@opengis/fastify-table 1.1.20 → 1.1.22

package/Changelog.md

@@ -1,5 +1,13 @@
 # fastify-table
 
+## 1.1.22 - 03.10.2024
+
+- add user API and unit tests
+
+## 1.1.21 - 03.10.2024
+
+- add mention in comment notification hook
+
 ## 1.1.20 - 02.10.2024
 
 - code optimization

package/index.js

@@ -1,5 +1,6 @@
-import path from 'path';
-import { existsSync, readdirSync, readFileSync } from 'fs';
+import path from 'node:path';
+import { existsSync, readdirSync, readFileSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
 
 import fp from 'fastify-plugin';
 import config from './config.js';
@@ -14,11 +15,11 @@ import crudPlugin from './crud/index.js';
 import policyPlugin from './policy/index.js';
 import utilPlugin from './util/index.js';
 import cronPlugin from './cron/index.js';
-import hookPlugin from './hook/index.js';
+import userPlugin from './user/index.js';
 
 import pgClients from './pg/pgClients.js';
 
-import execMigrations from './migration/exec.migrations.js';
+import { addTemplateDir, execMigrations } from './utils.js';
 
 async function plugin(fastify, opt) {
   // console.log(opt);
@@ -68,10 +69,8 @@ async function plugin(fastify, opt) {
         await client.query(sql, [JSON.stringify(rows).replace(/'/g, "''")]);
       }
     }
-    // call from another repo / project
-    fastify.execMigrations = execMigrations;
     // execute core migrations
-    await fastify.execMigrations();
+    await execMigrations();
   });
   if (!fastify.funcs) {
     fastify.addHook('onRequest', async (req) => {
@@ -93,7 +92,12 @@ async function plugin(fastify, opt) {
   widgetPlugin(fastify, opt);
   utilPlugin(fastify, opt);
   cronPlugin(fastify, opt);
-  hookPlugin(fastify, opt);
+  userPlugin(fastify, opt);
+
+  // core templates && cls
+  const filename = fileURLToPath(import.meta.url);
+  const cwd = path.dirname(filename);
+  addTemplateDir(path.join(cwd, 'module/core'));
 }
 export default fp(plugin);
 // export { rclient };

package/module/core/select/core.user_mentioned.sql

@@ -0,0 +1,2 @@
+select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
+where enabled order by coalesce(sur_name,'')||coalesce(' '||user_name,'')

package/notification/controllers/readNotifications.js

@@ -0,0 +1,30 @@
+export default async function readNotifications({
+  pg, params = {}, query = {}, session = {},
+}) {
+  const { uid } = session.passport?.user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  try {
+    const { userId } = await pg.query('select uid as "userId" from admin.users where $1 in (uid,login) limit 1', [uid])
+      .then((res) => res.rows?.[0] || {});
+
+    if (!userId) {
+      return { message: 'access restricted: 2', status: 403 };
+    }
+
+    const q = `update crm.notifications set read=true where read is not true 
+    and ${params?.id ? 'notification_id=$2' : '1=1'} and addressee_id=$1`;
+
+    if (query.sql) return q;
+
+    const { rowCount = 0 } = await pg.query(q, [userId, params?.id].filter((el) => el));
+
+    return { message: `${rowCount} unread notifications marked as read`, status: 200 };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/notification/controllers/userNotifications.js

@@ -1,16 +1,61 @@
+// for example only
+/*
+    const res = await funcs.dataInsert({
+      pg,
+      table: 'crm.notifications',
+      data: {
+        subject: 'notif title',
+        body: 'notif body',
+        link: 'http://localhost:3000/api/notification',
+        addressee_id: userId,
+        author_id: userId,
+      },
+    });
+*/
+
+import { getSelectVal } from '../../utils.js';
+
+const maxLimit = 100;
+
 export default async function userNotifications({
-  pg, session = {}, query = {},
+  pg, query = {}, session = {},
 }) {
   const time = Date.now();
+
+  const { uid } = session.passport?.user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  const limit = Math.min(maxLimit, +(query.limit || 5));
+  const offset = query.page && query.page > 0 ? (query.page - 1) * limit : 0;
+
   try {
-    const { uid } = session.passport?.user || {};
-    if (!uid) return { error: 'access restricted', status: 403 };
+    const { userId } = await pg.query('select uid as "userId" from admin.users where $1 in (uid,login) limit 1', [uid])
+      .then((res) => res.rows?.[0] || {});
+
+    if (!userId) {
+      return { message: 'access restricted: 2', status: 403 };
+    }
+
+    const q = `select notification_id as id, subject, body, cdate,
+    author_id, read, link, entity_id, (select avatar from admin.users where uid=a.author_id limit 1) as avatar from crm.notifications a where addressee_id=$1 order by cdate desc limit ${limit} offset ${offset}`;
+
+    if (query.sql) return q;
+
+    const { rows = [] } = await pg.query(q, [userId]);
+
+    const values = rows.map((el) => el.author_id)
+      ?.filter((el, idx, arr) => el && arr.indexOf(el) === idx);
 
