@opengis/fastify-table 1.0.74 → 1.0.76

package/cron/funcs/addCron.js

@@ -1,131 +1,131 @@
-import { createHash } from 'crypto';
-
-import cronList from '../controllers/utils/cronList.js';
-import getRedis from '../../redis/funcs/getRedis.js';
-import getPG from '../../pg/funcs/getPG.js';
-
-const md5 = (string) => createHash('md5').update(string).digest('hex');
-
-async function verifyUnique(name, config, rclient) {
-  const cronId = config.port || 3000 + md5(name);
-  // one per node check
-  const key = `cron:unique:${cronId}`;
-  const unique = await rclient.setnx(key, 1);
-  const ttl = await rclient.ttl(key);
-  if (!unique && ttl !== -1) {
-    return false;
-  }
-  await rclient.expire(key, 20);
-  return true;
-}
-
-const intervalStringMs = {
-  everyMin: 1000 * 60,
-  tenMin: 1000 * 60 * 10,
-  everyHour: 1000 * 60 * 60,
-  isHalfday: 1000 * 60 * 60 * 12,
-  dailyHour: 1000 * 60 * 60 * 24,
-};
-
-const interval2ms = {
-  string: (interval) => {
-    const date = new Date();
-    const intervarSplit = interval.match(/^(\*{2}|(\*)?(\d{1,2})):(\*(\d)|(\d{2}))/);
-    if (!intervarSplit) {
-      throw new Error(`interval ${interval} not suported`);
-    }
-    const [, , isHalfday, dailyHour, , tenMin, HourlyMin] = intervarSplit;
-    const intervalMs = (isHalfday && intervalStringMs.isHalfday)
-      || (dailyHour && intervalStringMs.dailyHour)
-      || (tenMin && intervalStringMs.tenMin)
-      || intervalStringMs.everyHour;
-    const offsetDay = ((+dailyHour || 0) * 60 + (+tenMin || +HourlyMin)) * 60 * 1000;
-    const offsetCur = (date - date.getTimezoneOffset() * 1000 * 60) % intervalMs;
-    const waitMs = (offsetDay - offsetCur + intervalMs) % intervalMs;
-    return [waitMs, intervalMs];
-  },
-  number: (interval) => {
-    const date = new Date();
-    const intervalMs = interval * 1000;
-    const dateWithTZ = date - date.getTimezoneOffset() * 1000 * 60;
-    const offsetCur = dateWithTZ % intervalMs;
-    // start every cron within 1 hour
-    const sixtyMinutesStartMs = 3600000;
-    const waitMs = (intervalMs - offsetCur) % sixtyMinutesStartMs;
-    return [waitMs, intervalMs];
-  },
-};
-
-async function runCron({
-  pg, funcs, func, name, rclient, log,
-}) {
-  const unique = await verifyUnique(name, funcs.config, rclient);
-
-  if (!unique) return;
-  const db = pg.options.database;
-  log.debug(`cron.${name}`, 1, db);
-  try {
-    const data = await func({ pg, funcs, log });
-    log.debug('cron', { db, name, result: data });
-    log.info('cron', { db, name, result: data });
-  }
-  catch (err) {
-    log.debug('cron', { db, name, error: err.toString() });
-    log.error('cron', { db, name, error: err.toString() });
-  }
-}
-
-/**
- * interval:
- * -   02:54 - every day
- * -    2:03 - every day
- * -   *1:43 - 2 times a day
- * -  *12:03 - 2 times a day
- * -   **:54 - every hour
- * -   **:*3 - every 10 minutes
- * -      60 - every minute
- * - 10 * 60 - every 10 minutes
- */
-
-export default async function addCron(func, interval, fastify) {
-  if (!fastify) {
-    throw new Error('not enough params: fastify');
-  }
-
-  const { config = {}, log } = fastify;
-  const { time = {}, disabled = [] } = config.cron || {};
-  const pg = getPG();
-  const rclient = getRedis();
-
-  const name = func.name || func.toString().split('/').at(-1).split('\'')[0];
-
-  // if (!config.isServer) return;
-
-  if (disabled.includes(name)) {
-    log.debug('cron', { name, message: 'cron disabled' });
-    return;
-  }
-
-  cronList[name] = func;
-
-  const userInterval = time[name] || interval;
-  const [waitMs, intervalMs] = interval2ms[typeof interval](userInterval);
-
-  if (intervalMs < 1000) {
-    log.warn('cron', { name, error: `interval ${interval} to small` });
-    return;
-  }
-
-  // setTimeout to w8 for the time to start
-  setTimeout(() => {
-    runCron({
-      pg, funcs: fastify, func, name, rclient, log,
-    });
-    // interval
-    setInterval(() => {
-      runCron({
-        pg, funcs: fastify, func, name, rclient, log,
