@opengis/fastify-table 1.1.42 → 1.1.43

package/Changelog.md

@@ -1,5 +1,10 @@
 # fastify-table
 
+## 1.1.43 - 21.10.2024
+
+- addHook params refactor
+- add handlebars to utils
+
 ## 1.1.40 - 18.10.2024
 
 - fix migrations

package/README.md

@@ -1,26 +1,26 @@
-# fastify-table
-
-[![NPM version](https://img.shields.io/npm/v/@opengis/fastify-table)](https://www.npmjs.com/package/@opengis/fastify-table)
-[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
-
-It standardizes the entire form building process, while taking care of everything from rendering to validation and processing:
-
-- pg
-- redis
-- crud
-
-## Install
-
-```bash
-npm i @opengis/fastify-table
-```
-
-## Usage
-
-```js
-fastify.register(import('@opengis/fastify-table'), config);
-```
-
-## Documenation
-
-For a detailed understanding fastify-table, its features, and how to use them, refer to our [Documentation](https://apidocs.softpro.ua/gis.storage/).
+# fastify-table
+
+[![NPM version](https://img.shields.io/npm/v/@opengis/fastify-table)](https://www.npmjs.com/package/@opengis/fastify-table)
+[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
+
+It standardizes the entire form building process, while taking care of everything from rendering to validation and processing:
+
+- pg
+- redis
+- crud
+
+## Install
+
+```bash
+npm i @opengis/fastify-table
+```
+
+## Usage
+
+```js
+fastify.register(import('@opengis/fastify-table'), config);
+```
+
+## Documenation
+
+For a detailed understanding fastify-table, its features, and how to use them, refer to our [Documentation](https://apidocs.softpro.ua/gis.storage/).

package/config.js

@@ -1,10 +1,10 @@
-import fs from 'fs';
-
-const fileName = ['config.json', '/data/local/config.json'].find(el => (fs.existsSync(el) ? el : null));
-const config = fileName ? JSON.parse(fs.readFileSync(fileName)) : {};
-
-Object.assign(config, {
-  allTemplates: config?.allTemplates || {},
-});
-
-export default config;
+import fs from 'fs';
+
+const fileName = ['config.json', '/data/local/config.json'].find(el => (fs.existsSync(el) ? el : null));
+const config = fileName ? JSON.parse(fs.readFileSync(fileName)) : {};
+
+Object.assign(config, {
+  allTemplates: config?.allTemplates || {},
+});
+
+export default config;

package/cron/controllers/cronApi.js

@@ -1,22 +1,22 @@
-import cronList from './utils/cronList.js';
-
-export default async function cronApi(req) {
-  const {
-    params = {}, user = {}, hostname,
-  } = req;
-
-  if ((!user.uid || !user.user_type?.includes('admin')) && !hostname?.includes('localhost')) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  if (params.name === 'list') {
-    return { data: Object.keys(cronList || {}) };
-  }
-
-  if (!cronList[params.name]) {
-    return { message: `cron not found: ${params.name}`, status: 404 };
-  }
-
-  const result = await cronList[params.name](req);
-  return result;
-}
+import cronList from './utils/cronList.js';
+
+export default async function cronApi(req) {
+  const {
+    params = {}, user = {}, hostname,
+  } = req;
+
+  if ((!user.uid || !user.user_type?.includes('admin')) && !hostname?.includes('localhost')) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (params.name === 'list') {
+    return { data: Object.keys(cronList || {}) };
+  }
+
+  if (!cronList[params.name]) {
+    return { message: `cron not found: ${params.name}`, status: 404 };
+  }
+
+  const result = await cronList[params.name](req);
+  return result;
+}

package/cron/controllers/utils/cronList.js

@@ -1 +1 @@
-export default {};
+export default {};

package/cron/funcs/addCron.js

@@ -3,10 +3,11 @@ import { createHash } from 'crypto';
 import cronList from '../controllers/utils/cronList.js';
 import getRedis from '../../redis/funcs/getRedis.js';
 import getPG from '../../pg/funcs/getPG.js';
+import config from '../../config.js';
 
 const md5 = (string) => createHash('md5').update(string).digest('hex');
 