-    const queryFunc = query.nocache ? pg.query : pg.queryCache;
+    if (values?.length) {
+      const vals = await getSelectVal({ name: 'core.user_mentioned', values });
+      rows.forEach((row) => {
+        Object.assign(row, { author: vals?.[row.author_id] });
+      });
+    }
 
-    // queryCache not supports $1 params
-    const { rows } = await queryFunc(`select notification_id as id, notification_type as type, 
-      notification_status as status, title, body, link, uid from crm.notification where uid='${uid}'`);
     return { time: Date.now() - time, total: rows?.length, rows };
   }
   catch (err) {

package/notification/funcs/addNotification.js

@@ -1,8 +1,19 @@
 export default async function addNotification({
-  pg, session = {}, title, body, link, notificationType, uid: uid1,
+  pg, funcs, session = {}, subject, body, link, uid, entity,
 }) {
-  const uid = uid1 || session.passport?.user?.uid || {};
-  const { id, status } = await pg.one(`insert into crm.notification(title, body, link, notification_type, uid) 
-  values($1,$2,$3,$4,$5) returning notification_id as id, notification_status as status`, [title, body, link, notificationType, uid]);
-  return { id, status };
+  const { uid: author } = session.passport?.user || {};
+  const res = await funcs.dataInsert({
+    pg,
+    table: 'crm.notifications',
+    data: {
+      subject,
+      body,
+      link,
+      addressee_id: uid,
+      author_id: author,
+      entity_id: entity,
+      uid: author,
+    },
+  });
+  return res?.rows?.[0] || {};
 }

package/notification/hook/onWidgetSet.js

@@ -0,0 +1,63 @@
+/* eslint-disable camelcase */
+import {
+  getSelect, addNotification, sendNotification,
+} from '../../utils.js';
+
+function sequence(arr, data, fn) {
+  return arr.reduce((promise, row) => promise.then(() => fn({
+    ...data, ...row,
+  })), Promise.resolve());
+}
+
+export default async function onWidgetSet({ req, type, data = {} }) {
+  const values = data.body?.match(/\B@[a-zA-z0-9а-яА-яіїІЇєЄ]+ [a-zA-z0-9а-яА-яіїІЇєЄ]+/g)
+    ?.filter((el, idx, arr) => el?.replace && arr.indexOf(el) === idx)
+    ?.map((el) => el.replace(/@/g, ''));
+
+  if (type !== 'comment' || !values?.length) {
+    return null;
+  }
+
+  const {
+    pg, funcs, path: link, session = {}, log,
+  } = req;
+  const { config = {} } = funcs;
+
+  const { sql } = await getSelect('core.user_mentioned');
+
+  const { rows = [] } = await pg.query(`with data (id,name,email) as (${sql})
+  select id, name, email from data where name = any($1)`, [values]);
+
+  if (!rows?.length) {
+    return null;
+  }
+
+  const message = `${data.body?.substring(0, 50)}...`;
+  const subject = 'You were mentioned';
+
+  await sequence(rows, {}, async ({ id, name, email }) => {
+    const res = await addNotification({
+      pg, funcs, session, subject, entity: data.entity_id, body: message, link, uid: id,
+    });
+    try {
+      const res1 = await sendNotification({
+        pg,
+        funcs,
+        log,
+        to: email,
+        // template,
+        message,
+        title: subject,
+        data,
+        nocache: 1,
+      });
+      if (config.local) console.info('comment notification', name, id, email, res1);
+      await pg.query('update crm.notifications set sent=true where notification_id=$1', [res?.notification_id]);
+    }
+    catch (err) {
+      console.error('comment notification send error', err.toString());
+    }
+  });
+  console.log('comment notification add', rows);
+  return null;
+}

