@opengis/fastify-table 1.0.82 → 1.0.84

package/table/controllers/utils/getSelectMeta.js

@@ -1,66 +1,66 @@
-// import pgClients from '../../../pg/pgClients.js';
-import getPG from '../../../pg/funcs/getPG.js';
-
-import getSelect from './getSelect.js';
-
-/*
-function getTable(table) {
-  // eslint-disable-next-line class-methods-use-this
-  const result = table.toLowerCase().replace(/[\n\r]+/g, ' ').split(' from ').filter((el) => /^[a-z0-9_]+\.[a-z0-9_]+/.test(el))
-    .map((el) => el.split(/[ )]/)[0]);
-  return result?.pop();
-} */
-
-const selectMeta = {};
-
-export default async function getSelectMeta({ name, pg: pg1 }) {
-  if (selectMeta[name]) return selectMeta[name];
-
-  const cls = await getSelect(name);
-
-  if (!cls) return null;
-  if (cls.arr) return cls;
-  if (!cls.sql) return null;
-
-  const pg = pg1 || getPG({ db: cls.db || 'client' });
-  const { sql: original } = cls;
-  const sql = `with c(id,text) as (${original} ) select * from c  `;
-
-  /*= == meta table === */
-  const tableNew = original.toLowerCase().replace(/\n/g, ' ').split(' from ').filter((el) => /^[a-z0-9_]+\.[a-z0-9_]+/.test(el))
-    .map((el) => el.split(/[ )]/)[0].replace(/[\r\n]+/g, ''));
-
-  const dataOrigin = await pg.query(`${sql} limit 0`);
-
-  const dataOrigin1 = await pg.query(`${original} limit 0`);
-
-  // const table = getTable(original);
-  const count = cls?.count ?? await pg.query(`select count(*) from (${original})q`).then((el) => el?.rows?.[0].count);
-
-  // column name
-  const cols = dataOrigin.fields.map((el) => el.name);
-  const type = dataOrigin.fields.map((el) => pg.pgType?.[el.dataTypeID] || 'text');
-
-  const searchColumn = cls?.searchColumn || (
-    dataOrigin.fields.find((el) => el.name === 'search') ? 'search' : dataOrigin.fields[1].name);
-
-  const searchQuery = `(${searchColumn.split(',').map((el) => `"${el}" ilike $1 `).join(' or ')})`;
-
-  const data = {
-
-    type: type.join(','),
-    cols: cols.join(','),
-    originalCols: dataOrigin1.fields.map((el) => el.name).join(','),
-    db: cls.db,
-    original: original?.includes('where') ? `select * from (${sql})q` : sql,
-    sql,
-    count,
-    searchQuery,
-    table: tableNew.join(','),
-    time: new Date().toISOString(),
-
-  };
-
-  selectMeta[name] = data;
-  return data;
-}
+// import pgClients from '../../../pg/pgClients.js';
+import getPG from '../../../pg/funcs/getPG.js';
+
+import getSelect from './getSelect.js';
+
+/*
+function getTable(table) {
+  // eslint-disable-next-line class-methods-use-this
+  const result = table.toLowerCase().replace(/[\n\r]+/g, ' ').split(' from ').filter((el) => /^[a-z0-9_]+\.[a-z0-9_]+/.test(el))
+    .map((el) => el.split(/[ )]/)[0]);
+  return result?.pop();
+} */
+
+const selectMeta = {};
+
+export default async function getSelectMeta({ name, pg: pg1 }) {
+  if (selectMeta[name]) return selectMeta[name];
+
+  const cls = await getSelect(name);
+
+  if (!cls) return null;
+  if (cls.arr) return cls;
+  if (!cls.sql) return null;
+
+  const pg = pg1 || getPG({ db: cls.db || 'client' });
+  const { sql: original } = cls;
+  const sql = `with c(id,text) as (${original} ) select * from c  `;
+
+  /*= == meta table === */
+  const tableNew = original.toLowerCase().replace(/\n/g, ' ').split(' from ').filter((el) => /^[a-z0-9_]+\.[a-z0-9_]+/.test(el))
+    .map((el) => el.split(/[ )]/)[0].replace(/[\r\n]+/g, ''));
+
+  const dataOrigin = await pg.query(`${sql} limit 0`);
+
+  const dataOrigin1 = await pg.query(`${original} limit 0`);
+
+  // const table = getTable(original);
+  const count = cls?.count ?? await pg.query(`select count(*) from (${original})q`).then((el) => el?.rows?.[0].count);
+
+  // column name
+  const cols = dataOrigin.fields.map((el) => el.name);
+  const type = dataOrigin.fields.map((el) => pg.pgType?.[el.dataTypeID] || 'text');
+
+  const searchColumn = cls?.searchColumn || (
+    dataOrigin.fields.find((el) => el.name === 'search') ? 'search' : dataOrigin.fields[1].name);
+
+  const searchQuery = `(${searchColumn.split(',').map((el) => `"${el}" ilike $1 `).join(' or ')})`;
+
+  const data = {
+
+    type: type.join(','),
+    cols: cols.join(','),
+    originalCols: dataOrigin1.fields.map((el) => el.name).join(','),
+    db: cls.db,
+    original: original?.includes('where') ? `select * from (${sql})q` : sql,
+    sql,
+    count,
+    searchQuery,
+    table: tableNew.join(','),
+    time: new Date().toISOString(),
+
+  };
+
+  selectMeta[name] = data;
+  return data;
+}

