@opengis/fastify-table 1.0.89 → 1.0.90

package/index.js

@@ -1,97 +1,97 @@
-import path from 'path';
-import { existsSync, readdirSync, readFileSync } from 'fs';
-
-import fp from 'fastify-plugin';
-import config from './config.js';
-// import rclient from './redis/client.js';
-
-import redisPlugin from './redis/index.js';
-import pgPlugin from './pg/index.js';
-import tablePlugin from './table/index.js';
-import notificationPlugin from './notification/index.js';
-import widgetPlugin from './widget/index.js';
-import crudPlugin from './crud/index.js';
-import policyPlugin from './policy/index.js';
-import utilPlugin from './util/index.js';
-import cronPlugin from './cron/index.js';
-
-import pgClients from './pg/pgClients.js';
-
-import execMigrations from './migration/exec.migrations.js';
-
-async function plugin(fastify, opt) {
-  // console.log(opt);
-  config.pg = opt.pg;
-  config.redis = opt.redis;
-  config.root = opt.root;
-  config.mapServerRoot = opt.mapServerRoot;
-
-  // independent npm start / unit test
-  if (!fastify.config) {
-    fastify.decorate('config', config);
-  }
-
-  fastify.register(import('@fastify/sensible'), {
-    errorHandler: false,
-  });
-
-  fastify.register(import('@fastify/url-data'), {
-    errorHandler: false,
-  });
-
-  fastify.register(import('@opengis/fastify-hb'));
-  fastify.decorate('getFolder', (req, type = 'server') => {
-    if (!['server', 'local'].includes(type)) throw new Error('params type is invalid');
-    const types = { local: req.root || config.root, server: req.mapServerRoot || config.mapServerRoot };
-    const filepath = path.posix.join(types[type] || '/data/local', req.folder || config.folder || '');
-    return filepath;
-  });
-
-  fastify.addHook('onListen', async () => {
-    const { client } = pgClients;
-    if (client?.pk?.['crm.cls']) {
-      const clsDir = path.join(process.cwd(), 'server/templates/cls');
-      const files = existsSync(clsDir) ? readdirSync(clsDir) : [];
-      if (files.length) {
-        const res = await Promise.all(files.map(async (filename) => {
-          const filepath = path.join(clsDir, filename);
-          const data = JSON.parse(readFileSync(filepath));
-          return { name: path.parse(filename).name, data };
-        }));
-        await client.query('truncate table crm.cls');
-        const { rows } = await client.query(`insert into crm.cls(name, type) 
-        select value->>'name', 'json' from json_array_elements($1) returning cls_id as id, name`, [JSON.stringify(res).replace(/'/g, "''")]);
-        rows.forEach((row) => Object.assign(row, { data: res.find((cls) => row.name === cls.name)?.data }));
-        const sql = `insert into crm.cls(code, name, parent)
-        select json_array_elements(value->'data')->>'id', json_array_elements(value->'data')->>'text', value->>'name' from json_array_elements($1)`;
-        await client.query(sql, [JSON.stringify(rows).replace(/'/g, "''")]);
-      }
-    }
-    // call from another repo / project
-    fastify.execMigrations = execMigrations;
-    // execute core migrations
-    await fastify.execMigrations();
-  });
-  if (!fastify.funcs) {
-    fastify.addHook('onRequest', async (req) => {
-      req.funcs = fastify;
-      if (!req.user && req.session?.passport?.user) {
-        const { user } = req.session?.passport || {};
-        req.user = user;
-      }
-    });
-    // fastify.decorateRequest('funcs', fastify);
-  }
-
-  policyPlugin(fastify);
-  redisPlugin(fastify);
-  await pgPlugin(fastify, opt);
-  tablePlugin(fastify, opt);
-  crudPlugin(fastify, opt);
-  notificationPlugin(fastify, opt);
-  widgetPlugin(fastify, opt);
-  utilPlugin(fastify, opt);
-  cronPlugin(fastify, opt);
-}
-export default fp(plugin);
-// export { rclient };
+import path from 'path';
+import { existsSync, readdirSync, readFileSync } from 'fs';
+
+import fp from 'fastify-plugin';
+import config from './config.js';
+// import rclient from './redis/client.js';
+
+import redisPlugin from './redis/index.js';
+import pgPlugin from './pg/index.js';
+import tablePlugin from './table/index.js';
+import notificationPlugin from './notification/index.js';
+import widgetPlugin from './widget/index.js';
+import crudPlugin from './crud/index.js';
+import policyPlugin from './policy/index.js';
+import utilPlugin from './util/index.js';
+import cronPlugin from './cron/index.js';
+
+import pgClients from './pg/pgClients.js';
+
+import execMigrations from './migration/exec.migrations.js';
+
+async function plugin(fastify, opt) {
+  // console.log(opt);
+  config.pg = opt.pg;
+  config.redis = opt.redis;
+  config.root = opt.root;
+  config.mapServerRoot = opt.mapServerRoot;
+
+  // independent npm start / unit test
+  if (!fastify.config) {
+    fastify.decorate('config', config);
+  }
+
+  fastify.register(import('@fastify/sensible'), {
+    errorHandler: false,
+  });
+
+  fastify.register(import('@fastify/url-data'), {
+    errorHandler: false,
+  });
+
+  fastify.register(import('@opengis/fastify-hb'));
+  fastify.decorate('getFolder', (req, type = 'server') => {
+    if (!['server', 'local'].includes(type)) throw new Error('params type is invalid');
+    const types = { local: req.root || config.root, server: req.mapServerRoot || config.mapServerRoot };
+    const filepath = path.posix.join(types[type] || '/data/local', req.folder || config.folder || '');
+    return filepath;
+  });
+
+  fastify.addHook('onListen', async () => {
+    const { client } = pgClients;
+    if (client?.pk?.['crm.cls']) {
+      const clsDir = path.join(process.cwd(), 'server/templates/cls');
+      const files = existsSync(clsDir) ? readdirSync(clsDir) : [];
+      if (files.length) {
+        const res = await Promise.all(files.map(async (filename) => {
+          const filepath = path.join(clsDir, filename);
+          const data = JSON.parse(readFileSync(filepath));
+          return { name: path.parse(filename).name, data };
+        }));
+        await client.query('truncate table crm.cls');
+        const { rows } = await client.query(`insert into crm.cls(name, type) 
+        select value->>'name', 'json' from json_array_elements($1) returning cls_id as id, name`, [JSON.stringify(res).replace(/'/g, "''")]);
+        rows.forEach((row) => Object.assign(row, { data: res.find((cls) => row.name === cls.name)?.data }));
+        const sql = `insert into crm.cls(code, name, parent)
+        select json_array_elements(value->'data')->>'id', json_array_elements(value->'data')->>'text', value->>'name' from json_array_elements($1)`;
+        await client.query(sql, [JSON.stringify(rows).replace(/'/g, "''")]);
+      }
+    }
+    // call from another repo / project
+    fastify.execMigrations = execMigrations;
+    // execute core migrations
+    await fastify.execMigrations();
+  });
+  if (!fastify.funcs) {
+    fastify.addHook('onRequest', async (req) => {
+      req.funcs = fastify;
+      if (!req.user && req.session?.passport?.user) {
+        const { user } = req.session?.passport || {};
+        req.user = user;
+      }
+    });
+    // fastify.decorateRequest('funcs', fastify);
+  }
+
+  policyPlugin(fastify);
+  redisPlugin(fastify);
+  await pgPlugin(fastify, opt);
+  tablePlugin(fastify, opt);
+  crudPlugin(fastify, opt);
+  notificationPlugin(fastify, opt);
+  widgetPlugin(fastify, opt);
+  utilPlugin(fastify, opt);
+  cronPlugin(fastify, opt);
+}
+export default fp(plugin);
+// export { rclient };