package/notification/index.js

@@ -1,11 +1,18 @@
 // api
-import userNotifications from './controllers/userNotifications.js';
+import readNotifications from './controllers/readNotifications.js'; // mark as read
+import userNotifications from './controllers/userNotifications.js'; // check all, backend pagination
 import testEmail from './controllers/testEmail.js';
 // funcs
 import addNotification from './funcs/addNotification.js'; // add to db
-import notification from './funcs/sendNotification.js'; // send
+import notification from './funcs/sendNotification.js'; // send notification
+
+import onWidgetSet from './hook/onWidgetSet.js'; // send notification on comment
+import { addHook } from '../utils.js';
 
 const tableSchema = {
+  params: {
+    id: { type: 'string' },
+  },
   querystring: {
     nocache: { type: 'string', pattern: '^(\\d+)$' },
   },
@@ -17,11 +24,20 @@ async function plugin(fastify, config = {}) {
     method: 'GET',
     url: `${prefix}/notification`,
     config: {
-      policy: ['user'], // implement user auth check policy??
+      policy: ['user'],
     },
     schema: tableSchema,
     handler: userNotifications,
   });
+  fastify.route({
+    method: 'GET',
+    url: `${prefix}/notification-read/:id?`,
+    config: {
+      policy: ['user'],
+    },
+    schema: tableSchema,
+    handler: readNotifications,
+  });
   fastify.route({
     method: 'GET',
     url: `${prefix}/test-email`,
@@ -33,6 +49,7 @@ async function plugin(fastify, config = {}) {
 
   fastify.decorate('addNotification', addNotification);
   fastify.decorate('notification', notification);
+  addHook('onWidgetSet', onWidgetSet);
 }
 
 export default plugin;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.1.20",
+  "version": "1.1.22",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",

package/policy/funcs/checkPolicy.js

@@ -24,60 +24,69 @@ export default function checkPolicy(req) {
 
   /*= == 0.Check superadmin access  === */
   if (policy.includes('superadmin') && user?.user_type !== 'superadmin') {
-    log.warn({
-      name: 'api/superadmin', params, query, body: JSON.stringify(req?.body || {}).substring(30), message: 'access restricted: 0',
+    log.warn('api/superadmin', {
+      path, params, query, body: JSON.stringify(req?.body || {}).substring(30), message: 'access restricted: 0',
     });
     return { message: 'access restricted: 0', status: 403 };
   }
 
   /*= == 1.File injection  === */
   if (JSON.stringify(params || {})?.includes('../') || JSON.stringify(query || {})?.includes('../') || path?.includes('../')) {
-    log.warn({
-      name: 'injection/file', params, query, message: 'access restricted: 1',
+    log.warn('injection/file', {
+      path, params, query, message: 'access restricted: 1',
     });
     return { message: 'access restricted: 1', status: 403 };
   }
 
-  /*= == 1.1 File  === */
+  /* === 1.1 File  === */
   const allowExtPublic = ['.png', '.jpg', '.svg'];
   const ext = path.toLowerCase().substr(-4);
   if (path.includes('files/') && allowExtPublic.includes(ext)) return null;
 
-  /*= == 2.SQL Injection policy: no-sql === */
+  /* === 2.SQL Injection policy: no-sql === */
   if (!policy.includes('no-sql')) {
     // skip polyline param - data filter (geometry bounds)
     const stopWords = block.filter((el) => path.replace(query.polyline, '').includes(el));
     if (stopWords?.length) {
-      log.warn({ name: 'injection/sql', stopWords, message: 'access restricted: 2' });
+      log.warn('injection/sql', { stopWords, message: 'access restricted: 2', path });
       return { message: 'access restricted: 2', status: 403 };
     }
   }
-  /* Check is Not API */
-  const isApi = ['/files/', '/api/format/', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
-  if (!isApi) return null;
-
-  /*= == 3. policy: referer === */
-  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
-    log.warn({ name: 'referer', message: 'access restricted: 3' });
-    return { message: 'access restricted: 3', status: 403 };
+  /* policy: skip if not API */
+  const isApi = ['/files/', '/api/format/', '/api', '/api-user/', '/logger', '/file/'].filter((el) => path.includes(el)).length;
+  if (!isApi) {
+    return null;
   }
 
-  /*= == policy: public === */
+  /* === policy: public === */
   if (policy.includes('public')) {
     return null;
   }
 
-  /*= == 4. policy: site auth === */
-  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
-    log.warn({ name: 'site', message: 'access restricted: 4' });
+  /* === 3. policy: user === */
+  if (!user && policy.includes('user') && false) {
+    log.warn('policy/user', { message: 'access restricted: 3', path });
+    return { message: 'access restricted: 3', status: 403 };
+  }
+
+  /* === 4. policy: referer === */
+  if (!hs?.referer?.includes?.(hostname) && policy.includes('referer') && !config.local && !config.debug) {
+    log.warn('policy/referer', { message: 'access restricted: 4', uid: user?.uid });
     return { message: 'access restricted: 4', status: 403 };
   }
 