package/table/controllers/utils/getTemplate.js

@@ -1,28 +1,28 @@
-import { readFile } from 'fs/promises';
-import fs from 'fs';
-import path from 'path';
-import config from '../../../config.js';
-
-const loadTemplate = {};
-
-export default async function getTemplateDir(type, name) {
-  if (!type) return null;
-  if (!name) return null;
-
-  const cwd = process.cwd();
-  const typeDir = path.join(cwd, (config.templateDir || 'server/templates'), type);
-
-  if (!loadTemplate[type]) {
-    const typeList = fs.existsSync(typeDir) ? fs.readdirSync(typeDir) : [];
-    loadTemplate[type] = typeList;
-  }
-
-  const fullname = loadTemplate[type].find((el) => path.parse(el).name === name);
-  const ext = fullname ? path.extname(fullname)?.slice(1) : null;
-  if (!ext) return null;
-
-  const sql = loadTemplate[type].includes(`${name}.sql`) ? await readFile(path.join(typeDir, `${name}.sql`), 'utf-8') : null;
-  const data = loadTemplate[type].includes(`${name}.json`) ? JSON.parse(await readFile(path.join(typeDir, `${name}.json`), 'utf-8')) : await readFile(path.join(typeDir, `${name}.${ext}`), 'utf-8');
-  if (sql) return { ...data || {}, sql };
-  return data;
-}
+import { readFile } from 'fs/promises';
+import fs from 'fs';
+import path from 'path';
+import config from '../../../config.js';
+
+const loadTemplate = {};
+
+export default async function getTemplateDir(type, name) {
+  if (!type) return null;
+  if (!name) return null;
+
+  const cwd = process.cwd();
+  const typeDir = path.join(cwd, (config.templateDir || 'server/templates'), type);
+
+  if (!loadTemplate[type]) {
+    const typeList = fs.existsSync(typeDir) ? fs.readdirSync(typeDir) : [];
+    loadTemplate[type] = typeList;
+  }
+
+  const fullname = loadTemplate[type].find((el) => path.parse(el).name === name);
+  const ext = fullname ? path.extname(fullname)?.slice(1) : null;
+  if (!ext) return null;
+
+  const sql = loadTemplate[type].includes(`${name}.sql`) ? await readFile(path.join(typeDir, `${name}.sql`), 'utf-8') : null;
+  const data = loadTemplate[type].includes(`${name}.json`) ? JSON.parse(await readFile(path.join(typeDir, `${name}.json`), 'utf-8')) : await readFile(path.join(typeDir, `${name}.${ext}`), 'utf-8');
+  if (sql) return { ...data || {}, sql };
+  return data;
+}