-      });
-    }, intervalMs);
-  }, waitMs);
-}
+import { createHash } from 'crypto';
+
+import cronList from '../controllers/utils/cronList.js';
+import getRedis from '../../redis/funcs/getRedis.js';
+import getPG from '../../pg/funcs/getPG.js';
+
+const md5 = (string) => createHash('md5').update(string).digest('hex');
+
+async function verifyUnique(name, config, rclient) {
+  const cronId = config.port || 3000 + md5(name);
+  // one per node check
+  const key = `cron:unique:${cronId}`;
+  const unique = await rclient.setnx(key, 1);
+  const ttl = await rclient.ttl(key);
+  if (!unique && ttl !== -1) {
+    return false;
+  }
+  await rclient.expire(key, 20);
+  return true;
+}
+
+const intervalStringMs = {
+  everyMin: 1000 * 60,
+  tenMin: 1000 * 60 * 10,
+  everyHour: 1000 * 60 * 60,
+  isHalfday: 1000 * 60 * 60 * 12,
+  dailyHour: 1000 * 60 * 60 * 24,
+};
+
+const interval2ms = {
+  string: (interval) => {
+    const date = new Date();
+    const intervarSplit = interval.match(/^(\*{2}|(\*)?(\d{1,2})):(\*(\d)|(\d{2}))/);
+    if (!intervarSplit) {
+      throw new Error(`interval ${interval} not suported`);
+    }
+    const [, , isHalfday, dailyHour, , tenMin, HourlyMin] = intervarSplit;
+    const intervalMs = (isHalfday && intervalStringMs.isHalfday)
+      || (dailyHour && intervalStringMs.dailyHour)
+      || (tenMin && intervalStringMs.tenMin)
+      || intervalStringMs.everyHour;
+    const offsetDay = ((+dailyHour || 0) * 60 + (+tenMin || +HourlyMin)) * 60 * 1000;
+    const offsetCur = (date - date.getTimezoneOffset() * 1000 * 60) % intervalMs;
+    const waitMs = (offsetDay - offsetCur + intervalMs) % intervalMs;
+    return [waitMs, intervalMs];
+  },
+  number: (interval) => {
+    const date = new Date();
+    const intervalMs = interval * 1000;
+    const dateWithTZ = date - date.getTimezoneOffset() * 1000 * 60;
+    const offsetCur = dateWithTZ % intervalMs;
+    // start every cron within 1 hour
+    const sixtyMinutesStartMs = 3600000;
+    const waitMs = (intervalMs - offsetCur) % sixtyMinutesStartMs;
+    return [waitMs, intervalMs];
+  },
+};
+
+async function runCron({
+  pg, funcs, func, name, rclient, log,
+}) {
+  const unique = await verifyUnique(name, funcs.config, rclient);
+
+  if (!unique) return;
+  const db = pg.options.database;
+  log.debug(`cron.${name}`, 1, db);
+  try {
+    const data = await func({ pg, funcs, log });
+    log.debug('cron', { db, name, result: data });
+    log.info('cron', { db, name, result: data });
+  }
+  catch (err) {
+    log.debug('cron', { db, name, error: err.toString() });
+    log.error('cron', { db, name, error: err.toString() });
+  }
+}
+
+/**
+ * interval:
+ * -   02:54 - every day
+ * -    2:03 - every day
+ * -   *1:43 - 2 times a day
+ * -  *12:03 - 2 times a day
+ * -   **:54 - every hour
+ * -   **:*3 - every 10 minutes
+ * -      60 - every minute
+ * - 10 * 60 - every 10 minutes
+ */
+
+export default async function addCron(func, interval, fastify) {
+  if (!fastify) {
+    throw new Error('not enough params: fastify');
+  }
+
+  const { config = {}, log } = fastify;
+  const { time = {}, disabled = [] } = config.cron || {};
+  const pg = getPG();
+  const rclient = getRedis();
+
+  const name = func.name || func.toString().split('/').at(-1).split('\'')[0];
+
+  // if (!config.isServer) return;
+
+  if (disabled.includes(name)) {
+    log.debug('cron', { name, message: 'cron disabled' });
+    return;
+  }
+
+  cronList[name] = func;
+
+  const userInterval = time[name] || interval;
+  const [waitMs, intervalMs] = interval2ms[typeof interval](userInterval);
+
+  if (intervalMs < 1000) {
+    log.warn('cron', { name, error: `interval ${interval} to small` });
+    return;
+  }
+
+  // setTimeout to w8 for the time to start
+  setTimeout(() => {
+    runCron({
+      pg, funcs: fastify, func, name, rclient, log,
+    });
+    // interval
+    setInterval(() => {
+      runCron({
+        pg, funcs: fastify, func, name, rclient, log,
+      });
+    }, intervalMs);
+  }, waitMs);
+}