-  /*= == 5. base policy: block api  === */
-  if (sid === 35 && !isUser && isServer && !config.local && !config.debug) {
-    log.warn({ name: 'api', message: 'access restricted: 5' });
+  /* === 5. policy: site auth === */
+  if (!policy.includes('site') && sid === 1 && isUser && !config.local && !config.debug) {
+    log.warn('policy/site', { message: 'access restricted: 5', path, uid: user?.uid });
     return { message: 'access restricted: 5', status: 403 };
   }
 
+  /* === 6. base policy: block api, except login  === */
+  if (sid === 35 && !isUser && isServer && !config.local && !config.debug
+    && !path.startsWith(`${config.prefix || '/api'}/login`)) {
+    log.warn('policy/api', { message: 'access restricted: 6', path, uid: user?.uid });
+    return { message: 'access restricted: 6', status: 403 };
+  }
+
   return null;
 }

package/policy/index.js

@@ -3,7 +3,7 @@
 import checkPolicy from './funcs/checkPolicy.js';
 
 async function plugin(fastify) {
-  fastify.addHook('onRequest', async (request, reply) => {
+  fastify.addHook('preParsing', async (request, reply) => {
     const hookData = checkPolicy(request);
     if (hookData?.status && hookData?.message) {
       return reply.status(hookData?.status).send(hookData.message);

package/server/migrations/crm.sql

@@ -6,12 +6,20 @@ CREATE TABLE IF NOT EXISTS crm.notifications();
 ALTER TABLE crm.notifications DROP CONSTRAINT IF EXISTS crm_notifications_pkey;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_id text NOT NULL DEFAULT next_id();
 
-ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_user_id text;
-ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_type text DEFAULT 'notify'::text;
-ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS notification_status text DEFAULT 'not sent'::text;
+-- drop deprecated columns
+ALTER TABLE crm.notifications DROP COLUMN IF EXISTS notification_user_id;
+ALTER TABLE crm.notifications DROP COLUMN IF EXISTS notification_type;
+ALTER TABLE crm.notifications DROP COLUMN IF EXISTS notification_status;
+
+-- add actual columns
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS addressee_id text;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS read boolean;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS sent boolean;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS subject text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS body text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS link text;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS author_id text;
+ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS entity_id text;
 
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS uid text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS files json;
@@ -20,6 +28,15 @@ ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS editor_id text;
 ALTER TABLE crm.notifications ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
 ALTER TABLE crm.notifications ADD CONSTRAINT crm_notifications_pkey PRIMARY KEY (notification_id);
 
+COMMENT ON COLUMN crm.notifications.addressee_id is 'ID користувача отримувача повідомлення';
+COMMENT ON COLUMN crm.notifications.read is 'Чи було повідомлення прочитане';
+COMMENT ON COLUMN crm.notifications.sent is 'Чи було повідомлення відправлене';
+COMMENT ON COLUMN crm.notifications.subject is 'Тема повідомлення';
+COMMENT ON COLUMN crm.notifications.body is 'Зміст повідомлення';
+COMMENT ON COLUMN crm.notifications.link is 'Посилання на об''єкт';
+COMMENT ON COLUMN crm.notifications.author_id is 'ID користувача автора повідомлення';
+COMMENT ON COLUMN crm.notifications.entity_id is 'ID на об''єкту';
+
 -- crm.files
 -- DROP TABLE IF EXISTS crm.files;
 CREATE TABLE IF NOT EXISTS crm.files();

