@opengis/fastify-table 1.1.20 → 1.1.21

package/Changelog.md

@@ -1,5 +1,9 @@
 # fastify-table
 
+## 1.1.21 - 03.10.2024
+
+- add mention in comment notification hook
+
 ## 1.1.20 - 02.10.2024
 
 - code optimization

package/index.js

@@ -1,5 +1,6 @@
-import path from 'path';
-import { existsSync, readdirSync, readFileSync } from 'fs';
+import path from 'node:path';
+import { existsSync, readdirSync, readFileSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
 
 import fp from 'fastify-plugin';
 import config from './config.js';
@@ -18,7 +19,7 @@ import hookPlugin from './hook/index.js';
 
 import pgClients from './pg/pgClients.js';
 
-import execMigrations from './migration/exec.migrations.js';
+import { addTemplateDir, execMigrations } from './utils.js';
 
 async function plugin(fastify, opt) {
   // console.log(opt);
@@ -68,10 +69,8 @@ async function plugin(fastify, opt) {
         await client.query(sql, [JSON.stringify(rows).replace(/'/g, "''")]);
       }
     }
-    // call from another repo / project
-    fastify.execMigrations = execMigrations;
     // execute core migrations
-    await fastify.execMigrations();
+    await execMigrations();
   });
   if (!fastify.funcs) {
     fastify.addHook('onRequest', async (req) => {
@@ -94,6 +93,11 @@ async function plugin(fastify, opt) {
   utilPlugin(fastify, opt);
   cronPlugin(fastify, opt);
   hookPlugin(fastify, opt);
+
+  // core templates && cls
+  const filename = fileURLToPath(import.meta.url);
+  const cwd = path.dirname(filename);
+  addTemplateDir(path.join(cwd, 'module/core'));
 }
 export default fp(plugin);
 // export { rclient };

package/module/core/select/core.user_mentioned.sql

@@ -0,0 +1,2 @@
+select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
+where enabled order by coalesce(sur_name,'')||coalesce(' '||user_name,'')

package/notification/controllers/readNotifications.js

@@ -0,0 +1,30 @@
+export default async function readNotifications({
+  pg, params = {}, query = {}, session = {},
+}) {
+  const { uid } = session.passport?.user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  try {
+    const { userId } = await pg.query('select uid as "userId" from admin.users where $1 in (uid,login) limit 1', [uid])
+      .then((res) => res.rows?.[0] || {});
+
+    if (!userId) {
+      return { message: 'access restricted: 2', status: 403 };
+    }
+
+    const q = `update crm.notifications set read=true where read is not true 
+    and ${params?.id ? 'notification_id=$2' : '1=1'} and addressee_id=$1`;
+
+    if (query.sql) return q;
+
+    const { rowCount = 0 } = await pg.query(q, [userId, params?.id].filter((el) => el));
+
+    return { message: `${rowCount} unread notifications marked as read`, status: 200 };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/notification/controllers/userNotifications.js

@@ -1,16 +1,61 @@
+// for example only
+/*
+    const res = await funcs.dataInsert({
+      pg,
+      table: 'crm.notifications',
+      data: {
+        subject: 'notif title',
+        body: 'notif body',
+        link: 'http://localhost:3000/api/notification',
+        addressee_id: userId,
+        author_id: userId,
+      },
+    });
+*/
+
+import { getSelectVal } from '../../utils.js';
+
+const maxLimit = 100;
+
 export default async function userNotifications({
-  pg, session = {}, query = {},
+  pg, query = {}, session = {},
 }) {
   const time = Date.now();
+
+  const { uid } = session.passport?.user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  const limit = Math.min(maxLimit, +(query.limit || 5));
+  const offset = query.page && query.page > 0 ? (query.page - 1) * limit : 0;
+
   try {
-    const { uid } = session.passport?.user || {};
-    if (!uid) return { error: 'access restricted', status: 403 };
+    const { userId } = await pg.query('select uid as "userId" from admin.users where $1 in (uid,login) limit 1', [uid])
+      .then((res) => res.rows?.[0] || {});
+
+    if (!userId) {
+      return { message: 'access restricted: 2', status: 403 };
+    }
+
+    const q = `select notification_id as id, subject, body, cdate,
+    author_id, read, link, entity_id, (select avatar from admin.users where uid=a.author_id limit 1) as avatar from crm.notifications a where addressee_id=$1 order by cdate desc limit ${limit} offset ${offset}`;
+
+    if (query.sql) return q;
+
+    const { rows = [] } = await pg.query(q, [userId]);
+
+    const values = rows.map((el) => el.author_id)
+      ?.filter((el, idx, arr) => el && arr.indexOf(el) === idx);
 