-async function verifyUnique(name, config, rclient) {
+async function verifyUnique(name, rclient) {
   const cronId = config.port || 3000 + md5(name);
   // one per node check
   const key = `cron:unique:${cronId}`;
@@ -59,7 +60,7 @@ const interval2ms = {
 async function runCron({
   pg, funcs, func, name, rclient, log,
 }) {
-  const unique = await verifyUnique(name, funcs.config, rclient);
+  const unique = await verifyUnique(name, rclient);
 
   if (!unique) return;
   const db = pg.options.database;
@@ -92,7 +93,7 @@ export default async function addCron(func, interval, fastify) {
     throw new Error('not enough params: fastify');
   }
 
-  const { config = {}, log } = fastify;
+  const { log } = fastify;
   const { time = {}, disabled = [] } = config.cron || {};
   const pg = getPG();
   const rclient = getRedis();

package/cron/index.js

@@ -1,10 +1,10 @@
-import cronApi from './controllers/cronApi.js';
-import addCron from './funcs/addCron.js';
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  fastify.decorate('addCron', addCron);
-  fastify.get(`${prefix}/cron/:name`, {}, cronApi);
-}
-
-export default plugin;
+import cronApi from './controllers/cronApi.js';
+import addCron from './funcs/addCron.js';
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  fastify.decorate('addCron', addCron);
+  fastify.get(`${prefix}/cron/:name`, {}, cronApi);
+}
+
+export default plugin;

package/crud/controllers/deleteCrud.js

@@ -1,19 +1,27 @@
 import dataDelete from '../funcs/dataDelete.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-import getAccess from '../funcs/getAccess.js';
+import { getTemplate, getAccess, applyHook } from '../../utils.js';
 
 export default async function deleteCrud(req) {
-  const { actions = [], scope, my } = await getAccess(req, req.params.table, req.params.id) || {};
+  const { user, params = {} } = req || {};
+  const hookData = await applyHook('preDelete', {
+    table: params?.table, id: params?.id, user,
+  });
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+
+  const { table: del, id } = hookData || req.params || {};
+  const { actions = [], scope, my } = await getAccess(req, del, id) || {};
+
   if (!actions.includes('del') || (scope === 'my' && !my)) {
     return { message: 'access restricted', status: 403 };
   }
-  const loadTemplate = await getTemplate('table', req.opt?.table || req.params.table);
-  const { table } = loadTemplate || req.opt || req.params || {};
-  const { id } = req.opt || req.params || {};
+  const loadTemplate = await getTemplate('table', del);
+  const { table } = loadTemplate || hookData || req.params || {};
 
   if (!table) return { status: 404, message: 'table is required' };
+  if (!id) return { status: 404, message: 'id is required' };
 
-  const { user = {} } = req;
   const data = await dataDelete({
     table, id, uid: user?.uid,
   });

package/crud/controllers/insert.js

@@ -1,54 +1,62 @@
 import {
-  applyHook, getAccess, getTemplate, checkXSS, getToken, dataInsert,
+  applyHook, getAccess, getTemplate, checkXSS, dataInsert,
 } from '../../utils.js';
 
 export default async function insert(req) {
-  const { actions = [] } = await getAccess(req, req.params.table) || {};
+  const {
+    pg, user, params = {}, body = {},
+  } = req || {};
+  const hookData = await applyHook('preInsert', { table: params?.table, user });
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+
+  const { form, table: add } = hookData || req.params || {};
+
+  const { actions = [] } = await getAccess(req, add) || {};
+
   if (!actions.includes('edit')) {
     return { message: 'access restricted', status: 403 };
   }
-  if (!req.params?.table) {
+
+  if (!add) {
     return { message: 'table is required', status: 400 };
   }
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table, public: ispublic } = loadTemplate || req.params || {};
+
+  const loadTemplate = await getTemplate('table', add);
+  const { table, public: ispublic } = loadTemplate || hookData || req.params || {};
   if (!table) {
     return { message: 'table not found', status: 404 };
   }
 
-  const { funcs = {}, user = {}, params = {} } = req;
-  const tokenDataString = await getToken({
-    funcs, uid: user.uid, token: params.table, mode: 'a', json: 0,
-  });
-
-  const { form, add } = JSON.parse(tokenDataString || '{}');
-
   const formData = form || loadTemplate?.form ? (await getTemplate('form', form || loadTemplate?.form) || {}) : {};
 
