npm - @opengis/fastify-table - Versions diffs - 1.0.9 → 1.0.11 - Mend

@opengis/fastify-table 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/.eslintrc.cjs +42 -42
package/Changelog.md +47 -47
package/README.md +26 -26
package/config.js +11 -11
package/crud/controllers/deleteCrud.js +10 -10
package/crud/controllers/insert.js +28 -28
package/crud/controllers/update.js +29 -29
package/crud/controllers/utils/checkXSS.js +45 -45
package/crud/controllers/utils/xssInjection.js +72 -72
package/crud/funcs/dataDelete.js +15 -15
package/crud/funcs/dataInsert.js +24 -24
package/crud/funcs/dataUpdate.js +3 -3
package/crud/funcs/{getIdByToken.js → getToken.js} +27 -29
package/crud/funcs/isFileExists.js +13 -13
package/crud/funcs/{setTokenById.js → setToken.js} +53 -55
package/helper.js +28 -28
package/index.js +32 -32
package/package.json +22 -22
package/pg/funcs/autoIndex.js +89 -89
package/pg/funcs/getMeta.js +27 -27
package/pg/funcs/getPG.js +3 -0
package/pg/funcs/init.js +42 -42
package/pg/funcs/pgClients.js +2 -2
package/pg/index.js +35 -35
package/pg/pgClients.js +20 -17
package/policy/funcs/checkPolicy.js +74 -74
package/policy/funcs/sqlInjection.js +33 -33
package/policy/index.js +14 -14
package/redis/client.js +8 -8
package/redis/funcs/getRedis.js +1 -2
package/redis/funcs/redisClients.js +2 -2
package/redis/index.js +19 -19
package/server/templates/form/test.dataset.form.json +411 -411
package/server.js +14 -14
package/table/controllers/data.js +57 -55
package/table/controllers/filter.js +32 -24
package/table/controllers/form.js +10 -10
package/table/controllers/suggest.js +60 -60
package/table/controllers/utils/getSelect.js +20 -20
package/table/controllers/utils/getSelectMeta.js +66 -66
package/table/funcs/getFilterSQL/index.js +75 -75
package/table/funcs/getFilterSQL/util/formatValue.js +142 -142
package/table/funcs/getFilterSQL/util/getCustomQuery.js +13 -13
package/table/funcs/getFilterSQL/util/getFilterQuery.js +73 -73
package/table/funcs/getFilterSQL/util/getOptimizedQuery.js +12 -12
package/table/funcs/getFilterSQL/util/getTableSql.js +34 -34
package/table/funcs/metaFormat/getSelectVal.js +20 -0
package/table/funcs/metaFormat/index.js +24 -0
package/table/index.js +25 -14
package/test/api/crud.test.js +50 -50
package/test/api/crud.xss.test.js +68 -70
package/test/api/table.test.js +49 -49
package/test/config.example +18 -18
package/test/funcs/crud.test.js +76 -77
package/test/funcs/pg.test.js +34 -32
package/test/funcs/redis.test.js +19 -19
package/test/templates/cls/itree.recommend.json +26 -0
package/test/templates/cls/itree.type_plant.json +65 -0
package/test/templates/cls/test.json +9 -9
package/test/templates/form/cp_building.form.json +32 -32
package/test/templates/select/account_id.json +3 -3
package/test/templates/select/contact_id.sql +1 -0
package/test/templates/select/storage.data.json +2 -2
package/test/templates/table/gis.dataset.table.json +20 -20
package/test/templates/table/green_space.table.json +3 -3
package/test/funcs/table.test.js +0 -48