-    const queryFunc = query.nocache ? pg.query : pg.queryCache;
+    if (values?.length) {
+      const vals = await getSelectVal({ name: 'core.user_mentioned', values });
+      rows.forEach((row) => {
+        Object.assign(row, { author: vals?.[row.author_id] });
+      });
+    }
 
-    // queryCache not supports $1 params
-    const { rows } = await queryFunc(`select notification_id as id, notification_type as type, 
-      notification_status as status, title, body, link, uid from crm.notification where uid='${uid}'`);
     return { time: Date.now() - time, total: rows?.length, rows };
   }
   catch (err) {

package/notification/funcs/addNotification.js

@@ -1,8 +1,19 @@
 export default async function addNotification({
-  pg, session = {}, title, body, link, notificationType, uid: uid1,
+  pg, funcs, session = {}, subject, body, link, uid, entity,
 }) {
-  const uid = uid1 || session.passport?.user?.uid || {};
-  const { id, status } = await pg.one(`insert into crm.notification(title, body, link, notification_type, uid) 
-  values($1,$2,$3,$4,$5) returning notification_id as id, notification_status as status`, [title, body, link, notificationType, uid]);
-  return { id, status };
+  const { uid: author } = session.passport?.user || {};
+  const res = await funcs.dataInsert({
+    pg,
+    table: 'crm.notifications',
+    data: {
+      subject,
+      body,
+      link,
+      addressee_id: uid,
+      author_id: author,
+      entity_id: entity,
+      uid: author,
+    },
+  });
+  return res?.rows?.[0] || {};
 }

package/notification/hook/onWidgetSet.js

@@ -0,0 +1,63 @@
+/* eslint-disable camelcase */
+import {
+  getSelect, addNotification, sendNotification,
+} from '../../utils.js';
+
+function sequence(arr, data, fn) {
+  return arr.reduce((promise, row) => promise.then(() => fn({
+    ...data, ...row,
+  })), Promise.resolve());
+}
+
+export default async function onWidgetSet({ req, type, data = {} }) {
+  const values = data.body?.match(/\B@[a-zA-z0-9а-яА-яіїІЇєЄ]+ [a-zA-z0-9а-яА-яіїІЇєЄ]+/g)
+    ?.filter((el, idx, arr) => el?.replace && arr.indexOf(el) === idx)
+    ?.map((el) => el.replace(/@/g, ''));
+
+  if (type !== 'comment' || !values?.length) {
+    return null;
+  }
+
+  const {
+    pg, funcs, path: link, session = {}, log,
+  } = req;
+  const { config = {} } = funcs;
+
+  const { sql } = await getSelect('core.user_mentioned');
+
+  const { rows = [] } = await pg.query(`with data (id,name,email) as (${sql})
+  select id, name, email from data where name = any($1)`, [values]);
+
+  if (!rows?.length) {
+    return null;
+  }
+
+  const message = `${data.body?.substring(0, 50)}...`;
+  const subject = 'You were mentioned';
+
+  await sequence(rows, {}, async ({ id, name, email }) => {
+    const res = await addNotification({
+      pg, funcs, session, subject, entity: data.entity_id, body: message, link, uid: id,
+    });
+    try {
+      const res1 = await sendNotification({
+        pg,
+        funcs,
+        log,
+        to: email,
+        // template,
+        message,
+        title: subject,
+        data,
+        nocache: 1,
+      });
+      if (config.local) console.info('comment notification', name, id, email, res1);
+      await pg.query('update crm.notifications set sent=true where notification_id=$1', [res?.notification_id]);
+    }
+    catch (err) {
+      console.error('comment notification send error', err.toString());
+    }
+  });
+  console.log('comment notification add', rows);
+  return null;
+}

package/notification/index.js

@@ -1,11 +1,18 @@
 // api
-import userNotifications from './controllers/userNotifications.js';
+import readNotifications from './controllers/readNotifications.js'; // mark as read
+import userNotifications from './controllers/userNotifications.js'; // check all, backend pagination
 import testEmail from './controllers/testEmail.js';
 // funcs
 import addNotification from './funcs/addNotification.js'; // add to db
-import notification from './funcs/sendNotification.js'; // send
+import notification from './funcs/sendNotification.js'; // send notification
+
+import onWidgetSet from './hook/onWidgetSet.js'; // send notification on comment
+import { addHook } from '../utils.js';
 