package/server/migrations/users.sql

@@ -131,4 +131,38 @@ COMMENT ON COLUMN admin.users_social_auth.social_auth_obj IS 'обьект со
 COMMENT ON COLUMN admin.users_social_auth.social_auth_date IS 'время получение последнего обьекта соцсети';
 COMMENT ON COLUMN admin.users_social_auth.social_auth_softpro_code IS 'код обьекта соцсети, создаваемый и используемый сервером авторизации';
 COMMENT ON COLUMN admin.users_social_auth.enabled IS 'Выключатель';
-COMMENT ON COLUMN admin.users_social_auth.social_auth_url IS 'URL для QR code';
+COMMENT ON COLUMN admin.users_social_auth.social_auth_url IS 'URL для QR code';
+
+CREATE TABLE IF NOT EXISTS admin.user_cls();
+ALTER TABLE admin.user_cls DROP CONSTRAINT IF EXISTS admin_user_cls_pkey;
+ALTER TABLE admin.user_cls DROP CONSTRAINT IF EXISTS admin_user_unique;
+
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS user_clsid text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS code text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS parent text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS name text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS icon text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS data text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS type text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS files json;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS cdate timestamp without time zone;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS uid text;
+ALTER TABLE admin.user_cls ADD COLUMN IF NOT EXISTS color text;
+
+ALTER TABLE admin.user_cls ALTER COLUMN user_clsid SET NOT NULL;
+ALTER TABLE admin.user_cls ALTER COLUMN user_clsid SET DEFAULT next_id();
+ALTER TABLE admin.user_cls ALTER COLUMN cdate SET DEFAULT (now())::timestamp without time zone;
+ALTER TABLE admin.user_cls ALTER COLUMN uid SET NOT NULL;
+ALTER TABLE admin.user_cls ALTER COLUMN uid SET DEFAULT '1'::text;
+
+ALTER TABLE admin.user_cls ADD CONSTRAINT admin_user_cls_pkey PRIMARY KEY(user_clsid);
+ALTER TABLE admin.user_cls ADD CONSTRAINT admin_user_unique UNIQUE(code, parent);
+
+COMMENT ON TABLE admin.user_cls IS 'Користувацькі класифікатори';
+COMMENT ON COLUMN admin.user_cls.user_clsid IS 'ID';
+COMMENT ON COLUMN admin.user_cls.code IS 'Код';
+COMMENT ON COLUMN admin.user_cls.name IS 'Назва';
+COMMENT ON COLUMN admin.user_cls.icon IS 'Іконка';
+COMMENT ON COLUMN admin.user_cls.color IS 'Колір';

package/test/api/notification.test.js

@@ -4,34 +4,71 @@ import assert from 'node:assert';
 import build from '../../helper.js';
 import config from '../config.js';
 
-const session = { passport: { user: { uid: config.testUser?.uid || '1' } } };
-
-import userNotifications from '../../notification/controllers/userNotifications.js';
+import { getSelect, initPG, pgClients } from '../../utils.js';
 
-import pgClients from '../../pg/pgClients.js';
+const session = { passport: { user: { uid: config.testUser?.uid || '1' } } };
+const { uid } = session.passport.user;
 
 test('api && funcs notification', async (t) => {
   const app = await build(t);
-  const pg = pgClients.client;
-  /*
-  // require dependency
-  await t.test('GET /auth', async () => {
+  const { client: pg } = pgClients;
+  await initPG(pg);
+
+  app.addHook('onRequest', async (req) => {
+    req.session = session;
+  });
+
+  const notificationIds = await pgClients.client.query(`insert into crm.notifications(addressee_id,entity_id,author_id,subject,body,link) 
+  values($1,$1,$1,$1,$1,$1), ($1,$1,$1,$1,$1,$1) returning notification_id as "notificationId"`, [uid])
+    .then((res) => res.rows?.map((el) => el.notificationId) || {});
+
+  if (!notificationIds?.length) {
+    assert.ok(0, 'insert notification error');
+  }
+  await t.test('GET /notification', async () => {
     const res = await app.inject({
       method: 'GET',
-      url: `/api/login?username=${config.testUser?.username}&password=${config.testUser?.password}`,
+      url: '/api/notification',
     });
-    assert.ok(res.statusCode);
+    const rep = res.json();
+    assert.ok(rep.total > 0);
   });
-  await t.test('GET /notification', async () => {
+  await t.test('GET /notification-read/:id', async () => {
     const res = await app.inject({
       method: 'GET',
-      url: '/api/notification',
+      url: `/api/notification-read/${notificationIds[0]}`,
+    });
+    const rep = res.json();
+    assert.ok(!rep.message?.startsWith(0), res.body);
+    assert.ok(rep.message?.includes('unread notifications marked'), res.body);
+  });
+  await t.test('GET /notification-read', async () => {
+    const res = await app.inject({
+      method: 'GET',
+      url: '/api/notification-read',
     });
-    const rep = JSON.parse(res?.body);
-    assert.ok(rep.time);
-  }); */
-  /* await t.test('GET /notification', async () => {
-    const rep = await userNotifications({ pg, session });
-    assert.ok(rep.time);
-  }); */
+    const rep = res.json();
+    assert.ok(!rep.message?.startsWith(0), res.body);
+    assert.ok(rep.message?.includes('unread notifications marked'), res.body);
+  });
+
+  const { sql } = await getSelect('core.user_mentioned');
+  const { name } = await pg.query(`with data (id,name,email) as (${sql})
+  select name from data where id = $1`, [uid]).then((res) => res.rows?.[0] || {});
+  if (name) {
+    await t.test('GET Email Notification via HOOK at POST /widget/comment/:id', async () => {
+      const res = await app.inject({
+        method: 'POST',
+        url: `/api/widget/comment/${notificationIds[0]}`,
+        body: { body: `@${name}`, entity_id: uid },
+      });
+      assert.equal(res.statusCode, 200);
+      assert.equal(res.json().rowCount, 1);
+    });
+  }
+
+  await t.test('clean up', async () => {
+    const { rowCount = 0 } = await pg.query('delete from crm.notifications where entity_id=$1', [uid]);
+    console.log('clean up', rowCount);
+  });
 });

