@opengis/fastify-table 1.1.124 → 1.1.125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -7,11 +7,11 @@ import logChanges from './utils/logChanges.js';
|
|
|
7
7
|
const rclient = getRedis();
|
|
8
8
|
const srids = {};
|
|
9
9
|
|
|
10
|
-
function assignValue(key, i, srid = 4326) {
|
|
11
|
-
if (key === 'geom') {
|
|
10
|
+
function assignValue(key, i, srid = 4326, columnType = 'text') {
|
|
11
|
+
if (key === 'geom' && columnType === 'geometry') {
|
|
12
12
|
return `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),4326)`;
|
|
13
13
|
}
|
|
14
|
-
if (key?.includes('geom')) {
|
|
14
|
+
if (key?.includes('geom') && columnType === 'geometry') {
|
|
15
15
|
return `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),${srid})`;
|
|
16
16
|
}
|
|
17
17
|
return `"${key}"=$${i + 2}`;
|
|
@@ -51,7 +51,7 @@ export default async function dataUpdate({
|
|
|
51
51
|
}
|
|
52
52
|
|
|
53
53
|
const updateQuery = `UPDATE ${table} SET ${systemColumns ? `${systemColumns}${filterData?.length ? ',' : ''}` : ''}
|
|
54
|
-
${filterData?.map((key, i) => assignValue(key, i, srids[table]?.[key] || 4326))?.join(',')}
|
|
54
|
+
${filterData?.map((key, i) => assignValue(key, i, srids[table]?.[key] || 4326, pg.pgType?.[columns.find(col => col.name === key)?.dataTypeID || '']))?.join(',')}
|
|
55
55
|
WHERE ${pk} = $1 returning *`;
|
|
56
56
|
// console.log(updateQuery, filterValue);
|
|
57
57
|
const res = await pg.query(updateQuery, [id, ...filterValue]).then(el => el?.rows?.[0]) || {};
|
|
@@ -13,7 +13,7 @@ import block from '../sqlInjection.js';
|
|
|
13
13
|
|
|
14
14
|
export default function checkPolicy(req) {
|
|
15
15
|
const {
|
|
16
|
-
originalUrl: path, hostname, query, params, headers, method, session, routeOptions,
|
|
16
|
+
originalUrl: path, hostname, query, params, headers, method, session, routeOptions, unittest,
|
|
17
17
|
} = req;
|
|
18
18
|
const body = JSON.stringify(req?.body || {}).substring(30);
|
|
19
19
|
const isAdmin = process.env.NODE_ENV === 'admin' || hostname.split(':').shift() === config.adminDomain || hostname.startsWith('admin');
|
|
@@ -84,7 +84,7 @@ export default function checkPolicy(req) {
|
|
|
84
84
|
}
|
|
85
85
|
|
|
86
86
|
/* === 5. policy: site auth === */
|
|
87
|
-
if (!policy.includes('site') && !isAdmin && !config.local && !config.debug
|
|
87
|
+
if (!policy.includes('site') && !isAdmin && !config.local && !config.debug && !unittest
|
|
88
88
|
&& !['/auth/redirect', '/logout', `${config.prefix || '/api'}/login`].find(el => path.includes(el))) {
|
|
89
89
|
logger.file('policy/site', {
|
|
90
90
|
path, method, params, query, body, message: 'access restricted: 5', uid: user?.uid,
|
|
@@ -6,7 +6,7 @@ import insert from './insert.js';
|
|
|
6
6
|
|
|
7
7
|
export default async function update(req) {
|
|
8
8
|
const {
|
|
9
|
-
pg = pgClients.client, user, params = {}, body = {},
|
|
9
|
+
pg = pgClients.client, user, params = {}, body = {}, unittest,
|
|
10
10
|
} = req;
|
|
11
11
|
if (!user) return { message: 'access restricted', status: 403 };
|
|
12
12
|
const hookData = await applyHook('preUpdate', {
|
|
@@ -48,7 +48,9 @@ export default async function update(req) {
|
|
|
48
48
|
const schema = formData?.schema || formData;
|
|
49
49
|
|
|
50
50
|
// skip non-present fields in form schema
|
|
51
|
-
|
|
51
|
+
if (!unittest) {
|
|
52
|
+
Object.keys(body).filter(key => !Object.keys(schema || {}).includes(key)).forEach(key => delete body[key]);
|
|
53
|
+
}
|
|
52
54
|
|
|
53
55
|
const xssCheck = checkXSS({ body, schema });
|
|
54
56
|
|