package/table/controllers/utils/getTemplates.js

@@ -1,18 +1,18 @@
-import fs from 'fs';
-import path from 'path';
-import config from '../../../config.js';
-
-const loadTemplate = {};
-
-export default async function getTemplateDir(type) {
-    if (!type) return null;
-    
-    const cwd = process.cwd();
-    const typeDir = path.join(cwd, (config.templateDir || 'server/templates'), type);
-    
-    if (!loadTemplate[type]) {
-        const typeList = fs.existsSync(typeDir) ? fs.readdirSync(typeDir) : [];
-        loadTemplate[type] = typeList;
-    }
-    return loadTemplate[type];
-}
+import fs from 'fs';
+import path from 'path';
+import config from '../../../config.js';
+
+const loadTemplate = {};
+
+export default async function getTemplateDir(type) {
+    if (!type) return null;
+    
+    const cwd = process.cwd();
+    const typeDir = path.join(cwd, (config.templateDir || 'server/templates'), type);
+    
+    if (!loadTemplate[type]) {
+        const typeList = fs.existsSync(typeDir) ? fs.readdirSync(typeDir) : [];
+        loadTemplate[type] = typeList;
+    }
+    return loadTemplate[type];
+}

package/table/funcs/metaFormat/index.js

@@ -1,27 +1,27 @@
-import getTemplate from '../../controllers/utils/getTemplate.js';
-import getSelectVal from './getSelectVal.js';
-
-export default async function metaFormat({ rows, table }) {
-  const loadTable = await getTemplate('table', table);
-  const selectCols = loadTable?.columns?.filter((e) => e.data);
-  if (!selectCols?.length) return rows;
-
-  // cls & select format
-
-  await Promise.all(selectCols?.map(async (attr) => {
-    const values = [...new Set(rows?.map((el) => el[attr.name]).flat())].filter((el) => el);
-    if (!values.length) return null;
-
-    const cls = await getSelectVal({ name: attr.data, values });
-    if (!cls) return null;
-    rows.forEach(el => {
-      const val = el[attr.name]?.map?.(c => cls[c] || c) || cls[el[attr.name]] || el[attr.name];
-      if (!val) return;
-      Object.assign(el, { [val?.color ? `${attr.name}_data` : `${attr.name}_text`]: (val.color ? val : val.text || val) });
-    });
-
-    return null;
-  }));
-
-  return rows;
-}
+import getTemplate from '../../controllers/utils/getTemplate.js';
+import getSelectVal from './getSelectVal.js';
+
+export default async function metaFormat({ rows, table }) {
+  const loadTable = await getTemplate('table', table);
+  const selectCols = loadTable?.columns?.filter((e) => e.data);
+  if (!selectCols?.length) return rows;
+
+  // cls & select format
+
+  await Promise.all(selectCols?.map(async (attr) => {
+    const values = [...new Set(rows?.map((el) => el[attr.name]).flat())].filter((el) => el);
+    if (!values.length) return null;
+
+    const cls = await getSelectVal({ name: attr.data, values });
+    if (!cls) return null;
+    rows.forEach(el => {
+      const val = el[attr.name]?.map?.(c => cls[c] || c) || cls[el[attr.name]] || el[attr.name];
+      if (!val) return;
+      Object.assign(el, { [val?.color ? `${attr.name}_data` : `${attr.name}_text`]: (val.color ? val : val.text || val) });
+    });
+
+    return null;
+  }));
+
+  return rows;
+}