package/test/api/user.test.js

@@ -0,0 +1,84 @@
+import { test } from 'node:test';
+import assert from 'node:assert';
+
+import pgClients from '../../pg/pgClients.js';
+import init from '../../pg/funcs/init.js';
+
+import build from '../../helper.js';
+import config from '../config.js';
+
+const prefix = config.prefix || '/api';
+
+const body = {
+  name: 'test.user.cls',
+  type: 'json',
+  children: [
+    {
+      id: 'get',
+      text: 'Отримання',
+    },
+  ],
+};
+
+test('applyHook to API data/table', async (t) => {
+  const app = await build(t);
+  await init(pgClients.client);
+
+  app.addHook('onRequest', async (req) => {
+    req.session = { passport: { user: { uid: '1' } } };
+  });
+
+  await t.test('GET /user-info', async () => {
+    const res = await app.inject({
+      method: 'GET',
+      url: `${prefix}/user-info`,
+    });
+    assert.equal(res.statusCode, 200);
+    assert.equal(res.json().uid, '1');
+    assert.ok(res.json().user_name, 'not enough info: user_name');
+    assert.ok(res.json().notifications || res.json().notifications === 0, 'not enough info: notifications');
+  });
+
+  await t.test('GET /user-cls', async () => {
+    const res = await app.inject({
+      method: 'GET',
+      url: `${prefix}/user-cls`,
+    });
+    const { message = {} } = res.json() || {};
+    assert.ok(message.rows?.length, 'empty cls list');
+  });
+
+  await t.test('POST /user-cls', async () => {
+    const res = await app.inject({
+      method: 'POST',
+      url: `${prefix}/user-cls`,
+      body,
+    });
+    assert.equal(res.statusCode, 200);
+    assert.ok(res.json().children?.length, 'insert user cls error');
+  });
+
+  await t.test('GET /user-cls/:name', async () => {
+    const res = await app.inject({
+      method: 'GET',
+      url: `${prefix}/user-cls/${body.name}`,
+      body,
+    });
+    assert.equal(res.statusCode, 200);
+    assert.equal(res.json().status || 200, 200);
+    assert.equal(res.json().message?.children?.length, 1);
+  });
+
+  await t.test('clean up', async () => {
+    const { rowCount = 0 } = await pgClients.client.query(`with recursive rows as (
+            select user_clsid, name, code, icon, color, parent
+            from admin.user_cls a
+            where name=$1
+            union all
+            select a.user_clsid, a.name, a.code, a.icon, a.color, a.parent
+            from admin.user_cls a
+            join rows b on a.parent=b.name
+          ) delete from admin.user_cls where user_clsid in (select user_clsid from rows )`, [body.name]);
+    console.log('clean up', rowCount);
+  });
+});

package/user/controllers/user.cls.id.js

@@ -0,0 +1,14 @@
+import userCls from './user.cls.js';
+
+export default async function userClsId(req) {
+  const { id } = req.params || {};
+  const res = await userCls(req);
+  if (req.query?.sql || res?.error) {
+    return res;
+  }
+  const { rows = [] } = res?.message || {};
+  if (!rows?.length) {
+    return { message: `cls not found: ${id}`, status: 404 };
+  }
+  return { message: rows?.[0], status: 200 };
+}

