@opengis/fastify-table 1.0.87 → 1.0.88

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/Changelog.md +4 -0
  2. package/package.json +1 -1
  3. package/policy/funcs/checkPolicy.js +2 -1
  4. package/table/controllers/data.js +4 -3
  5. package/table/funcs/getFilterSQL/util/getFilterQuery.js +1 -1
  6. package/test/api/table.test.js +14 -1
package/Changelog.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # fastify-table
2
2
 
3
+ ## 1.0.88 - 26.08.2024
4
+
5
+ - data API meta bbox polyline support
6
+
3
7
  ## 1.0.87 - 26.08.2024
4
8
 
5
9
  - change of null handling method of update crud API
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@opengis/fastify-table",
3
- "version": "1.0.87",
3
+ "version": "1.0.88",
4
4
  "type": "module",
5
5
  "description": "core-plugins",
6
6
  "main": "index.js",
package/policy/funcs/checkPolicy.js CHANGED
@@ -45,7 +45,8 @@ export default function checkPolicy(req) {
45
45
 
46
46
  /*= == 2.SQL Injection policy: no-sql === */
47
47
  if (!policy.includes('no-sql')) {
48
- const stopWords = block.filter((el) => path.includes(el));
48
+ // skip polyline param - data filter (geometry bounds)
49
+ const stopWords = block.filter((el) => path.replace(query.polyline, '').includes(el));
49
50
  if (stopWords?.length) {
50
51
  log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
51
52
  return { message: 'access restricted: 2', status: 403 };
package/table/controllers/data.js CHANGED
@@ -60,18 +60,19 @@ export default async function dataAPI({
60
60
  const custom = loadTable.filterCustom && query.custom ? loadTable.filterCustom[query.custom]?.sql : null;
61
61
  const search = loadTable.meta?.search && query.search ? `(${loadTable.meta?.search.split(',').map(el => `${el} ilike '%${query.search}%'`).join(' or ')})` : null;
62
62
  const queryBbox = query?.bbox ? query.bbox.replace(/ /g, ',').split(',')?.map((el) => el - 0) : [];
63
+ const queryPolyline = meta?.bbox && query?.polyline ? `ST_Contains(ST_MakePolygon(ST_LineFromEncodedPolyline($1)),${meta.bbox})` : undefined;
63
64
  const bbox = meta?.bbox && queryBbox.filter((el) => !Number.isNaN(el))?.length === 4 ? `${meta.bbox} && 'box(${queryBbox[0]} ${queryBbox[1]},${queryBbox[2]} ${queryBbox[3]})'::box2d ` : undefined;
64
65
 
65
66
  const access = await getAccess(req, params.table);
66
- const where = [(opt?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, state, custom, search, access?.query || '1=1', bbox].filter((el) => el);
67
+ const where = [(opt?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, state, custom, search, access?.query || '1=1', bbox, queryPolyline].filter((el) => el);
67
68
  const cardColumns = cardSqlFiltered.length ? `,${cardSqlFiltered.map((el) => el.name)}` : '';
68
69
  const q = `select ${pk ? `"${pk}" as id,` : ''} ${columnList.includes('geom') ? 'st_asgeojson(geom)::json as geom,' : ''} ${query.id || query.key ? '*' : sqlColumns || cols || '*'} ${metaCols} ${cardColumns} from ${table} t ${sqlTable} ${cardSqlTable} where ${where.join(' and ') || 'true'} ${order} ${offset} limit ${limit}`;
69
70
 
70
71
  if (query.sql === '1') { return q; }
71
72
 
72
- const { rows } = await pg.query(q, (opt?.id || params.id ? [opt?.id || params.id] : null) || (query.key && loadTable.key ? [query.key] : []));
73
+ const { rows } = await pg.query(q, (opt?.id || params.id ? [opt?.id || params.id] : null) || (query.key && loadTable.key ? [query.key] : null) || (query?.polyline ? [query?.polyline] : []));
73
74
 
74
- const total = keyQuery || opt?.id || params.id ? rows.length : await pg.queryCache(`select count(*) from ${table} t ${sqlTable} where ${where.join(' and ') || 'true'}`).then((el) => el?.rows[0]?.count);
75
+ const total = keyQuery || opt?.id || params.id ? rows.length : await pg.queryCache(`select count(*) from ${table} t ${sqlTable} where ${where.filter((el) => !el.includes('$1')).join(' and ') || 'true'}`).then((el) => el?.rows[0]?.count);
75
76
 