package/.eslintrc.cjs CHANGED Viewed

@@ -1,42 +1,42 @@
-/* eslint-env node */
-module.exports = {
-  env: {
-    node: true,
-  },
-  root: true,
-  extends: [
-    'eslint:recommended',
-    'airbnb-base',
-  ],
-  rules: {
-    'brace-style': [2, 'stroustrup', { allowSingleLine: true }],
-    'vue/max-attributes-per-line': 0,
-    'vue/valid-v-for': 0,
-    // allow async-await
-    'generator-star-spacing': 'off',
-    // allow paren-less arrow functions
-    'arrow-parens': 0,
-    'one-var': 0,
-    'max-len': 0,
-    'import/first': 0,
-    'import/named': 2,
-    'import/namespace': 2,
-    'import/default': 2,
-    'import/export': 2,
-    'import/extensions': 0,
-    'no-console': ['warn', { allow: ['warn', 'error'] }],
-    'import/no-unresolved': 0,
-    'import/no-extraneous-dependencies': 0,
-    'linebreak-style': ['error', 'unix'],
-    // allow debugger during development
-    'no-debugger': process.env.NODE_ENV === 'production' ? 2 : 0,
-  },
-  parserOptions: {
-    ecmaVersion: 'latest',
-  },
-};
+/* eslint-env node */
+module.exports = {
+  env: {
+    node: true,
+  },
+  root: true,
+  extends: [
+    'eslint:recommended',
+    'airbnb-base',
+  ],
+  rules: {
+    'brace-style': [2, 'stroustrup', { allowSingleLine: true }],
+    'vue/max-attributes-per-line': 0,
+    'vue/valid-v-for': 0,
+    // allow async-await
+    'generator-star-spacing': 'off',
+    // allow paren-less arrow functions
+    'arrow-parens': 0,
+    'one-var': 0,
+    'max-len': 0,
+    'import/first': 0,
+    'import/named': 2,
+    'import/namespace': 2,
+    'import/default': 2,
+    'import/export': 2,
+    'import/extensions': 0,
+    'no-console': ['warn', { allow: ['warn', 'error'] }],
+    'import/no-unresolved': 0,
+    'import/no-extraneous-dependencies': 0,
+    'linebreak-style': ['error', 'unix'],
+    // allow debugger during development
+    'no-debugger': process.env.NODE_ENV === 'production' ? 2 : 0,
+  },
+  parserOptions: {
+    ecmaVersion: 'latest',
+  },
+};

package/Changelog.md CHANGED Viewed

@@ -1,47 +1,47 @@
-# fastify-table
-## 1.0.9 - 29.04.2024
-- crud token support
-- security - xss restriction
-## 1.0.8 - 29.04.2024
-- filter fix
-## 1.0.7 - 26.04.2024
-- code optimization
-## 1.0.6 - 25.04.2024
-- code optimization
-## 1.0.5 - 24.04.2024
-- code optimization
-## 1.0.4 - 20.04.2024
-- data api - order
-- suggest api - db support
-- del api fix
-## 1.0.3 - 17.04.2024
-- fix unit test
-## 1.0.2 - 14.04.2024
-- fix redis
-## 1.0.1 - 14.04.2024
-- fix redis
-## 1.0.0 - 14.04.2024
-- crud
-- pg
-- redis
-- table
+# fastify-table
+## 1.0.9 - 29.04.2024
+- crud token support
+- security - xss restriction
+## 1.0.8 - 29.04.2024
+- filter fix
+## 1.0.7 - 26.04.2024
+- code optimization
+## 1.0.6 - 25.04.2024
+- code optimization
+## 1.0.5 - 24.04.2024
+- code optimization
+## 1.0.4 - 20.04.2024
+- data api - order
+- suggest api - db support
+- del api fix
+## 1.0.3 - 17.04.2024
+- fix unit test
+## 1.0.2 - 14.04.2024
+- fix redis
+## 1.0.1 - 14.04.2024
+- fix redis
+## 1.0.0 - 14.04.2024
+- crud
+- pg
+- redis
+- table

package/README.md CHANGED Viewed

@@ -1,26 +1,26 @@
-# fastify-table
-[![NPM version](https://img.shields.io/npm/v/@opengis/fastify-table)](https://www.npmjs.com/package/@opengis/fastify-table)
-[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
-It standardizes the entire form building process, while taking care of everything from rendering to validation and processing:
-- pg
-- redis
-- crud
-## Install
-```bash
-npm i @opengis/fastify-table
-```
-## Usage
-```js
-fastify.register(import('@opengis/fastify-table'), config);
-```
-## Documenation
-For a detailed understanding fastify-table, its features, and how to use them, refer to our [Documentation](https://apidocs.softpro.ua/gis.storage/).
+# fastify-table
+[![NPM version](https://img.shields.io/npm/v/@opengis/fastify-table)](https://www.npmjs.com/package/@opengis/fastify-table)
+[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
+It standardizes the entire form building process, while taking care of everything from rendering to validation and processing:
+- pg
+- redis
+- crud
+## Install
+```bash
+npm i @opengis/fastify-table
+```
+## Usage
+```js
+fastify.register(import('@opengis/fastify-table'), config);
+```
+## Documenation
+For a detailed understanding fastify-table, its features, and how to use them, refer to our [Documentation](https://apidocs.softpro.ua/gis.storage/).

