@opengis/fastify-table 1.1.106 → 1.1.107

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -2
  2. package/server/plugins/table/funcs/getFilterSQL/index.js +1 -1
  3. package/server/plugins/table/funcs/getFilterSQL/util/getFilterQuery.js +2 -2
  4. package/server/routes/table/controllers/data.js +9 -5
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@opengis/fastify-table",
3
- "version": "1.1.106",
3
+ "version": "1.1.107",
4
4
  "type": "module",
5
5
  "description": "core-plugins",
6
6
  "main": "index.js",
@@ -25,7 +25,6 @@
25
25
  "fastify-plugin": "^4.0.0",
26
26
  "ioredis": "^5.3.2",
27
27
  "js-yaml": "^4.1.0",
28
- "nodemailer": "^6.5.0",
29
28
  "pg": "^8.11.3",
30
29
  "pino": "^9.5.0",
31
30
  "pino-abstract-transport": "^2.0.0"
package/server/plugins/table/funcs/getFilterSQL/index.js CHANGED
@@ -34,7 +34,7 @@ async function getFilterSQL({
34
34
  const tableSQL = await getTableSql({
35
35
  pg, body, table, fields,
36
36
  });
37
- const sval = `ilike '%${decodeURIComponent(search).replace(/'/g, "''")}%'`;
37
+ const sval = `ilike '%${decodeURIComponent(search?.replace(/%/g, '%25')).replace(/'/g, "''").replace(/%/g, '\\%')}%'`;
38
38
  const searchQuery = search && searchColumn
39
39
  ? ` (${searchColumn.split(',')?.map((name) => {
40
40
  const { pk } = tableSQL.find((el) => el.name === name) || {};
package/server/plugins/table/funcs/getFilterSQL/util/getFilterQuery.js CHANGED
@@ -15,7 +15,7 @@ function getQuery({
15
15
 
16
16
  const mainOperators = ['=', '~', '>', '<'];
17
17
 
18
- const filterQueryArray = decodeURI(filterStr?.replace(/(^,)|(,$)/g, '')).replace(/'/g, '').split(/[;|]/);
18
+ const filterQueryArray = decodeURIComponent(filterStr?.replace(/%/g, '%25').replace(/%/g, '\\%')?.replace(/(^,)|(,$)/g, '')).replace(/'/g, '').split(/[;|]/);
19
19
 
20
20
  const resultList = [];
21
21
 
@@ -49,7 +49,7 @@ function getQuery({
49
49
  filter,
50
50
  optimize,
51
51
  name,
52
- value: decodeURIComponent(value),
52
+ value,
53
53
  operator,
54
54
  dataTypeID,
55
55
  }) || {};
package/server/routes/table/controllers/data.js CHANGED
@@ -59,18 +59,18 @@ export default async function dataAPI(req) {
59
59
  column: params.id,
60
60
  sql: query.sql,
61
61
  filter: query.filter,
62
- state: query.state,
63
62
  search: query.search,
63
+ state: query.state,
64
64
  custom: query.custom,
65
65
  });
66
66
  }
67
67
 
68
- const checkFilter = [query.filter, query.state, query.search, query.custom].filter((el) => el).length;
68
+ const checkFilter = [query.filter, query.search, query.state, query.custom].filter((el) => el).length;
69
69
  const fData = checkFilter ? await getFilterSQL({
70
70
  table: params.table,
71
71
  filter: query.filter,
72
- state: query.state,
73
72
  search: query.search,
73
+ state: query.state,
74
74
  custom: query.custom,
75
75
  json: 1,
76
76
  }) : {};
@@ -84,13 +84,15 @@ export default async function dataAPI(req) {
84
84
  const [orderColumn, orderDir] = (query.order || loadTable.order || '').split(/[- ]/);
85
85
 
86
86
  const order = columnList.includes(orderColumn) && orderColumn?.length ? `order by ${orderColumn} ${query.desc || orderDir === 'desc' ? 'desc' : ''}` : '';
87
- const search = loadTable.meta?.search && query.search ? `(${loadTable.meta?.search.split(',').map(el => `${el} ilike '%${query.search}%'`).join(' or ')})` : null;
87
+ const search = loadTable.meta?.search && query.search
88
+ ? `(${loadTable.meta?.search.split(',').map(el => `${el} ilike '%${query.search.replace(/%/g, '\\%')}%'`).join(' or ')})`
89
+ : null;
88
90
  const queryBbox = query?.bbox ? query.bbox.replace(/ /g, ',').split(',')?.map((el) => el - 0) : [];
89
91
  const queryPolyline = meta?.bbox && query?.polyline ? `ST_Contains(ST_MakePolygon(ST_LineFromEncodedPolyline('${query?.polyline}')),${meta.bbox})` : undefined;
90
92
  const bbox = meta?.bbox && queryBbox.filter((el) => !Number.isNaN(el))?.length === 4 ? `${meta.bbox} && 'box(${queryBbox[0]} ${queryBbox[1]},${queryBbox[2]} ${queryBbox[3]})'::box2d ` : undefined;
91
93
 
92
94
  const interfaceQuery = params?.query ? await handlebars.compile(params?.query)({ user, uid }) : undefined;
93
- const where = [(hookData?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, search, accessQuery || '1=1', bbox, queryPolyline, interfaceQuery].filter((el) => el);
95
+ const where = [(hookData?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, search, accessQuery || '1=1', bbox, queryPolyline, interfaceQuery].filter((el) => el).filter((el) => (user?.user_type === 'superadmin' ? !el.includes('{{uid}}') : true));
94
96
 
95
97
  // const cardColumns = cardSqlFiltered.length ? `,${cardSqlFiltered.map((el) => el.name)}` : '';
96
98
  const q = `select ${pk ? `"${pk}" as id,` : ''}
@@ -104,6 +106,8 @@ export default async function dataAPI(req) {
104
106
  where ${where.join(' and ') || 'true'}
105
107
  ${order} ${offset} limit ${limit}`
106
108
  .replace(/{{uid}}/g, uid);
109
+
110
+ // if (user?.user_type === 'superadmin') console.log(q);
107
111
 
108
112
  if (query.sql === '1') { return q; }
109
113