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
 
   if (xssCheck.error && formData?.xssCheck !== false) {
     req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
     return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
   }
 
-  const { uid } = funcs.config?.auth?.disable || ispublic ? { uid: '1' } : user || {};
-  if (add || table !== 'admin.users') {
-    Object.assign(req.body, { uid, editor_id: uid });
+  const uid = ispublic ? (user?.uid || '1') : user?.uid;
+  if ((add || table) !== 'admin.users') {
+    Object.assign(body, { uid, editor_id: uid });
   }
   const res = await dataInsert({
-    table: add || table, data: req.body, uid,
+    table: loadTemplate?.table, data: body, uid,
   });
 
   // admin.custom_column
-  await applyHook('afterInsert', { req, res });
+  await applyHook('afterInsert', {
+    table, body, payload: res, user,
+  });
   // form DataTable
-  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && req.body[key].length);
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
   if (extraKeys?.length) {
     res.extra = {};
     await Promise.all(extraKeys?.map(async (key) => {
-      const objId = req.body[formData[key].parent_id] || req.body?.id;
-      const extraRows = await Promise.all(req.body[key].map(async (row) => {
+      const objId = body[formData[key].parent_id] || req.body?.id;
+      const extraRows = await Promise.all(body[key].map(async (row) => {
         const extraRes = await dataInsert({
           table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid,
         });

package/crud/controllers/update.js

@@ -1,33 +1,42 @@
 import {
-  pgClients, applyHook, getAccess, getTemplate, checkXSS, getToken, dataInsert, dataUpdate,
+  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate,
 } from '../../utils.js';
 
 export default async function update(req) {
-  const { actions = [], scope, my } = await getAccess(req, req.params.table, req.params.id) || {};
+  const {
+    pg, user, params = {}, body = {},
+  } = req || {};
+  const hookData = await applyHook('preUpdate', {
+    table: params?.table, id: params?.id, user,
+  });
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+
+  const { form, table: edit, id } = hookData || req.params;
+
+  const { actions = [], scope, my } = await getAccess(req, edit, id) || {};
+
   if (!actions.includes('edit') || (scope === 'my' && !my)) {
     return { message: 'access restricted', status: 403 };
   }
-  if (!req.params?.table) {
+
+  if (!edit) {
     return { message: 'table is required', status: 400 };
   }
-  if (!req.params?.id) {
+
+  if (!id) {
     return { message: 'id is required', status: 404 };
   }
-  const loadTemplate = await getTemplate('table', req.params.table);
-  const { table, public: ispublic } = loadTemplate || req.params || {};
-  const { id } = req.params || {};
-
-  const { funcs = {}, user = {}, params = {} } = req;
-  const uid = funcs.config?.auth?.disable || ispublic ? '1' : user.uid;
-  const tokenDataString = await getToken({
-    funcs, uid, token: params.table, mode: 'w', json: 0,
-  });
 
-  const tokenData = JSON.parse(tokenDataString || '{}');
+  const loadTemplate = await getTemplate('table', edit);
+  const { table, public: ispublic } = loadTemplate || hookData || req.params || {};
 
-  const formData = tokenData?.form || loadTemplate?.form ? await getTemplate('form', tokenData.form || loadTemplate?.form) : {};
+  const uid = ispublic ? (user?.uid || '1') : user?.uid;
 
-  const xssCheck = checkXSS({ body: req.body, schema: formData?.schema });
+  const formData = form || loadTemplate?.form ? await getTemplate('form', form || loadTemplate?.form) : {};
+
+  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
 
   if (xssCheck.error && formData?.xssCheck !== false) {
     req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
@@ -35,22 +44,24 @@ export default async function update(req) {
   }
 
   const res = await dataUpdate({
-    table: tokenData?.table || table, id: tokenData?.id || id, data: req.body, uid,
+    table: loadTemplate?.table || table, id, data: body, uid,
   });
 
   // admin.custom_column
-  await applyHook('afterUpdate', { req, res });
+  await applyHook('afterUpdate', {
+    table: params?.table, body, payload: res, user,
+  });
 