package/notification/controllers/userNotifications.js

@@ -1,19 +1,19 @@
-export default async function userNotifications({
-  pg, session = {}, query = {},
-}) {
-  const time = Date.now();
-  try {
-    const { uid } = session.passport?.user || {};
-    if (!uid) return { error: 'access restricted', status: 403 };
-
-    const queryFunc = query.nocache ? pg.query : pg.queryCache;
-
-    // queryCache not supports $1 params
-    const { rows } = await queryFunc(`select notification_id as id, notification_type as type, 
-      notification_status as status, title, body, link, uid from crm.notification where uid='${uid}'`);
-    return { time: Date.now() - time, total: rows?.length, rows };
-  }
-  catch (err) {
-    return { error: err.toString(), status: 500 };
-  }
-}
+export default async function userNotifications({
+  pg, session = {}, query = {},
+}) {
+  const time = Date.now();
+  try {
+    const { uid } = session.passport?.user || {};
+    if (!uid) return { error: 'access restricted', status: 403 };
+
+    const queryFunc = query.nocache ? pg.query : pg.queryCache;
+
+    // queryCache not supports $1 params
+    const { rows } = await queryFunc(`select notification_id as id, notification_type as type, 
+      notification_status as status, title, body, link, uid from crm.notification where uid='${uid}'`);
+    return { time: Date.now() - time, total: rows?.length, rows };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/notification/funcs/addNotification.js

