crud/funcs/getOpt.js

@@ -1,10 +1,10 @@
-import getRedis from '../../redis/funcs/getRedis.js';
-
-export default async function getOpt(token, funcs) {
-  const rclient = getRedis({ db: 0, funcs });
-
-  const key = `opt:${token}`;
-  const data = await rclient.get(key);
-  if (!data) return null;
-  return JSON.parse(data);
-}
+import getRedis from '../../redis/funcs/getRedis.js';
+
+export default async function getOpt(token, funcs) {
+  const rclient = getRedis({ db: 0, funcs });
+
+  const key = `opt:${token}`;
+  const data = await rclient.get(key);
+  if (!data) return null;
+  return JSON.parse(data);
+}

package/crud/funcs/getToken.js

@@ -1,27 +1,27 @@
-import getRedis from '../../redis/funcs/getRedis.js';
-import config from '../../config.js';
-
-function sprintf(str, ...args) {
-  return str.replace(/%s/g, () => args.shift());
-}
-
-const keys = {
-  r: '%s:token:view:%s',
-  a: '%s:token:add:%s',
-  w: '%s:token:edit:%s',
-  e: '%s:token:exec:%s',
-};
-
-async function getToken({
-  uid, token, mode = 'r', json,
-}) {
-  if (mode === 'r') return token;
-
-  const rclient = getRedis({ db: 0 });
-
-  const key = sprintf(keys[mode], config?.pg?.database, uid?.toString());
-  const id = await rclient.hget(key, token);
-  return json && id?.[0] === '{' ? JSON.parse(id) : id;
-}
-
-export default getToken;
+import getRedis from '../../redis/funcs/getRedis.js';
+import config from '../../config.js';
+
+function sprintf(str, ...args) {
+  return str.replace(/%s/g, () => args.shift());
+}
+
+const keys = {
+  r: '%s:token:view:%s',
+  a: '%s:token:add:%s',
+  w: '%s:token:edit:%s',
+  e: '%s:token:exec:%s',
+};
+
+async function getToken({
+  uid, token, mode = 'r', json,
+}) {
+  if (mode === 'r') return token;
+
+  const rclient = getRedis({ db: 0 });
+
+  const key = sprintf(keys[mode], config?.pg?.database, uid?.toString());
+  const id = await rclient.hget(key, token);
+  return json && id?.[0] === '{' ? JSON.parse(id) : id;
+}
+
+export default getToken;

package/crud/funcs/isFileExists.js

@@ -1,13 +1,13 @@
-import { access } from 'fs/promises';
-
-const isFileExists = async (filepath) => {
-  try {
-    await access(filepath);
-    return true;
-  }
-  catch (err) {
-    return false;
-  }
-};
-
-export default isFileExists;
+import { access } from 'fs/promises';
+
+const isFileExists = async (filepath) => {
+  try {
+    await access(filepath);
+    return true;
+  }
+  catch (err) {
+    return false;
+  }
+};
+
+export default isFileExists;

package/crud/funcs/setOpt.js

@@ -1,16 +1,16 @@
-import { createHash } from 'crypto';
-import getRedis from '../../redis/funcs/getRedis.js';
-
-function md5(string) {
-  return createHash('md5').update(string).digest('hex');
-}
-
-export default async function setOpt(params) {
-  const token = Buffer.from(md5(typeof params === 'object' ? JSON.stringify(params) : params), 'hex').toString('base64').replace(/[+-=]+/g, '');
-  // const token = md5(params);
-  const key = `opt:${token}`;
-
-  const rclient = getRedis({ db: 0, funcs: params.funcs });
-  await rclient.set(key, JSON.stringify(params), 'EX', 60 * 60);
-  return token;
-}
+import { createHash } from 'crypto';
+import getRedis from '../../redis/funcs/getRedis.js';
+
+function md5(string) {
+  return createHash('md5').update(string).digest('hex');
+}
+
+export default async function setOpt(params) {
+  const token = Buffer.from(md5(typeof params === 'object' ? JSON.stringify(params) : params), 'hex').toString('base64').replace(/[+-=]+/g, '');
+  // const token = md5(params);
+  const key = `opt:${token}`;
+
+  const rclient = getRedis({ db: 0, funcs: params.funcs });
+  await rclient.set(key, JSON.stringify(params), 'EX', 60 * 60);
+  return token;
+}