package/config.js CHANGED Viewed

@@ -1,11 +1,11 @@
-import fs from 'fs';
-const config = fs.existsSync('config.json')
-  ? JSON.parse(fs.readFileSync('config.json'))
-  : {};
-Object.assign(config, {
-  allTemplates: config?.allTemplates || {},
-});
-export default config;
+import fs from 'fs';
+const config = fs.existsSync('config.json')
+  ? JSON.parse(fs.readFileSync('config.json'))
+  : {};
+Object.assign(config, {
+  allTemplates: config?.allTemplates || {},
+});
+export default config;

package/crud/controllers/deleteCrud.js CHANGED Viewed

@@ -1,10 +1,10 @@
-import dataDelete from '../funcs/dataDelete.js';
-export default async function deleteCrud(req) {
-  const { table, id } = req.params || {};
-  if (!table) return { status: 404, message: 'table is required' };
-  const data = await dataDelete({ table, id });
-  return { rowCount: data.rowCount, msg: !data.rowCount ? data : null };
-}
+import dataDelete from '../funcs/dataDelete.js';
+export default async function deleteCrud(req) {
+  const { table, id } = req.params || {};
+  if (!table) return { status: 404, message: 'table is required' };
+  const data = await dataDelete({ table, id });
+  return { rowCount: data.rowCount, msg: !data.rowCount ? data : null };
+}

package/crud/controllers/insert.js CHANGED Viewed

@@ -1,28 +1,28 @@
-import dataInsert from '../funcs/dataInsert.js';
-import getIdByToken from '../funcs/getIdByToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-export default async function insert(req) {
-  const { table } = req.params || {};
-  if (!table) return { status: 404, message: 'table is required' };
-  const { funcs, session, params } = req;
-  const tokenDataString = await getIdByToken({
-    funcs, session, token: params.table, mode: 'a', json: 0,
-  });
-  const { form, add } = JSON.parse(tokenDataString || '{}');
-  const formData = form ? await getTemplate('form', form) : {};
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-  const res = await dataInsert({ table: add || table, data: req.body });
-  return res;
-}
+import dataInsert from '../funcs/dataInsert.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+export default async function insert(req) {
+  const { table } = req.params || {};
+  if (!table) return { status: 404, message: 'table is required' };
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'a', json: 0,
+  });
+  const { form, add } = JSON.parse(tokenDataString || '{}');
+  const formData = form ? await getTemplate('form', form) : {};
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+  const res = await dataInsert({ table: add || table, data: req.body });
+  return res;
+}

package/crud/controllers/update.js CHANGED Viewed

@@ -1,29 +1,29 @@
-import dataUpdate from '../funcs/dataUpdate.js';
-import getIdByToken from '../funcs/getIdByToken.js';
-import checkXSS from './utils/checkXSS.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-export default async function update(req) {
-  const { table, id } = req.params || {};
-  if (!req.params?.table) return { message: 'table is required', status: 404 };
-  if (!id) return { message: 'id is required', status: 404 };
-  const { funcs, session, params } = req;
-  const tokenDataString = await getIdByToken({
-    funcs, session, token: params.table, mode: 'w', json: 0,
-  });
-  const tokenData = JSON.parse(tokenDataString || '{}');
-  const formData = tokenData?.form ? await getTemplate('form', tokenData.form) : {};
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
-  return res;
-}
+import dataUpdate from '../funcs/dataUpdate.js';
+import getToken from '../funcs/getToken.js';
+import checkXSS from './utils/checkXSS.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+export default async function update(req) {
+  const { table, id } = req.params || {};
+  if (!req.params?.table) return { message: 'table is required', status: 404 };
+  if (!id) return { message: 'id is required', status: 404 };
+  const { funcs, session, params } = req;
+  const tokenDataString = await getToken({
+    funcs, session, token: params.table, mode: 'w', json: 0,
+  });
+  const tokenData = JSON.parse(tokenDataString || '{}');
+  const formData = tokenData?.form ? await getTemplate('form', tokenData.form) : {};
+  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+  const res = await dataUpdate({ table: tokenData?.table || table, id: tokenData?.id || id, data: req.body });
+  return res;
+}