@@ -1,8 +1,8 @@
-export default async function addNotification({
-  pg, session = {}, title, body, link, notificationType, uid: uid1,
-}) {
-  const uid = uid1 || session.passport?.user?.uid || {};
-  const { id, status } = await pg.one(`insert into crm.notification(title, body, link, notification_type, uid) 
-  values($1,$2,$3,$4,$5) returning notification_id as id, notification_status as status`, [title, body, link, notificationType, uid]);
-  return { id, status };
-}
+export default async function addNotification({
+  pg, session = {}, title, body, link, notificationType, uid: uid1,
+}) {
+  const uid = uid1 || session.passport?.user?.uid || {};
+  const { id, status } = await pg.one(`insert into crm.notification(title, body, link, notification_type, uid) 
+  values($1,$2,$3,$4,$5) returning notification_id as id, notification_status as status`, [title, body, link, notificationType, uid]);
+  return { id, status };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.0.89",
+  "version": "1.0.90",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",

package/pg/pgClients.js

@@ -1,20 +1,20 @@
-import pg from 'pg';
-import config from '../config.js';
-import init from './funcs/init.js';
-
-const pgClients = {};
-if (config.pg) {
-  const client = new pg.Pool({
-    host: config.pg?.host || '127.0.0.1',
-    port: config.pg?.port || 5432,
-    database: config.pg?.database || 'postgres',
-    user: config.pg?.user || 'postgres',
-    password: config.pg?.password || 'postgres',
-  });
-  client.init = async () => {
-    await init(client);
-  };
-  client.init();
-  pgClients.client = client;
-}
-export default pgClients;
+import pg from 'pg';
+import config from '../config.js';
+import init from './funcs/init.js';
+
+const pgClients = {};
+if (config.pg) {
+  const client = new pg.Pool({
+    host: config.pg?.host || '127.0.0.1',
+    port: config.pg?.port || 5432,
+    database: config.pg?.database || 'postgres',
+    user: config.pg?.user || 'postgres',
+    password: config.pg?.password || 'postgres',
+  });
+  client.init = async () => {
+    await init(client);
+  };
+  client.init();
+  pgClients.client = client;
+}
+export default pgClients;