package/user/controllers/user.cls.js

@@ -0,0 +1,71 @@
+import { readFile } from 'fs/promises';
+import { getSelect, getTemplatePath } from '../../utils.js';
+
+export default async function userCls(req) {
+  const {
+    pg, params = {}, query = {}, session = {},
+  } = req;
+  const { uid } = session.passport?.user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  const q = `select user_clsid as id, name, type, 
+  case when type='json' then (
+      ${params?.id
+    ? `(with recursive rows as (
+        select user_clsid, name, code, icon, color, parent
+        from admin.user_cls a
+        where name=u.name
+        union all
+        select a.user_clsid, a.name, a.code, a.icon, a.color, a.parent
+        from admin.user_cls a
+        join rows b on a.parent=b.name
+      ) select json_agg(row_to_json(q)) from rows q where name<>u.name
+     )`
+    : 'select count(*)::int from admin.user_cls where parent=u.name'} ) else null end as children, 
+      case when type='sql' then data else null end as sql from admin.user_cls u
+    where (case when type='json' then parent is null else true end)
+    and uid=(select uid from admin.users where $1 in (login,uid) limit 1)
+    and ${params?.id ? 'u.name=$2' : '1=1'}`;
+
+  if (query?.sql) return q;
+
+  try {
+    const { rows = [] } = await pg.query(q, [uid, params.id].filter((el) => el));
+
+    rows.forEach((row) => {
+      if (row.type === 'sql') delete row.children;
+      if (row.type === 'json') { delete row.sql; Object.assign(row, { children: row.children || (params?.id ? [] : 0) }); }
+    });
+
+    const clsList = getTemplatePath('cls');
+    const selectList = getTemplatePath('select');
+
+    const userClsNames = rows.map((el) => el.name);
+    const selectNames = selectList.map((el) => el[0]);
+
+    const arr = (clsList || []).concat(selectList || []).map((el) => ({ name: el[0], path: el[1], type: el[2] }))
+      ?.filter((el) => (params?.id ? el.name === params?.id : true))
+      ?.filter((el) => ['sql', 'json'].includes(el?.type) && !userClsNames.includes(el.name))
+      ?.filter((el) => (el?.type === 'json' ? !selectNames?.includes(el?.name) : true));
+
+    const res = await Promise.all(arr?.map(async (el) => {
+      const type = { json: 'cls', sql: 'select' }[el.type] || el.type;
+      // const clsData = await getSelect(type, el.name);
+      const str = await readFile(el.path, 'utf-8');
+      const clsData = type === 'cls' ? JSON.parse(str) : str;
+      if (type === 'cls') {
+        const children = params?.id ? clsData : clsData?.length || 0;
+        return { name: el.name, type: el.type, children };
+      }
+      return { name: el.name, type: el.type, sql: clsData?.sql || clsData };
+    }));
+
+    return { message: { rows: rows.concat(res) }, status: 200 };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 200 };
+  }
+}

package/user/controllers/user.cls.post.js

@@ -0,0 +1,55 @@
+export default async function userClsPost({
+  pg, body = {}, session = {},
+}) {
+  const { uid } = session.passport?.user || {};
+  const {
+    name, type = 'json', children = [], sql,
+  } = body;
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (!name) {
+    return { message: 'not enough params: name', status: 400 };
+  }
+
+  if (type === 'json' && (!Array.isArray(children) || !children.length || !children?.[0]?.id)) {
+    return { message: 'invalid params: children (array of objects)', status: 400 };
+  }
+
+  if (type === 'sql' && (!sql || typeof sql !== 'string')) {
+    return { message: 'invalid params: sql (string)', status: 400 };
+  }
+
+  try {
+    const { rowCount = 0 } = await pg.query(`with recursive rows as (
+      select user_clsid, name, code, icon, color, parent
+      from admin.user_cls a
+      where name=$1
+      union all
+      select a.user_clsid, a.name, a.code, a.icon, a.color, a.parent
+      from admin.user_cls a
+      join rows b on a.parent=b.name
+    ) delete from admin.user_cls where user_clsid in (select user_clsid from rows )`, [name]);
+    console.log('delete old user cls', name, rowCount);
+
+    const { id, data } = await pg.query('insert into admin.user_cls(name,type,data,uid) values($1,$2,$3,$4) returning user_clsid as id, data', [name, type, sql, uid])
+      .then((res) => res.rows?.[0] || {});
+    if (type === 'json') {
+      if (!id) { return { error: 'insert user cls error', status: 500 }; }
+      const q1 = `insert into admin.user_cls(code,name,color,icon,parent,uid)
+      
+      select value->>'id',value->>'text',value->>'color',value->>'icon', '${name.replace(/'/g, "''")}', '${uid}'
+      from json_array_elements('${JSON.stringify(children).replace(/'/g, "''")}'::json)
+      
+      returning user_clsid as id, code, name, parent`;
+      const { rows = [] } = await pg.query(q1);
+      return { id, children: rows };
+    }
+    return { id, data };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/user/controllers/user.info.js