package/crud/controllers/utils/checkXSS.js CHANGED Viewed

@@ -1,45 +1,45 @@
-/* import sqlInjection from '../../../policy/funcs/sqlInjection.js'; */
-import xssInjection from './xssInjection.js';
-/* const checkList = xssInjection.concat(sqlInjection); */
-// RTE - rich text editor
-function checkXSS({ body, schema = {} }) {
-  const data = typeof body === 'string' ? body : JSON.stringify(body);
-  const stopWords = xssInjection.filter((el) => data.toLowerCase().includes(el));
-  // check sql injection
-  const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/gi);
-  if (stopSpecialSymbols?.length) stopSpecialSymbols?.forEach((el) => stopWords.push(el));
-  // escape arrows on non-RTE
-  Object.keys(body)
-    .filter((key) => ['<', '>'].find((el) => body[key].includes(el))
-  && !['Summernote', 'Tiny', 'Ace'].includes(schema[key]?.type))
-    ?.forEach((key) => {
-      Object.assign(body, { [key]: body[key].replace(/</g, '&lt;').replace(/>/g, '&gt;') });
-    });
-  // try { } catch (err) { return { error: err.toString() }; }
-  if (!stopWords.length) return { body };
-  const disabledCheckFields = Object.keys(schema)?.filter((el) => schema[el]?.xssCheck === false); // exclude specific columns
-  // check RTE
-  /* const richTextFields = Object.keys(schema).filter((el) => ['Summernote', 'Tiny', 'Ace'].includes(schema[el]?.type));
-  richTextFields.filter((key) => !checkList.find((el) => body[key].includes(el)))?.forEach((key) => {
-    disabledCheckFields.push(key);
-  }); */
-  const field = Object.keys(body)
-    ?.find((key) => body[key]
-        && !disabledCheckFields.includes(key)
-        && body[key].toLowerCase().includes(stopWords[0]));
-  if (field) {
-    return { error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`, body };
-  }
-  return { body };
-}
-export default checkXSS;
+/* import sqlInjection from '../../../policy/funcs/sqlInjection.js'; */
+import xssInjection from './xssInjection.js';
+/* const checkList = xssInjection.concat(sqlInjection); */
+// RTE - rich text editor
+function checkXSS({ body, schema = {} }) {
+  const data = typeof body === 'string' ? body : JSON.stringify(body);
+  const stopWords = xssInjection.filter((el) => data.toLowerCase().includes(el));
+  // check sql injection
+  const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/gi);
+  if (stopSpecialSymbols?.length) stopSpecialSymbols?.forEach((el) => stopWords.push(el));
+  // escape arrows on non-RTE
+  Object.keys(body)
+    .filter((key) => ['<', '>'].find((el) => body[key].includes(el))
+  && !['Summernote', 'Tiny', 'Ace'].includes(schema[key]?.type))
+    ?.forEach((key) => {
+      Object.assign(body, { [key]: body[key].replace(/</g, '&lt;').replace(/>/g, '&gt;') });
+    });
+  // try { } catch (err) { return { error: err.toString() }; }
+  if (!stopWords.length) return { body };
+  const disabledCheckFields = Object.keys(schema)?.filter((el) => schema[el]?.xssCheck === false); // exclude specific columns
+  // check RTE
+  /* const richTextFields = Object.keys(schema).filter((el) => ['Summernote', 'Tiny', 'Ace'].includes(schema[el]?.type));
+  richTextFields.filter((key) => !checkList.find((el) => body[key].includes(el)))?.forEach((key) => {
+    disabledCheckFields.push(key);
+  }); */
+  const field = Object.keys(body)
+    ?.find((key) => body[key]
+        && !disabledCheckFields.includes(key)
+        && body[key].toLowerCase().includes(stopWords[0]));
+  if (field) {
+    return { error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`, body };
+  }
+  return { body };
+}
+export default checkXSS;