package/cron/index.js

@@ -1,10 +1,10 @@
-import cronApi from './controllers/cronApi.js';
-import addCron from './funcs/addCron.js';
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  fastify.decorate('addCron', addCron);
-  fastify.get(`${prefix}/cron/:name`, {}, cronApi);
-}
-
-export default plugin;
+import cronApi from './controllers/cronApi.js';
+import addCron from './funcs/addCron.js';
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  fastify.decorate('addCron', addCron);
+  fastify.get(`${prefix}/cron/:name`, {}, cronApi);
+}
+
+export default plugin;

package/crud/controllers/deleteCrud.js

@@ -3,7 +3,7 @@ import getTemplate from '../../table/controllers/utils/getTemplate.js';
 import getAccess from '../funcs/getAccess.js';
 
 export default async function deleteCrud(req) {
-  const { actions = [], scope = 'my', my } = await getAccess(req, req.params.table, req.params.id) || {};
+  const { actions = [], scope, my } = await getAccess(req, req.params.table, req.params.id) || {};
   if (!actions.includes('del') || (scope === 'my' && !my)) {
     return { message: 'access restricted', status: 403 };
   }

package/crud/controllers/utils/checkXSS.js

@@ -1,45 +1,45 @@
-/* import sqlInjection from '../../../policy/funcs/sqlInjection.js'; */
-import xssInjection from './xssInjection.js';
-
-/* const checkList = xssInjection.concat(sqlInjection); */
-
-// RTE - rich text editor
-
-function checkXSS({ body, schema = {} }) {
-  const data = typeof body === 'string' ? body : JSON.stringify(body);
-  const stopWords = xssInjection.filter((el) => data.toLowerCase().includes(el));
-
-  // check sql injection
-  const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/gi);
-  if (stopSpecialSymbols?.length) stopSpecialSymbols?.forEach((el) => stopWords.push(el));
-
-  // escape arrows on non-RTE
-  Object.keys(body)
-    .filter((key) => ['<', '>'].find((el) => body[key]?.includes?.(el))
-  && !['Summernote', 'Tiny', 'Ace'].includes(schema[key]?.type))
-    ?.forEach((key) => {
-      Object.assign(body, { [key]: body[key].replace(/</g, '&lt;').replace(/>/g, '&gt;') });
-    });
-  // try { } catch (err) { return { error: err.toString() }; }
-
-  if (!stopWords.length) return { body };
-
-  const disabledCheckFields = Object.keys(schema)?.filter((el) => schema[el]?.xssCheck === false); // exclude specific columns
-
-  // check RTE
-  /* const richTextFields = Object.keys(schema).filter((el) => ['Summernote', 'Tiny', 'Ace'].includes(schema[el]?.type));
-  richTextFields.filter((key) => !checkList.find((el) => body[key].includes(el)))?.forEach((key) => {
-    disabledCheckFields.push(key);
-  }); */
-
-  const field = Object.keys(body)
-    ?.find((key) => body[key]
-        && !disabledCheckFields.includes(key)
-        && body[key].toLowerCase().includes(stopWords[0]));
-  if (field) {
-    return { error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`, body };
-  }
-  return { body };
-}
-
-export default checkXSS;
+/* import sqlInjection from '../../../policy/funcs/sqlInjection.js'; */
+import xssInjection from './xssInjection.js';
+
+/* const checkList = xssInjection.concat(sqlInjection); */
+
+// RTE - rich text editor
+
+function checkXSS({ body, schema = {} }) {
+  const data = typeof body === 'string' ? body : JSON.stringify(body);
+  const stopWords = xssInjection.filter((el) => data.toLowerCase().includes(el));
+
+  // check sql injection
+  const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/gi);
+  if (stopSpecialSymbols?.length) stopSpecialSymbols?.forEach((el) => stopWords.push(el));
+
+  // escape arrows on non-RTE
+  Object.keys(body)
+    .filter((key) => ['<', '>'].find((el) => body[key]?.includes?.(el))
+  && !['Summernote', 'Tiny', 'Ace'].includes(schema[key]?.type))
+    ?.forEach((key) => {
+      Object.assign(body, { [key]: body[key].replace(/</g, '&lt;').replace(/>/g, '&gt;') });
+    });
+  // try { } catch (err) { return { error: err.toString() }; }
+
+  if (!stopWords.length) return { body };
+
+  const disabledCheckFields = Object.keys(schema)?.filter((el) => schema[el]?.xssCheck === false); // exclude specific columns
+
+  // check RTE
+  /* const richTextFields = Object.keys(schema).filter((el) => ['Summernote', 'Tiny', 'Ace'].includes(schema[el]?.type));
+  richTextFields.filter((key) => !checkList.find((el) => body[key].includes(el)))?.forEach((key) => {
+    disabledCheckFields.push(key);
+  }); */
+
+  const field = Object.keys(body)
+    ?.find((key) => body[key]
+        && !disabledCheckFields.includes(key)
+        && body[key].toLowerCase().includes(stopWords[0]));
+  if (field) {
+    return { error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`, body };
+  }
+  return { body };
+}
+
+export default checkXSS;