@@ -0,0 +1,21 @@
+export default async function userInfo({
+  pg, session = {},
+}) {
+  const { uid } = session.passport?.user || {};
+
+  if (!uid) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  const data = await pg.query(`select user_name, sur_name, father_name, user_rnokpp, user_type, email, login from admin.users 
+  where uid=$1`, [uid]).then((res) => res.rows?.[0] || {});
+
+  try {
+    const { notifications = 0 } = await pg.query(`select count(*)::int as notifications from crm.notifications 
+    where addressee_id=$1 and read is not true`, [uid]).then((res) => res.rows?.[0] || {});
+    return { uid, ...data, notifications };
+  }
+  catch (err) {
+    return { error: err.toString(), status: 500 };
+  }
+}

package/user/index.js

@@ -0,0 +1,46 @@
+import userCls from './controllers/user.cls.js';
+import userClsId from './controllers/user.cls.id.js';
+import userInfo from './controllers/user.info.js';
+import userClsPost from './controllers/user.cls.post.js';
+
+async function plugin(fastify, opts) {
+  const { prefix = '/api' } = opts || {};
+  fastify.route({
+    method: 'GET',
+    url: `${prefix}/user-cls`,
+    config: {
+      policy: ['user'],
+    },
+    schema: {},
+    handler: userCls,
+  });
+  fastify.route({
+    method: 'GET',
+    url: `${prefix}/user-cls/:id`,
+    config: {
+      policy: ['user'],
+    },
+    schema: {},
+    handler: userClsId,
+  });
+  fastify.route({
+    method: 'POST',
+    url: `${prefix}/user-cls`,
+    config: {
+      policy: ['user'],
+    },
+    schema: {},
+    handler: userClsPost,
+  });
+  fastify.route({
+    method: 'GET',
+    url: `${prefix}/user-info`,
+    config: {
+      policy: ['user'],
+    },
+    schema: {},
+    handler: userInfo,
+  });
+}
+
+export default plugin;

package/utils.js

@@ -24,8 +24,13 @@ import gisIRColumn from './table/controllers/utils/gisIRColumn.js';
 import getMeta from './pg/funcs/getMeta.js';
 import getAccess from './crud/funcs/getAccess.js';
 import getSelectVal from './table/funcs/metaFormat/getSelectVal.js';
+import getSelect from './table/controllers/utils/getSelect.js';
+import getSelectMeta from './table/controllers/utils/getSelectMeta.js';
 import applyHook from './hook/funcs/applyHook.js';
 import addHook from './hook/funcs/addHook.js';
+import execMigrations from './migration/exec.migrations.js';
+import addNotification from './notification/funcs/addNotification.js';
+import sendNotification from './notification/funcs/sendNotification.js';
 
 export default null;
 export {
@@ -49,6 +54,11 @@ export {
   getMeta,
   getAccess,
   getSelectVal,
+  getSelectMeta,
+  getSelect,
   applyHook,
   addHook,
+  execMigrations,
+  addNotification,
+  sendNotification,
 };

package/widget/controllers/widget.set.js

@@ -1,8 +1,8 @@
 import path from 'path';
 
-import getMeta from '../../pg/funcs/getMeta.js';
-import dataInsert from '../../crud/funcs/dataInsert.js';
-import dataUpdate from '../../crud/funcs/dataUpdate.js';
+import {
+  getMeta, dataInsert, dataUpdate, applyHook,
+} from '../../utils.js';
 
 const tableList = {
   comment: 'crm.communications',
@@ -21,8 +21,8 @@ export default async function widgetSet(req) {
   } = req;
   const { user = {} } = session.passport || {};
   const { type, id, objectid } = params;
-  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) return { error: 'param type not valid', status: 400 };
-  if (!objectid) return { error: 'id required', status: 400 };
+  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) return { message: 'param type not valid', status: 400 };
+  if (!objectid) return { message: 'id required', status: 400 };
 
   const table = tableList[type];
 
@@ -57,6 +57,7 @@ export default async function widgetSet(req) {
 
     const data = { ...body, uid: user?.uid, entity_id: objectid };
 
+    await applyHook('onWidgetSet', { req, type, data });
     const result = id
       ? await dataUpdate({
         table, data, id, uid: user?.uid,

package/hook/index.js

@@ -1,6 +0,0 @@
-import addHook from './funcs/addHook.js';
-import applyHook from './funcs/applyHook.js';
-
-export default async function plugin(fastify, opts) {
-  fastify.decorate('hook', { add: addHook, apply: applyHook });
-}