76
77
  await metaFormat({ rows, table: params.table });
77
78
  const res = {
package/table/funcs/getFilterSQL/util/getFilterQuery.js CHANGED
@@ -55,7 +55,7 @@ function getQuery({
55
55
  optimize,
56
56
  filterType,
57
57
  name,
58
- value: decodeURIComponent(value),
58
+ value: decodeURIComponent(value), // decodeURIComponent(value)?.replace(new RegExp(String.raw`\b${name}=\b`, 'g'), '') for checkboxes?
59
59
  operator,
60
60
  fieldType: type || 'text',
61
61
  }) || {};
package/test/api/table.test.js CHANGED
@@ -22,7 +22,20 @@ test('api table', async (t) => {
22
22
  });
23
23
  const json = res.json();
24
24
  assert.ok(json?.rows?.length === +count, 'meta bbox - not ok');
25
- assert.ok(json?.rows?.[0]?.dataset_id_text, 'meta cls - not ok');
25
+ assert.ok(json?.rows?.length ? json?.rows?.[0]?.dataset_id_text : true, 'meta cls - not ok');
26
+ });
27
+
28
+ const polyline = 'wfvkH_jsvCoKvj@oKfiB?fw@?nd@?nK?nK~WgEfE?wQfw@gEfE?vQwQvj@wQvcAoKvQoKnKgEnd@_cBgw@wj@fEwj@nKg^vQg^oK?vQgEnKgpAvj@?vcAfEf^fEf^?vj@vQvj@vQgE~Wvj@?~p@gE~iAfEnK?~iA_XnvA?nd@fEf^~p@~bBvQ?nd@wQ?vQfEf^fEnK?vQ?vj@oKfEoKfEvQnd@nKvj@?vQfEvQgEf^gEf^?vQfEvQfEvQfE~W?fE?fE?~W?f^?nd@?nK?nKfEfEg^oKwj@nK_X~W~p@~WvQnKoKn}@wQvj@oK~Wg^vcAgEnK?~Wfw@vgD~p@oKfpAvQnd@nKoKvQoKvQ?fE?fEnKvj@wQvQ?fEod@fw@~Wn}@fEn}@_Xv|A_jA~fEwQwQ_XoKwQoKoKoKoKoKg^gE_XgEoKg^gEgEgE?gEfEgEfEgEf^_XoKwQ?gEgEoK?wQ?gE~WoKoKoKwQfEgEnK_X?gEgE?oKfEoKoKgE_XgEgEwQfEoKod@_Xgw@gEoKgE_Xg^wQoKg^_XnvAgE?gEvQgE?od@fpA?vQ?f^oKvcAwj@oKg^?wQn}@gEf^oK?w|AnKgE??nKwj@gEgEg^oKwQoKoK?gEwQoaD?oKod@oKod@gEod@wQo}@oKfEf^gEfEgpAnd@_XfEgE?wQnKo}@_q@?gEgEwj@?oK?oK?_X?oKfEoK?oKfEoK?oK?oK?gEfEoKwQfEoK?gEwQwj@nKo}@nKwQ~Wod@nKoKfEgw@ovAgEwQgE??oKoKgEoKgEgEwQ?oKfEoKnKwQfEwQoK?g^fE?wQfEg^fEod@gE??fEoKvQ?nKoKnKgEfEgEgE?g^nK_q@nKod@?oKoKoK~Wgw@fEoKnd@fE?_XfEoKfEwQfEoKfEwQfEoKvQ?fEfE?vj@gE~W~WvQvQwj@vQvQf^o}@nKvQ?_XgEg^gEg^nKod@?wQgEgEgE?oK_XgEoK?oKgEoKgE_XoKg^oKg^oKod@?gEfEoKvQgEnK?nKfE?_Xnd@gw@fEwQf^wj@fEwQnd@w|A?gEgEgEgEwQfEoKfEgEnKoKnKwQfEgE?oKfEoKnKgEnKwQ_XwQnKwcAod@wQvQod@~Wgw@nKgw@oKg^f^ovAgEwQ?_X?od@gEwj@gEwQvQg^fEoKnKoKvQnK~WfEnKvQ~Wod@f^wj@~WoKnKg^~W?vQgE~WoKnKoK~WoKfEwQvQwQfEgEnKwQnKwQvQwQnKoKnKgEnKgEnKgEvQnKnK?fE?fE?~WwQnKgEnKgEfE?fE?nK?fE?fE?vQgEfE?nKfEfE?fE?vQ?~W?~WgEfEgEnKgEnKwQfEnKnKfE?wj@?o}@g^o}@_Xod@?gEf^_X?o}@?wQ~W?~WgE~WgEfE?f^gEf^oK~Wg^nKgE?oK~WwQ?od@nK_XfEwQnKoKfEgEfE~W?f^f^fEfEfEnKfEnK?gEf^vQfEnK?~WnKvQnK?vQf^nKfEfEgE~WnKfEnK?fEgEfE?nK?fEfEfEgEnK?nKgEnK?nKfEf^?vQgEvQ?nd@gEnKo}@vQgE~WgEf^gE'; // UA26040270000047749
29
+
30
+ const { count1 } = await pgClients.client.query('select count(*) as count1 from gis.dataset where ST_Contains(ST_MakePolygon(ST_LineFromEncodedPolyline($1)),geom)', [polyline])
31
+ .then((res) => res.rows[0] || {});
32
+ await t.test('GET /data (meta polyline)', async () => {
33
+ const res = await app.inject({
34
+ method: 'GET',
35
+ url: `${config.prefix || '/api'}/data/test.dataset.table?polyline=${polyline}`,
36
+ });
37
+ const json = res.json();
38
+ assert.ok(json?.rows?.length === +count1, 'meta bbox (polyline) - not ok');
26
39
  });
27
40
 
28
41
  /* await t.test('GET /suggest', async () => {