package/policy/funcs/checkPolicy.js

@@ -1,83 +1,83 @@
-import block from './sqlInjection.js';
-
-/**
- * Middleware func
- *
- * @type function
- * @alias checkPolicy
- * @summary Функція дозволяє налаштувати доступ до сайту або API для адмін. та публічної частини веб-ресурсу
- * @param {String} path - назва апі
- * @returns {object|null} Returns object
- */
-
-export default function checkPolicy(req) {
-  const {
-    originalUrl: path, hostname, query, params, headers: hs, log, sid = 35, funcs = {},
-  } = req;
-  const user = req.user || req.session?.passport?.user;
-
-  const { config } = funcs;
-  const isUser = config.debug || !!user;
-
-  const isServer = process.argv[2];
-  const { policy = [] } = req.routeOptions?.config || {};
-
-  /*= == 0.Check superadmin access  === */
-  if (policy.includes('superadmin') && user?.user_type !== 'superadmin') {
-    log.warn({
-      name: 'api/superadmin', params, query, body: JSON.stringify(req?.body || {}).substring(30), message: 'access restricted: 0',
-    });
-    return { message: 'access restricted: 0', status: 403 };
-  }
-
-  /*= == 1.File injection  === */
-  if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
-    log.warn({
-      name: 'injection/file', params, query, message: 'access restricted: 1',
-    });
-    return { message: 'access restricted: 1', status: 403 };
-  }
-
-  /*= == 1.1 File  === */
-  const allowExtPublic = ['.png', '.jpg', '.svg'];
-  const ext = path.toLowerCase().substr(-4);
-  if (path.includes('files/') && allowExtPublic.includes(ext)) return null;
-
-  /*= == 2.SQL Injection policy: no-sql === */
-  if (!policy.includes('no-sql')) {
-    // skip polyline param - data filter (geometry bounds)
-    const stopWords = block.filter((el) => path.replace(query.polyline, '').includes(el));
-    if (stopWords?.length) {
-      log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
-      return { message: 'access restricted: 2', status: 403 };
-    }
-  }
-  /* Check is Not API */
-  const isApi = ['/files/', '/api/format/', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
-  if (!isApi) return null;
-
-  /*= == 3. policy: referer === */
-  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
-    log.warn({ name: 'referer', message: 'access restricted: 3' });
-    return { message: 'access restricted: 3', status: 403 };
-  }
-
-  /*= == policy: public === */
-  if (policy.includes('public')) {
-    return null;
-  }
-
-  /*= == 4. policy: site auth === */
-  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
-    log.warn({ name: 'site', message: 'access restricted: 4' });
-    return { message: 'access restricted: 4', status: 403 };
-  }
-
-  /*= == 5. base policy: block api  === */
-  if (sid === 35 && !isUser && isServer && !config.local && !config.debug) {
-    log.warn({ name: 'api', message: 'access restricted: 5' });
-    return { message: 'access restricted: 5', status: 403 };
-  }
-
-  return null;
-}
+import block from './sqlInjection.js';
+
+/**
+ * Middleware func
+ *
+ * @type function
+ * @alias checkPolicy
+ * @summary Функція дозволяє налаштувати доступ до сайту або API для адмін. та публічної частини веб-ресурсу
+ * @param {String} path - назва апі
+ * @returns {object|null} Returns object
+ */
+
+export default function checkPolicy(req) {
+  const {
+    originalUrl: path, hostname, query, params, headers: hs, log, sid = 35, funcs = {},
+  } = req;
+  const user = req.user || req.session?.passport?.user;
+
+  const { config } = funcs;
+  const isUser = config.debug || !!user;
+
+  const isServer = process.argv[2];
+  const { policy = [] } = req.routeOptions?.config || {};
+
+  /*= == 0.Check superadmin access  === */
+  if (policy.includes('superadmin') && user?.user_type !== 'superadmin') {
+    log.warn({
+      name: 'api/superadmin', params, query, body: JSON.stringify(req?.body || {}).substring(30), message: 'access restricted: 0',
+    });
+    return { message: 'access restricted: 0', status: 403 };
+  }
+
+  /*= == 1.File injection  === */
+  if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
+    log.warn({
+      name: 'injection/file', params, query, message: 'access restricted: 1',
+    });
+    return { message: 'access restricted: 1', status: 403 };
+  }
+
+  /*= == 1.1 File  === */
+  const allowExtPublic = ['.png', '.jpg', '.svg'];
+  const ext = path.toLowerCase().substr(-4);
+  if (path.includes('files/') && allowExtPublic.includes(ext)) return null;
+
+  /*= == 2.SQL Injection policy: no-sql === */
+  if (!policy.includes('no-sql')) {
+    // skip polyline param - data filter (geometry bounds)
+    const stopWords = block.filter((el) => path.replace(query.polyline, '').includes(el));
+    if (stopWords?.length) {
+      log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
+      return { message: 'access restricted: 2', status: 403 };
+    }
+  }
+  /* Check is Not API */
+  const isApi = ['/files/', '/api/format/', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
+  if (!isApi) return null;
+
+  /*= == 3. policy: referer === */
+  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
+    log.warn({ name: 'referer', message: 'access restricted: 3' });
+    return { message: 'access restricted: 3', status: 403 };
+  }
+
+  /*= == policy: public === */
+  if (policy.includes('public')) {
+    return null;
+  }
+
+  /*= == 4. policy: site auth === */
+  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
+    log.warn({ name: 'site', message: 'access restricted: 4' });
+    return { message: 'access restricted: 4', status: 403 };
+  }
+
+  /*= == 5. base policy: block api  === */
+  if (sid === 35 && !isUser && isServer && !config.local && !config.debug) {
+    log.warn({ name: 'api', message: 'access restricted: 5' });
+    return { message: 'access restricted: 5', status: 403 };
+  }
+
+  return null;
+}