package/crud/controllers/utils/xssInjection.js

@@ -1,72 +1,72 @@
-const xssInjection = [
-  'onkeypress=',
-  'onkeyup=',
-  'ondblclick=',
-  'onerror=',
-  'onmouseover=',
-  '<meta',
-  '<script',
-  'vascript:',
-  'onkeydown=',
-  'onmousedown=',
-  'onmouseenter=',
-  'onmouseleave=',
-  'onmousemove=',
-  'onmouseout=',
-  'onmouseup=',
-  'onmousewheel=',
-  'onpaste=',
-  'onscroll=',
-  'onwheel=',
-  'javascript:',
-  '\\x',
-  'eval(',
-  'onmouseover=',
-  'action=',
-  'xlink:',
-  'allowscriptaccess',
-  'href=',
-  'behavior:',
-  'onreadystatechange=',
-  'onstart=',
-  'offline=',
-  'onabort=',
-  'onafterprint=',
-  'onbeforeonload=',
-  'onbeforeprint=',
-  'onblur=',
-  'oncanplay=',
-  'oncanplaythrough=',
-  'onchange=',
-  'onclick=',
-  'oncontextmenu=',
-  'ondblclick=',
-  'ondrag=',
-  'ondragend=',
-  'ondragenter=',
-  'ondragleave=',
-  'ondragover=',
-  'ondragstart=',
-  'ondrop=',
-  'ondurationchange=',
-  'onemptied=',
-  'onended=',
-  'onerror=',
-  'onfocus=',
-  'onformchange=',
-  'onforminput=',
-  'onhaschange=',
-  'oninput=',
-  'oninvalid=',
-  'onkeydown=',
-  'onkeypress=',
-  'onkeyup=',
-  'onload=',
-  'onloadeddata=',
-  'onloadedmetadata=',
-  'onloadstart=',
-  'alert(',
-  'script:',
-];
-
-export default xssInjection;
+const xssInjection = [
+  'onkeypress=',
+  'onkeyup=',
+  'ondblclick=',
+  'onerror=',
+  'onmouseover=',
+  '<meta',
+  '<script',
+  'vascript:',
+  'onkeydown=',
+  'onmousedown=',
+  'onmouseenter=',
+  'onmouseleave=',
+  'onmousemove=',
+  'onmouseout=',
+  'onmouseup=',
+  'onmousewheel=',
+  'onpaste=',
+  'onscroll=',
+  'onwheel=',
+  'javascript:',
+  '\\x',
+  'eval(',
+  'onmouseover=',
+  'action=',
+  'xlink:',
+  'allowscriptaccess',
+  'href=',
+  'behavior:',
+  'onreadystatechange=',
+  'onstart=',
+  'offline=',
+  'onabort=',
+  'onafterprint=',
+  'onbeforeonload=',
+  'onbeforeprint=',
+  'onblur=',
+  'oncanplay=',
+  'oncanplaythrough=',
+  'onchange=',
+  'onclick=',
+  'oncontextmenu=',
+  'ondblclick=',
+  'ondrag=',
+  'ondragend=',
+  'ondragenter=',
+  'ondragleave=',
+  'ondragover=',
+  'ondragstart=',
+  'ondrop=',
+  'ondurationchange=',
+  'onemptied=',
+  'onended=',
+  'onerror=',
+  'onfocus=',
+  'onformchange=',
+  'onforminput=',
+  'onhaschange=',
+  'oninput=',
+  'oninvalid=',
+  'onkeydown=',
+  'onkeypress=',
+  'onkeyup=',
+  'onload=',
+  'onloadeddata=',
+  'onloadedmetadata=',
+  'onloadstart=',
+  'alert(',
+  'script:',
+];
+
+export default xssInjection;