package/crud/funcs/setToken.js

@@ -1,53 +1,53 @@
-import { createHash, randomUUID } from 'crypto';
-
-import config from '../../config.js';
-import getRedis from '../../redis/funcs/getRedis.js';
-
-const generateCodes = (ids, userToken) => {
-  const token = userToken || randomUUID();
-  const notNullIds = ids.filter((el) => el);
-  const obj = {};
-  const codes = notNullIds.reduce((acc, id) => {
-    const newToken = createHash('sha1').update(token + id).digest('base64url').replace(/-/g, '');
-    acc[newToken] = id; obj[id] = newToken;
-    return acc;
-  }, {});
-  return { codes, obj };
-};
-
-function setToken({
-  ids: idsOrigin, mode = 'r', uid, referer, array,
-}) {
-  const rclient2 = getRedis({ db: 0 });
-  //  const rclient5 = getRedis({ db: 0, funcs });
-
-  if (!uid) return { user: 'empty' };
-  if (!Object.keys(idsOrigin).length) return { ids: 'empty' };
-
-  const ids = idsOrigin.map((el) => (typeof el === 'object' ? JSON.stringify(el) : el));
-  // update/delete
-
-  if (mode === 'r') return null;
-
-  // TODO generate salt
-  const { codes, obj } = generateCodes(ids, uid);
-
-  if (!Object.keys(codes).length) return { ids: 'empty' };
-
-  rclient2.hmset(`${config.pg.database}:token:${{
-    e: 'exec', r: 'view', w: 'edit', a: 'add',
-  }[mode]}:${uid}`, codes);
-
-  // log token for debug. add extra data - uid, mode, date
-  /* const dt = new Date().toISOString();
-   const codesLog = Object.keys(codes).reduce((acc, key) => {
-    acc[key] = `{"referer": "${referer}" ,"uid":"${uid}","mode":"${mode}","date":"${dt}",${codes[key].substr(1)}`;
-    return acc;
-  }, {});
-   rclient5.hmset(`${config.pg.database}:token:edit`, codesLog); // 'EX', 64800 */
-
-  // TODO дополнительно писать в hset token -> uid
-  return array ? Object.values(obj) : obj;
-}
-
-export default setToken;
+import { createHash, randomUUID } from 'crypto';
+
+import config from '../../config.js';
+import getRedis from '../../redis/funcs/getRedis.js';
+
+const generateCodes = (ids, userToken) => {
+  const token = userToken || randomUUID();
+  const notNullIds = ids.filter((el) => el);
+  const obj = {};
+  const codes = notNullIds.reduce((acc, id) => {
+    const newToken = createHash('sha1').update(token + id).digest('base64url').replace(/-/g, '');
+    acc[newToken] = id; obj[id] = newToken;
+    return acc;
+  }, {});
+  return { codes, obj };
+};
+
+function setToken({
+  ids: idsOrigin, mode = 'r', uid, referer, array,
+}) {
+  const rclient2 = getRedis({ db: 0 });
+  //  const rclient5 = getRedis({ db: 0, funcs });
+
+  if (!uid) return { user: 'empty' };
+  if (!Object.keys(idsOrigin).length) return { ids: 'empty' };
+
+  const ids = idsOrigin.map((el) => (typeof el === 'object' ? JSON.stringify(el) : el));
+  // update/delete
+
+  if (mode === 'r') return null;
+
+  // TODO generate salt
+  const { codes, obj } = generateCodes(ids, uid);
+
+  if (!Object.keys(codes).length) return { ids: 'empty' };
+
+  rclient2.hmset(`${config.pg.database}:token:${{
+    e: 'exec', r: 'view', w: 'edit', a: 'add',
+  }[mode]}:${uid}`, codes);
+
+  // log token for debug. add extra data - uid, mode, date
+  /* const dt = new Date().toISOString();
+   const codesLog = Object.keys(codes).reduce((acc, key) => {
+    acc[key] = `{"referer": "${referer}" ,"uid":"${uid}","mode":"${mode}","date":"${dt}",${codes[key].substr(1)}`;
+    return acc;
+  }, {});
+   rclient5.hmset(`${config.pg.database}:token:edit`, codesLog); // 'EX', 64800 */
+
+  // TODO дополнительно писать в hset token -> uid
+  return array ? Object.values(obj) : obj;
+}
+
+export default setToken;

package/crud/index.js

@@ -1,27 +1,36 @@
-import getOpt from './funcs/getOpt.js';
-import setOpt from './funcs/setOpt.js';
-import isFileExists from './funcs/isFileExists.js';
-import dataUpdate from './funcs/dataUpdate.js';
-import dataInsert from './funcs/dataInsert.js';
-
-import update from './controllers/update.js';
-import insert from './controllers/insert.js';
-import deleteCrud from './controllers/deleteCrud.js';
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  // funcs
-  fastify.decorate('setOpt', setOpt);
-  fastify.decorate('getOpt', getOpt);
-  fastify.decorate('dataUpdate', dataUpdate);
-  fastify.decorate('dataInsert', dataInsert);
-
-  fastify.decorate('isFileExists', isFileExists);
-
-  // api
-  fastify.put(`${prefix}/table/:table/:id`, {}, update);
-  fastify.delete(`${prefix}/table/:table/:id`, {}, deleteCrud);
-  fastify.post(`${prefix}/table/:table`, {}, insert);
-}
-
-export default plugin;
+import getOpt from './funcs/getOpt.js';
+import setOpt from './funcs/setOpt.js';
+import isFileExists from './funcs/isFileExists.js';
+import dataUpdate from './funcs/dataUpdate.js';
+import dataInsert from './funcs/dataInsert.js';
+
+import update from './controllers/update.js';
+import insert from './controllers/insert.js';
+import deleteCrud from './controllers/deleteCrud.js';
+import getAccessFunc from './funcs/getAccess.js';
+
+const tableSchema = {
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  // funcs
+  fastify.decorate('setOpt', setOpt);
+  fastify.decorate('getOpt', getOpt);
+  fastify.decorate('dataUpdate', dataUpdate);
+  fastify.decorate('dataInsert', dataInsert);
+  fastify.decorate('getAccess', getAccessFunc);
+
+  fastify.decorate('isFileExists', isFileExists);
+
+  // api
+  fastify.put(`${prefix}/table/:table/:id`, { schema: tableSchema }, update);
+  fastify.delete(`${prefix}/table/:table/:id`, { schema: tableSchema }, deleteCrud);
+  fastify.post(`${prefix}/table/:table`, { schema: tableSchema }, insert);
+}
+
+export default plugin;