package/policy/funcs/sqlInjection.js

@@ -1,33 +1,33 @@
-const sqlInjection = [
-  '()',
-  '^',
-  '*',
-  'like ',
-  '@variable',
-  '@@variable',
-  'group by ',
-  'union ',
-  'select ',
-  'having ',
-  'as injectx',
-  'where ',
-  'rlike ',
-  'if(',
-  'sleep(',
-  'waitfor delay',
-  'benchmark(',
-  'pg_sleep(',
-  "'\\\"",
-  'randomblob(',
-  'order by ',
-  'union all ',
-  '+or',
-  'or ',
-  'and ',
-  "'' ",
-  '"""  ',
-  '<script',
-  'javascript:',
-]
-
-export default sqlInjection;
+const sqlInjection = [
+  '()',
+  '^',
+  '*',
+  'like ',
+  '@variable',
+  '@@variable',
+  'group by ',
+  'union ',
+  'select ',
+  'having ',
+  'as injectx',
+  'where ',
+  'rlike ',
+  'if(',
+  'sleep(',
+  'waitfor delay',
+  'benchmark(',
+  'pg_sleep(',
+  "'\\\"",
+  'randomblob(',
+  'order by ',
+  'union all ',
+  '+or',
+  'or ',
+  'and ',
+  "'' ",
+  '"""  ',
+  '<script',
+  'javascript:',
+]
+
+export default sqlInjection;

package/policy/index.js

@@ -1,14 +1,14 @@
-// import fp from 'fastify-plugin';
-
-import checkPolicy from './funcs/checkPolicy.js';
-
-async function plugin(fastify) {
-  fastify.addHook('onRequest', async (request, reply) => {
-    const hookData = checkPolicy(request);
-    if (hookData?.status && hookData?.message) {
-      return reply.status(hookData?.status).send(hookData.message);
-    }
-  });
-}
-
-export default plugin;
+// import fp from 'fastify-plugin';
+
+import checkPolicy from './funcs/checkPolicy.js';
+
+async function plugin(fastify) {
+  fastify.addHook('onRequest', async (request, reply) => {
+    const hookData = checkPolicy(request);
+    if (hookData?.status && hookData?.message) {
+      return reply.status(hookData?.status).send(hookData.message);
+    }
+  });
+}
+
+export default plugin;

package/redis/client.js

@@ -1,8 +1,8 @@
-import redisClients from './funcs/redisClients.js';
-import getRedis from './funcs/getRedis.js';
-
-if (!redisClients[0]) {
-  getRedis({ db: 0 });
-}
-
-export default redisClients[0];
+import redisClients from './funcs/redisClients.js';
+import getRedis from './funcs/getRedis.js';
+
+if (!redisClients[0]) {
+  getRedis({ db: 0 });
+}
+
+export default redisClients[0];

package/redis/funcs/redisClients.js

@@ -1,2 +1,2 @@
-const redisClients = {};
-export default redisClients;
+const redisClients = {};
+export default redisClients;

package/redis/index.js

@@ -1,19 +1,19 @@
-// import client from './client.js';
-import getRedis from './funcs/getRedis.js';
-// import client from './funcs/redisClients.js';
-
-function close(fastify) {
-  fastify.rclient.quit();
-  // fastify.rclient2.quit();
-}
-
-async function plugin(fastify) {
-  const client = getRedis({ db: 0, funcs: fastify });
-  client.getJSON = client.get;
-  fastify.decorate('rclient', client);
-  fastify.decorate('getRedis', getRedis);
-  // fastify.decorate('rclient2', client2);
-  fastify.addHook('onClose', close);
-}
-
-export default plugin;
+// import client from './client.js';
+import getRedis from './funcs/getRedis.js';
+// import client from './funcs/redisClients.js';
+
+function close(fastify) {
+  fastify.rclient.quit();
+  // fastify.rclient2.quit();
+}
+
+async function plugin(fastify) {
+  const client = getRedis({ db: 0, funcs: fastify });
+  client.getJSON = client.get;
+  fastify.decorate('rclient', client);
+  fastify.decorate('getRedis', getRedis);
+  // fastify.decorate('rclient2', client2);
+  fastify.addHook('onClose', close);
+}
+
+export default plugin;