package/crud/funcs/dataDelete.js

@@ -1,15 +1,15 @@
-import getPG from '../../pg/funcs/getPG.js';
-
-import getMeta from '../../pg/funcs/getMeta.js';
-
-export default async function dataDelete({
-  table, id, pg: pg1,
-}) {
-  const pg = pg1 || getPG({ name: 'client' });
-  const { pk } = await getMeta(table);
-  if (!pg.tlist?.includes(table)) return 'table not exist';
-  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
-  //  console.log(updateDataset);
-  const res = await pg.one(delQuery, [id]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+
+import getMeta from '../../pg/funcs/getMeta.js';
+
+export default async function dataDelete({
+  table, id, pg: pg1,
+}) {
+  const pg = pg1 || getPG({ name: 'client' });
+  const { pk } = await getMeta(table);
+  if (!pg.tlist?.includes(table)) return 'table not exist';
+  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
+  //  console.log(updateDataset);
+  const res = await pg.one(delQuery, [id]) || {};
+  return res;
+}

package/crud/funcs/dataUpdate.js

@@ -1,24 +1,24 @@
-import getPG from '../../pg/funcs/getPG.js';
-
-import getMeta from '../../pg/funcs/getMeta.js';
-
-export default async function dataUpdate({
-  table, id, data, pg: pg1,
-}) {
-  if (!data || !table || !id) return null;
-
-  const pg = pg1 || getPG({ name: 'client' });
-  const { columns, pk } = await getMeta(table);
-
-  const names = columns?.map((el) => el.name);
-  const filterData = Object.keys(data)
-    .filter((el) => (typeof data[el] === 'boolean' ? true : data[el] && names?.includes(el)));
-
-  const filterValue = filterData.map((el) => [el, data[el]]).map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]));
-
-  const updateQuery = `UPDATE ${table} SET ${filterData?.map((key, i) => (key === 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),4326)` : `"${key}"=$${i + 2}`)).join(',')} 
-      WHERE ${pk} = $1 returning *`;
-  //  console.log(updateDataset);
-  const res = await pg.query(updateQuery, [id, ...filterValue]).then(el => el?.rows?.[0]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+
+import getMeta from '../../pg/funcs/getMeta.js';
+
+export default async function dataUpdate({
+  table, id, data, pg: pg1,
+}) {
+  if (!data || !table || !id) return null;
+
+  const pg = pg1 || getPG({ name: 'client' });
+  const { columns, pk } = await getMeta(table);
+
+  const names = columns?.map((el) => el.name);
+  const filterData = Object.keys(data)
+    .filter((el) => (typeof data[el] === 'boolean' ? true : data[el] && names?.includes(el)));
+
+  const filterValue = filterData.map((el) => [el, data[el]]).map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]));
+
+  const updateQuery = `UPDATE ${table} SET ${filterData?.map((key, i) => (key === 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),4326)` : `"${key}"=$${i + 2}`)).join(',')} 
+      WHERE ${pk} = $1 returning *`;
+  //  console.log(updateDataset);
+  const res = await pg.query(updateQuery, [id, ...filterValue]).then(el => el?.rows?.[0]) || {};
+  return res;
+}

package/crud/funcs/getAccess.js

@@ -20,7 +20,7 @@ where a.route_id=$1 and $2 in (b.user_uid, d.user_uid)`;
 
 export default async function getAccess(req, template, id = null) {
   if (config.disableAccessRestriction || true) {
-    return { actions: ['get', 'edit', 'del'], query: '1=1' };
+    return { actions: ['get', 'edit', 'del'], my: true, query: '1=1' };
   }
   const { pg, session = {} } = req;
   const { uid, user_type: userType } = session.passport?.user || {};
@@ -32,6 +32,7 @@ export default async function getAccess(req, template, id = null) {
   if (!table) return null;
 
   const { scope = 'my', actions = [] } = await pg.one(q, [template, uid]);
+  // console.log(scope, actions);
 
   const { columns = [] } = await getMeta(table);
   const columnList = columns.map((el) => el.name || el).join(',');