package/table/index.js

@@ -1,78 +1,80 @@
-import suggest from './controllers/suggest.js';
-import data from './controllers/data.js';
-import table from './controllers/table.js';
-import card from './controllers/card.js';
-import search from './controllers/search.js';
-import filter from './controllers/filter.js';
-import form from './controllers/form.js';
-import metaFormat from './funcs/metaFormat/index.js';
-import getFilterSQL from './funcs/getFilterSQL/index.js';
-import getTemplate from './controllers/utils/getTemplate.js';
-
-const tableSchema = {
-  querystring: {
-    page: { type: 'string', pattern: '^(\\d+)$' },
-    order: { type: 'string', pattern: '^(\\d+)$' },
-    filter: { type: 'string', pattern: '^([\\w\\d_-]+)=([\\w\\d_-]+)$' },
-  },
-  params: {
-    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
-
-const searchSchema = {
-  querystring: {
-    page: { type: 'string', pattern: '^(\\d+)$' },
-    limit: { type: 'string', pattern: '^(\\d+)$' },
-    order: { type: 'string', pattern: '^([\\w_.]+)$' },
-    desc: { type: 'string', pattern: '^(desc)|(asc)$' },
-    key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-    sql: { type: 'string', pattern: '^(\\d)$' },
-  },
-};
-
-const suggestSchema = {
-  querystring: {
-    lang: { type: 'string', pattern: '^([\\w.]+)$' },
-    // parent: { type: 'string', pattern: '^([\\w,./]+)$' },
-    sel: { type: 'string', pattern: '^([\\w,./]+)$' },
-    name: { type: 'string', pattern: '^([\\w,./]+)$' },
-    // key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
-    // val: { type: 'string', pattern: '^([\\w.,]+)$' },
-    sql: { type: 'string', pattern: '^(\\d)$' },
-  },
-  params: {
-    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
-  },
-};
-
-const formSchema = {
-  params: {
-    form: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
-
-const filterSchema = {
-  params: {
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  fastify.decorate('metaFormat', metaFormat);
-  fastify.decorate('getFilterSQL', getFilterSQL);
-  fastify.decorate('getTemplate', getTemplate);
-
-  fastify.get(`${prefix}/suggest/:data`, { schema: suggestSchema }, suggest);
-  fastify.get(`${prefix}/data/:table/:id?`, { schema: tableSchema }, data); // vs.crm.data.api с node
-  fastify.get(`${prefix}/table/:table/:id`, { schema: tableSchema }, table);
-  fastify.get(`${prefix}/card/:table/:id`, { schema: tableSchema }, card);
-  fastify.get(`${prefix}/search`, { schema: searchSchema }, search);
-  fastify.get(`${prefix}/filter/:table`, { schema: filterSchema }, filter);
-  fastify.get(`${prefix}/form/:form`, { schema: formSchema }, form);
-}
-
-export default plugin;
+import suggest from './controllers/suggest.js';
+import data from './controllers/data.js';
+import table from './controllers/table.js';
+import card from './controllers/card.js';
+import search from './controllers/search.js';
+import filter from './controllers/filter.js';
+import form from './controllers/form.js';
+import metaFormat from './funcs/metaFormat/index.js';
+import getFilterSQL from './funcs/getFilterSQL/index.js';
+import getTemplate from './controllers/utils/getTemplate.js';
+import getSelect from './controllers/utils/getSelect.js';
+
+const tableSchema = {
+  querystring: {
+    page: { type: 'string', pattern: '^(\\d+)$' },
+    order: { type: 'string', pattern: '^(\\d+)$' },
+    filter: { type: 'string', pattern: '^([\\w\\d_-]+)=([\\w\\d_-]+)$' },
+  },
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+const searchSchema = {
+  querystring: {
+    page: { type: 'string', pattern: '^(\\d+)$' },
+    limit: { type: 'string', pattern: '^(\\d+)$' },
+    order: { type: 'string', pattern: '^([\\w_.]+)$' },
+    desc: { type: 'string', pattern: '^(desc)|(asc)$' },
+    key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+    sql: { type: 'string', pattern: '^(\\d)$' },
+  },
+};
+
+const suggestSchema = {
+  querystring: {
+    lang: { type: 'string', pattern: '^([\\w.]+)$' },
+    // parent: { type: 'string', pattern: '^([\\w,./]+)$' },
+    sel: { type: 'string', pattern: '^([\\w,./]+)$' },
+    name: { type: 'string', pattern: '^([\\w,./]+)$' },
+    // key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
+    // val: { type: 'string', pattern: '^([\\w.,]+)$' },
+    sql: { type: 'string', pattern: '^(\\d)$' },
+  },
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+  },
+};
+
+const formSchema = {
+  params: {
+    form: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+const filterSchema = {
+  params: {
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  fastify.decorate('metaFormat', metaFormat);
+  fastify.decorate('getFilterSQL', getFilterSQL);
+  fastify.decorate('getTemplate', getTemplate);
+  fastify.decorate('getSelect', getSelect);
+
+  fastify.get(`${prefix}/suggest/:data`, { schema: suggestSchema }, suggest);
+  fastify.get(`${prefix}/data/:table/:id?`, { schema: tableSchema }, data); // vs.crm.data.api с node
+  fastify.get(`${prefix}/table/:table/:id`, { schema: tableSchema }, table);
+  fastify.get(`${prefix}/card/:table/:id`, { schema: tableSchema }, card);
+  fastify.get(`${prefix}/search`, { schema: searchSchema }, search);
+  fastify.get(`${prefix}/filter/:table`, { schema: filterSchema }, filter);
+  fastify.get(`${prefix}/form/:form`, { schema: formSchema }, form);
+}
+
+export default plugin;