 const tableSchema = {
+  params: {
+    id: { type: 'string' },
+  },
   querystring: {
     nocache: { type: 'string', pattern: '^(\\d+)$' },
   },
@@ -17,11 +24,20 @@ async function plugin(fastify, config = {}) {
     method: 'GET',
     url: `${prefix}/notification`,
     config: {
-      policy: ['user'], // implement user auth check policy??
+      policy: ['user'],
     },
     schema: tableSchema,
     handler: userNotifications,
   });
+  fastify.route({
+    method: 'GET',
+    url: `${prefix}/notification-read/:id?`,
+    config: {
+      policy: ['user'],
+    },
+    schema: tableSchema,
+    handler: readNotifications,
+  });
   fastify.route({
     method: 'GET',
     url: `${prefix}/test-email`,
@@ -33,6 +49,7 @@ async function plugin(fastify, config = {}) {
 
   fastify.decorate('addNotification', addNotification);
   fastify.decorate('notification', notification);
+  addHook('onWidgetSet', onWidgetSet);
 }
 
 export default plugin;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.1.20",
+  "version": "1.1.21",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",

package/policy/funcs/checkPolicy.js

@@ -24,60 +24,69 @@ export default function checkPolicy(req) {
 
   /*= == 0.Check superadmin access  === */
   if (policy.includes('superadmin') && user?.user_type !== 'superadmin') {
-    log.warn({
-      name: 'api/superadmin', params, query, body: JSON.stringify(req?.body || {}).substring(30), message: 'access restricted: 0',
+    log.warn('api/superadmin', {
+      path, params, query, body: JSON.stringify(req?.body || {}).substring(30), message: 'access restricted: 0',
     });
     return { message: 'access restricted: 0', status: 403 };
   }
 
   /*= == 1.File injection  === */
   if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
-    log.warn({
-      name: 'injection/file', params, query, message: 'access restricted: 1',
+    log.warn('injection/file', {
+      path, params, query, message: 'access restricted: 1',
     });
     return { message: 'access restricted: 1', status: 403 };
   }
 
-  /*= == 1.1 File  === */
+  /* === 1.1 File  === */
   const allowExtPublic = ['.png', '.jpg', '.svg'];
   const ext = path.toLowerCase().substr(-4);
   if (path.includes('files/') && allowExtPublic.includes(ext)) return null;
 
-  /*= == 2.SQL Injection policy: no-sql === */
+  /* === 2.SQL Injection policy: no-sql === */
   if (!policy.includes('no-sql')) {
     // skip polyline param - data filter (geometry bounds)
     const stopWords = block.filter((el) => path.replace(query.polyline, '').includes(el));
     if (stopWords?.length) {
-      log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
+      log.warn('injection/sql', { stopWords, message: 'access restricted: 2', path });
       return { message: 'access restricted: 2', status: 403 };
     }
   }
-  /* Check is Not API */
-  const isApi = ['/files/', '/api/format/', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
-  if (!isApi) return null;
-
-  /*= == 3. policy: referer === */
-  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
-    log.warn({ name: 'referer', message: 'access restricted: 3' });
-    return { message: 'access restricted: 3', status: 403 };
+  /* policy: skip if not API */
+  const isApi = ['/files/', '/api/format/', '/api', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
+  if (!isApi) {
+    return null;
   }
 
-  /*= == policy: public === */
+  /* === policy: public === */
   if (policy.includes('public')) {
     return null;
   }
 
-  /*= == 4. policy: site auth === */
-  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
-    log.warn({ name: 'site', message: 'access restricted: 4' });
+  /* === 3. policy: user === */
+  if (!user && policy.includes('user') && false) {
+    log.warn('policy/user', { message: 'access restricted: 3', path });
+    return { message: 'access restricted: 3', status: 403 };
+  }
+
+  /* === 4. policy: referer === */
+  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
+    log.warn('policy/referer', { message: 'access restricted: 4', uid: user?.uid });
     return { message: 'access restricted: 4', status: 403 };
   }
 
-  /*= == 5. base policy: block api  === */
-  if (sid === 35 && !isUser && isServer && !config.local && !config.debug) {
-    log.warn({ name: 'api', message: 'access restricted: 5' });
+  /* === 5. policy: site auth === */
+  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
+    log.warn('policy/site', { message: 'access restricted: 5', path, uid: user?.uid });
     return { message: 'access restricted: 5', status: 403 };
   }
 