   // form DataTable
-  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && req.body[key].length);
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
   if (extraKeys?.length) {
     res.extra = {};
     await Promise.all(extraKeys?.map(async (key) => {
-      const objId = req.body[formData[key].parent_id] || req.body?.id;
+      const objId = body[formData[key].parent_id] || body?.id;
       // delete old extra data
       await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [objId]); // rewrite?
       // insert new extra data
-      const extraRows = await Promise.all(req.body[key].map(async (row) => {
+      const extraRows = await Promise.all(body[key].map(async (row) => {
         const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid });
         return extraRes?.rows?.[0];
       }));

package/crud/controllers/utils/checkXSS.js

@@ -1,45 +1,45 @@
-/* import sqlInjection from '../../../policy/funcs/sqlInjection.js'; */
-import xssInjection from './xssInjection.js';
-
-/* const checkList = xssInjection.concat(sqlInjection); */
-
-// RTE - rich text editor
-
-function checkXSS({ body, schema = {} }) {
-  const data = typeof body === 'string' ? body : JSON.stringify(body);
-  const stopWords = xssInjection.filter((el) => data.toLowerCase().includes(el));
-
-  // check sql injection
-  const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/gi);
-  if (stopSpecialSymbols?.length) stopSpecialSymbols?.forEach((el) => stopWords.push(el));
-
-  // escape arrows on non-RTE
-  Object.keys(body)
-    .filter((key) => ['<', '>'].find((el) => body[key]?.includes?.(el))
-  && !['Summernote', 'Tiny', 'Ace'].includes(schema[key]?.type))
-    ?.forEach((key) => {
-      Object.assign(body, { [key]: body[key].replace(/</g, '&lt;').replace(/>/g, '&gt;') });
-    });
-  // try { } catch (err) { return { error: err.toString() }; }
-
-  if (!stopWords.length) return { body };
-
-  const disabledCheckFields = Object.keys(schema)?.filter((el) => schema[el]?.xssCheck === false); // exclude specific columns
-
-  // check RTE
-  /* const richTextFields = Object.keys(schema).filter((el) => ['Summernote', 'Tiny', 'Ace'].includes(schema[el]?.type));
-  richTextFields.filter((key) => !checkList.find((el) => body[key].includes(el)))?.forEach((key) => {
-    disabledCheckFields.push(key);
-  }); */
-
-  const field = Object.keys(body)
-    ?.find((key) => body[key]
-        && !disabledCheckFields.includes(key)
-        && body[key].toLowerCase().includes(stopWords[0]));
-  if (field) {
-    return { error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`, body };
-  }
-  return { body };
-}
-
-export default checkXSS;
+/* import sqlInjection from '../../../policy/funcs/sqlInjection.js'; */
+import xssInjection from './xssInjection.js';
+
+/* const checkList = xssInjection.concat(sqlInjection); */
+
+// RTE - rich text editor
+
+function checkXSS({ body, schema = {} }) {
+  const data = typeof body === 'string' ? body : JSON.stringify(body);
+  const stopWords = xssInjection.filter((el) => data.toLowerCase().includes(el));
+
+  // check sql injection
+  const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/gi);
+  if (stopSpecialSymbols?.length) stopSpecialSymbols?.forEach((el) => stopWords.push(el));
+
+  // escape arrows on non-RTE
+  Object.keys(body)
+    .filter((key) => ['<', '>'].find((el) => body[key]?.includes?.(el))
+  && !['Summernote', 'Tiny', 'Ace'].includes(schema[key]?.type))
+    ?.forEach((key) => {
+      Object.assign(body, { [key]: body[key].replace(/</g, '&lt;').replace(/>/g, '&gt;') });
+    });
+  // try { } catch (err) { return { error: err.toString() }; }
+
+  if (!stopWords.length) return { body };
+
+  const disabledCheckFields = Object.keys(schema)?.filter((el) => schema[el]?.xssCheck === false); // exclude specific columns
+
+  // check RTE
+  /* const richTextFields = Object.keys(schema).filter((el) => ['Summernote', 'Tiny', 'Ace'].includes(schema[el]?.type));
+  richTextFields.filter((key) => !checkList.find((el) => body[key].includes(el)))?.forEach((key) => {
+    disabledCheckFields.push(key);
+  }); */
+
+  const field = Object.keys(body)
+    ?.find((key) => body[key]
+        && !disabledCheckFields.includes(key)
+        && body[key].toLowerCase().includes(stopWords[0]));
+  if (field) {
+    return { error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`, body };
+  }
+  return { body };
+}
+
+export default checkXSS;