package/test/api/crud.xss.test.js

@@ -1,72 +1,72 @@
-import { test } from 'node:test';
-import assert from 'node:assert';
-
-import build from '../../helper.js';
-
-import setToken from '../../crud/funcs/setToken.js';
-import config from '../config.js';
-
-test('api crud xss', async (t) => {
-  const app = await build(t);
-  const session = { passport: { user: { uid: '1' } } };
-  app.addHook('onRequest', async (req) => {
-    req.session = session;
-  });
-  // app.decorateRequest('session', session);
-
-  const prefix = config.prefix || '/api';
-
-  let addTokens;
-  let editTokens;
-
-  // before
-  t.test('setToken', async () => {
-    addTokens = setToken({
-      ids: [JSON.stringify({ add: 'gis.dataset', form: 'test.dataset.form' })],
-      mode: 'a',
-      uid: 1,
-      array: 1,
-    });
-    editTokens = setToken({
-      ids: [JSON.stringify({ id: '5400000', table: 'gis.dataset', form: 'test.dataset.form' })],
-      mode: 'w',
-      uid: 1,
-      array: 1,
-    });
-    assert.ok(addTokens.length === 1 && editTokens.length === 1, 'invalid token');
-  });
-
-  await t.test('POST /insert', async () => {
-    const res = await app.inject({
-      method: 'POST',
-      url: `${prefix}/table/${addTokens[0]}`,
-      body: { dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>', dataset_id: '5400000' },
-    });
-
-    const rep = JSON.parse(res?.body);
-    console.log(rep)
-    assert.ok(rep.status, 409);
-  });
-
-  await t.test('PUT /update', async () => {
-    const res = await app.inject({
-      method: 'PUT',
-      url: `${prefix}/table/${editTokens[0]}/${editTokens[0]}`,
-      body: { editor_id: '11', dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>' },
-    });
-
-    const rep = JSON.parse(res?.body);
-    console.log(rep)
-    assert.equal(rep.status, 409);
-  });
-  await t.test('DELETE /delete', async () => {
-    const res = await app.inject({
-      method: 'DELETE',
-      url: `${prefix}/table/gis.dataset/5400000`,
-    });
-
-    const rep = JSON.parse(res?.body);
-    console.log(rep)
-    assert.ok(rep);
-  });
-});
+import { test } from 'node:test';
+import assert from 'node:assert';
+
+import build from '../../helper.js';
+
+import setToken from '../../crud/funcs/setToken.js';
+import config from '../config.js';
+
+test('api crud xss', async (t) => {
+  const app = await build(t);
+  const session = { passport: { user: { uid: '1' } } };
+  app.addHook('onRequest', async (req) => {
+    req.session = session;
+  });
+  // app.decorateRequest('session', session);
+
+  const prefix = config.prefix || '/api';
+
+  let addTokens;
+  let editTokens;
+
+  // before
+  t.test('setToken', async () => {
+    addTokens = setToken({
+      ids: [JSON.stringify({ add: 'gis.dataset', form: 'test.dataset.form' })],
+      mode: 'a',
+      uid: 1,
+      array: 1,
+    });
+    editTokens = setToken({
+      ids: [JSON.stringify({ id: '5400000', table: 'gis.dataset', form: 'test.dataset.form' })],
+      mode: 'w',
+      uid: 1,
+      array: 1,
+    });
+    assert.ok(addTokens.length === 1 && editTokens.length === 1, 'invalid token');
+  });
+
+  await t.test('POST /insert', async () => {
+    const res = await app.inject({
+      method: 'POST',
+      url: `${prefix}/table/${addTokens[0]}`,
+      body: { dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>', dataset_id: '5400000' },
+    });
+
+    const rep = JSON.parse(res?.body);
+    console.log(rep)
+    assert.ok(rep.status, 409);
+  });
+
+  await t.test('PUT /update', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: `${prefix}/table/${editTokens[0]}/${editTokens[0]}`,
+      body: { editor_id: '11', dataset_name: '<a onClick="alert("XSS Injection")">xss injection</a>' },
+    });
+
+    const rep = JSON.parse(res?.body);
+    console.log(rep)
+    assert.equal(rep.status, 409);
+  });
+  await t.test('DELETE /delete', async () => {
+    const res = await app.inject({
+      method: 'DELETE',
+      url: `${prefix}/table/gis.dataset/5400000`,
+    });
+
+    const rep = JSON.parse(res?.body);
+    console.log(rep)
+    assert.ok(rep);
+  });
+});