+  /* === 6. base policy: block api, except login  === */
+  if (sid === 35 && !isUser && isServer && !config.local && !config.debug
+    && !path.startsWith(`${config.prefix || '/api'}/login`)) {
+    log.warn('policy/api', { message: 'access restricted: 6', path, uid: user?.uid });
+    return { message: 'access restricted: 6', status: 403 };
+  }
+
   return null;
 }

package/policy/index.js

@@ -3,7 +3,7 @@
 import checkPolicy from './funcs/checkPolicy.js';
 
 async function plugin(fastify) {
-  fastify.addHook('onRequest', async (request, reply) => {
+  fastify.addHook('preParsing', async (request, reply) => {
     const hookData = checkPolicy(request);
     if (hookData?.status && hookData?.message) {
       return reply.status(hookData?.status).send(hookData.message);

package/server/migrations/crm.sql

@@ -6,12 +6,20 @@ CREATE TABLE IF NOT EXISTS crm.notifications();
 ALTER TABLE crm.notifications DROP CONSTRAINT IF EXISTS crm_notifications_pkey;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_id text NOT NULL DEFAULT next_id();
 
-ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_user_id text;
-ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_type text DEFAULT 'notify'::text;
-ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_status text DEFAULT 'not sent'::text;
+-- drop deprecated columns
+ALTER TABLE crm.notifications DROP COLUMN IF EXISTS notification_user_id;
+ALTER TABLE crm.notifications DROP COLUMN IF EXISTS notification_type;
+ALTER TABLE crm.notifications DROP COLUMN IF EXISTS notification_status;
+
+-- add actual columns
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS addressee_id text;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS read boolean;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS sent boolean;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS subject text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS body text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS link text;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS author_id text;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS entity_id text;
 
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS uid text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS files json;
@@ -20,6 +28,15 @@ ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS editor_id text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
 ALTER TABLE crm.notifications ADD CONSTRAINT crm_notifications_pkey PRIMARY KEY (notification_id);
 
+COMMENT ON COLUMN crm.notifications.addressee_id is 'ID користувача отримувача повідомлення';
+COMMENT ON COLUMN crm.notifications.read is 'Чи було повідомлення прочитане';
+COMMENT ON COLUMN crm.notifications.sent is 'Чи було повідомлення відправлене';
+COMMENT ON COLUMN crm.notifications.subject is 'Тема повідомлення';
+COMMENT ON COLUMN crm.notifications.body is 'Зміст повідомлення';
+COMMENT ON COLUMN crm.notifications.link is 'Посилання на об''єкт';
+COMMENT ON COLUMN crm.notifications.author_id is 'ID користувача автора повідомлення';
+COMMENT ON COLUMN crm.notifications.entity_id is 'ID на об''єкту';
+
 -- crm.files
 -- DROP TABLE IF EXISTS crm.files;
 CREATE TABLE IF NOT EXISTS crm.files();

package/utils.js

@@ -24,8 +24,13 @@ import gisIRColumn from './table/controllers/utils/gisIRColumn.js';
 import getMeta from './pg/funcs/getMeta.js';
 import getAccess from './crud/funcs/getAccess.js';
 import getSelectVal from './table/funcs/metaFormat/getSelectVal.js';
+import getSelect from './table/controllers/utils/getSelect.js';
+import getSelectMeta from './table/controllers/utils/getSelectMeta.js';
 import applyHook from './hook/funcs/applyHook.js';
 import addHook from './hook/funcs/addHook.js';
+import execMigrations from './migration/exec.migrations.js';
+import addNotification from './notification/funcs/addNotification.js';
+import sendNotification from './notification/funcs/sendNotification.js';
 
 export default null;
 export {
@@ -49,6 +54,11 @@ export {
   getMeta,
   getAccess,
   getSelectVal,
+  getSelectMeta,
+  getSelect,
   applyHook,
   addHook,
+  execMigrations,
+  addNotification,
+  sendNotification,
 };

package/widget/controllers/widget.set.js

@@ -1,8 +1,8 @@
 import path from 'path';
 
-import getMeta from '../../pg/funcs/getMeta.js';
-import dataInsert from '../../crud/funcs/dataInsert.js';
-import dataUpdate from '../../crud/funcs/dataUpdate.js';
+import {
+  getMeta, dataInsert, dataUpdate, applyHook,
+} from '../../utils.js';
 
 const tableList = {
   comment: 'crm.communications',
@@ -21,8 +21,8 @@ export default async function widgetSet(req) {
   } = req;
   const { user = {} } = session.passport || {};
   const { type, id, objectid } = params;
-  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) return { error: 'param type not valid', status: 400 };
-  if (!objectid) return { error: 'id required', status: 400 };
+  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) return { message: 'param type not valid', status: 400 };
+  if (!objectid) return { message: 'id required', status: 400 };
 
   const table = tableList[type];
 
@@ -57,6 +57,7 @@ export default async function widgetSet(req) {
 
     const data = { ...body, uid: user?.uid, entity_id: objectid };
 
+    await applyHook('onWidgetSet', { req, type, data });
     const result = id
       ? await dataUpdate({
         table, data, id, uid: user?.uid,