package/crud/controllers/utils/xssInjection.js

@@ -1,72 +1,72 @@
-const xssInjection = [
-  'onkeypress=',
-  'onkeyup=',
-  'ondblclick=',
-  'onerror=',
-  'onmouseover=',
-  '<meta',
-  '<script',
-  'vascript:',
-  'onkeydown=',
-  'onmousedown=',
-  'onmouseenter=',
-  'onmouseleave=',
-  'onmousemove=',
-  'onmouseout=',
-  'onmouseup=',
-  'onmousewheel=',
-  'onpaste=',
-  'onscroll=',
-  'onwheel=',
-  'javascript:',
-  '\\x',
-  'eval(',
-  'onmouseover=',
-  'action=',
-  'xlink:',
-  'allowscriptaccess',
-  'href=',
-  'behavior:',
-  'onreadystatechange=',
-  'onstart=',
-  'offline=',
-  'onabort=',
-  'onafterprint=',
-  'onbeforeonload=',
-  'onbeforeprint=',
-  'onblur=',
-  'oncanplay=',
-  'oncanplaythrough=',
-  'onchange=',
-  'onclick=',
-  'oncontextmenu=',
-  'ondblclick=',
-  'ondrag=',
-  'ondragend=',
-  'ondragenter=',
-  'ondragleave=',
-  'ondragover=',
-  'ondragstart=',
-  'ondrop=',
-  'ondurationchange=',
-  'onemptied=',
-  'onended=',
-  'onerror=',
-  'onfocus=',
-  'onformchange=',
-  'onforminput=',
-  'onhaschange=',
-  'oninput=',
-  'oninvalid=',
-  'onkeydown=',
-  'onkeypress=',
-  'onkeyup=',
-  'onload=',
-  'onloadeddata=',
-  'onloadedmetadata=',
-  'onloadstart=',
-  'alert(',
-  'script:',
-];
-
-export default xssInjection;
+const xssInjection = [
+  'onkeypress=',
+  'onkeyup=',
+  'ondblclick=',
+  'onerror=',
+  'onmouseover=',
+  '<meta',
+  '<script',
+  'vascript:',
+  'onkeydown=',
+  'onmousedown=',
+  'onmouseenter=',
+  'onmouseleave=',
+  'onmousemove=',
+  'onmouseout=',
+  'onmouseup=',
+  'onmousewheel=',
+  'onpaste=',
+  'onscroll=',
+  'onwheel=',
+  'javascript:',
+  '\\x',
+  'eval(',
+  'onmouseover=',
+  'action=',
+  'xlink:',
+  'allowscriptaccess',
+  'href=',
+  'behavior:',
+  'onreadystatechange=',
+  'onstart=',
+  'offline=',
+  'onabort=',
+  'onafterprint=',
+  'onbeforeonload=',
+  'onbeforeprint=',
+  'onblur=',
+  'oncanplay=',
+  'oncanplaythrough=',
+  'onchange=',
+  'onclick=',
+  'oncontextmenu=',
+  'ondblclick=',
+  'ondrag=',
+  'ondragend=',
+  'ondragenter=',
+  'ondragleave=',
+  'ondragover=',
+  'ondragstart=',
+  'ondrop=',
+  'ondurationchange=',
+  'onemptied=',
+  'onended=',
+  'onerror=',
+  'onfocus=',
+  'onformchange=',
+  'onforminput=',
+  'onhaschange=',
+  'oninput=',
+  'oninvalid=',
+  'onkeydown=',
+  'onkeypress=',
+  'onkeyup=',
+  'onload=',
+  'onloadeddata=',
+  'onloadedmetadata=',
+  'onloadstart=',
+  'alert(',
+  'script:',
+];
+
+export default xssInjection;