package/crud/controllers/utils/xssInjection.js CHANGED Viewed

@@ -1,72 +1,72 @@
-const xssInjection = [
-  'onkeypress=',
-  'onkeyup=',
-  'ondblclick=',
-  'onerror=',
-  'onmouseover=',
-  '<meta',
-  '<script',
-  'vascript:',
-  'onkeydown=',
-  'onmousedown=',
-  'onmouseenter=',
-  'onmouseleave=',
-  'onmousemove=',
-  'onmouseout=',
-  'onmouseup=',
-  'onmousewheel=',
-  'onpaste=',
-  'onscroll=',
-  'onwheel=',
-  'javascript:',
-  '\\x',
-  'eval(',
-  'onmouseover=',
-  'action=',
-  'xlink:',
-  'allowscriptaccess',
-  'href=',
-  'behavior:',
-  'onreadystatechange=',
-  'onstart=',
-  'offline=',
-  'onabort=',
-  'onafterprint=',
-  'onbeforeonload=',
-  'onbeforeprint=',
-  'onblur=',
-  'oncanplay=',
-  'oncanplaythrough=',
-  'onchange=',
-  'onclick=',
-  'oncontextmenu=',
-  'ondblclick=',
-  'ondrag=',
-  'ondragend=',
-  'ondragenter=',
-  'ondragleave=',
-  'ondragover=',
-  'ondragstart=',
-  'ondrop=',
-  'ondurationchange=',
-  'onemptied=',
-  'onended=',
-  'onerror=',
-  'onfocus=',
-  'onformchange=',
-  'onforminput=',
-  'onhaschange=',
-  'oninput=',
-  'oninvalid=',
-  'onkeydown=',
-  'onkeypress=',
-  'onkeyup=',
-  'onload=',
-  'onloadeddata=',
-  'onloadedmetadata=',
-  'onloadstart=',
-  'alert(',
-  'script:',
-];
-export default xssInjection;
+const xssInjection = [
+  'onkeypress=',
+  'onkeyup=',
+  'ondblclick=',
+  'onerror=',
+  'onmouseover=',
+  '<meta',
+  '<script',
+  'vascript:',
+  'onkeydown=',
+  'onmousedown=',
+  'onmouseenter=',
+  'onmouseleave=',
+  'onmousemove=',
+  'onmouseout=',
+  'onmouseup=',
+  'onmousewheel=',
+  'onpaste=',
+  'onscroll=',
+  'onwheel=',
+  'javascript:',
+  '\\x',
+  'eval(',
+  'onmouseover=',
+  'action=',
+  'xlink:',
+  'allowscriptaccess',
+  'href=',
+  'behavior:',
+  'onreadystatechange=',
+  'onstart=',
+  'offline=',
+  'onabort=',
+  'onafterprint=',
+  'onbeforeonload=',
+  'onbeforeprint=',
+  'onblur=',
+  'oncanplay=',
+  'oncanplaythrough=',
+  'onchange=',
+  'onclick=',
+  'oncontextmenu=',
+  'ondblclick=',
+  'ondrag=',
+  'ondragend=',
+  'ondragenter=',
+  'ondragleave=',
+  'ondragover=',
+  'ondragstart=',
+  'ondrop=',
+  'ondurationchange=',
+  'onemptied=',
+  'onended=',
+  'onerror=',
+  'onfocus=',
+  'onformchange=',
+  'onforminput=',
+  'onhaschange=',
+  'oninput=',
+  'oninvalid=',
+  'onkeydown=',
+  'onkeypress=',
+  'onkeyup=',
+  'onload=',
+  'onloadeddata=',
+  'onloadedmetadata=',
+  'onloadstart=',
+  'alert(',
+  'script:',
+];
+export default xssInjection;

package/crud/funcs/dataDelete.js CHANGED Viewed

@@ -1,15 +1,15 @@
-import getPG from '../../pg/funcs/getPG.js';
-import getMeta from '../../pg/funcs/getMeta.js';
-export default async function dataDelete({
-  table, id,
-}) {
-  const pg = getPG({ name: 'client' });
-  const { pk } = await getMeta(table);
-  if (!pg.tlist.includes(table)) return 'table not exist';
-  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
-  //  console.log(updateDataset);
-  const res = await pg.one(delQuery, [id]) || {};
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+import getMeta from '../../pg/funcs/getMeta.js';
+export default async function dataDelete({
+  table, id,
+}) {
+  const pg = getPG({ name: 'client' });
+  const { pk } = await getMeta(table);
+  if (!pg.tlist?.includes(table)) return 'table not exist';
+  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
+  //  console.log(updateDataset);
+  const res = await pg.one(delQuery, [id]) || {};
+  return res;
+}