@opengis/fastify-table 1.1.48 → 1.1.49

package/crud/funcs/setToken.js

@@ -1,53 +1,53 @@
-import { createHash, randomUUID } from 'crypto';
-
-import config from '../../config.js';
-import getRedis from '../../redis/funcs/getRedis.js';
-
-const generateCodes = (ids, userToken) => {
-  const token = userToken || randomUUID();
-  const notNullIds = ids.filter((el) => el);
-  const obj = {};
-  const codes = notNullIds.reduce((acc, id) => {
-    const newToken = createHash('sha1').update(token + id).digest('base64url').replace(/-/g, '');
-    acc[newToken] = id; obj[id] = newToken;
-    return acc;
-  }, {});
-  return { codes, obj };
-};
-
-function setToken({
-  ids: idsOrigin, mode = 'r', uid, array,
-}) {
-  const rclient2 = getRedis({ db: 0 });
-  //  const rclient5 = getRedis({ db: 0, funcs });
-
-  if (!uid) return { user: 'empty' };
-  if (!Object.keys(idsOrigin).length) return { ids: 'empty' };
-
-  const ids = idsOrigin.map((el) => (typeof el === 'object' ? JSON.stringify(el) : el));
-  // update/delete
-
-  if (mode === 'r') return null;
-
-  // TODO generate salt
-  const { codes, obj } = generateCodes(ids, uid);
-
-  if (!Object.keys(codes).length) return { ids: 'empty' };
-
-  rclient2.hmset(`${config.pg.database}:token:${{
-    e: 'exec', r: 'view', w: 'edit', a: 'add',
-  }[mode]}:${uid}`, codes);
-  // console.log(codes);
-  // log token for debug. add extra data - uid, mode, date
-  /* const dt = new Date().toISOString();
-   const codesLog = Object.keys(codes).reduce((acc, key) => {
-    acc[key] = `{"referer": "${referer}" ,"uid":"${uid}","mode":"${mode}","date":"${dt}",${codes[key].substr(1)}`;
-    return acc;
-  }, {});
-   rclient5.hmset(`${config.pg.database}:token:edit`, codesLog); // 'EX', 64800 */
-
-  // TODO дополнительно писать в hset token -> uid
-  return array ? Object.values(obj) : obj;
-}
-
-export default setToken;
+import { createHash, randomUUID } from 'crypto';
+
+import config from '../../config.js';
+import getRedis from '../../redis/funcs/getRedis.js';
+
+const generateCodes = (ids, userToken) => {
+  const token = userToken || randomUUID();
+  const notNullIds = ids.filter((el) => el);
+  const obj = {};
+  const codes = notNullIds.reduce((acc, id) => {
+    const newToken = createHash('sha1').update(token + id).digest('base64url').replace(/-/g, '');
+    acc[newToken] = id; obj[id] = newToken;
+    return acc;
+  }, {});
+  return { codes, obj };
+};
+
+function setToken({
+  ids: idsOrigin, mode = 'r', uid, referer, array,
+}) {
+  const rclient2 = getRedis({ db: 0 });
+  //  const rclient5 = getRedis({ db: 0, funcs });
+
+  if (!uid) return { user: 'empty' };
+  if (!Object.keys(idsOrigin).length) return { ids: 'empty' };
+
+  const ids = idsOrigin.map((el) => (typeof el === 'object' ? JSON.stringify(el) : el));
+  // update/delete
+
+  if (mode === 'r') return null;
+
+  // TODO generate salt
+  const { codes, obj } = generateCodes(ids, uid);
+
+  if (!Object.keys(codes).length) return { ids: 'empty' };
+
+  rclient2.hmset(`${config.pg.database}:token:${{
+    e: 'exec', r: 'view', w: 'edit', a: 'add',
+  }[mode]}:${uid}`, codes);
+
+  // log token for debug. add extra data - uid, mode, date
+  /* const dt = new Date().toISOString();
+   const codesLog = Object.keys(codes).reduce((acc, key) => {
+    acc[key] = `{"referer": "${referer}" ,"uid":"${uid}","mode":"${mode}","date":"${dt}",${codes[key].substr(1)}`;
+    return acc;
+  }, {});
+   rclient5.hmset(`${config.pg.database}:token:edit`, codesLog); // 'EX', 64800 */
+
+  // TODO дополнительно писать в hset token -> uid
+  return array ? Object.values(obj) : obj;
+}
+
+export default setToken;

package/crud/funcs/utils/getFolder.js

@@ -0,0 +1,9 @@
+import path from 'node:path';
+import config from '../../../config.js';
+
+export default function getFolder(req, type = 'server') {
+  if (!['server', 'local'].includes(type)) throw new Error('params type is invalid');
+  const types = { local: req.root || config.root, server: req.mapServerRoot || config.mapServerRoot };
+  const filepath = path.posix.join(types[type] || `/data/local/${req.pg?.options?.database || ''}`, req.folder || config.folder || '');
+  return filepath;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.1.48",
+  "version": "1.1.49",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",
@@ -15,7 +15,6 @@
     "@fastify/sensible": "^5.0.0",
     "@fastify/url-data": "^5.4.0",
     "@opengis/fastify-hb": "^1.4.2",
-    "@opengis/fastify-table": "^1.1.47",
     "fastify": "^4.26.1",
     "fastify-plugin": "^4.0.0",
     "ioredis": "^5.3.2",
@@ -26,17 +25,17 @@
   },
   "devDependencies": {
     "@panzoom/panzoom": "^4.5.1",
-    "eslint": "^8.49.0",
-    "eslint-config-airbnb": "^19.0.4",
     "markdown-it-abbr": "^2.0.0",
-    "mermaid": "^10.9.3",
+    "mermaid": "10.9.1",
     "sass": "1.72.0",
     "vitepress": "^1.3.4",
     "vitepress-plugin-mermaid": "^2.0.16",
     "vitepress-plugin-tabs": "^0.5.0",
     "vitepress-sidebar": "^1.25.0",
-    "vue": "^3.4.27"
+    "vue": "^3.4.27",
+    "eslint": "^8.49.0",
+    "eslint-config-airbnb": "^19.0.4"
   },
   "author": "Softpro",
   "license": "ISC"
-}
+}

package/redis/funcs/getRedis.js

@@ -1,23 +1,23 @@
-import Redis from 'ioredis';
-import config from '../../config.js';
-import redisClients from './redisClients.js';
-
-function getRedis({ db } = { db: 0 }) {
-  if (!config.redis) return null;
-  if (redisClients[db]) return redisClients[db];
-
-  const redisConfig = {
-    db,
-    keyPrefix: `${config.db}:`,
-    host: config.redis?.host || '127.0.0.1',
-    port: config.redis?.port || 6379, // Redis port
-    family: 4, // 4 (IPv4) or 6 (IPv6)
-    closeClient: true,
-  };
-
-  redisClients[db] = new Redis(redisConfig);
-
-  return redisClients[db];
-}
-
-export default getRedis;
+import Redis from 'ioredis';
+import config from '../../config.js';
+import redisClients from './redisClients.js';
+
+function getRedis({ db } = { db: 0 }) {
+  if (!config.redis) return null;
+  if (redisClients[db]) return redisClients[db];
+
+  const redisConfig = {
+    db,
+    keyPrefix: `${config.db}:`,
+    host: config.redis?.host || '127.0.0.1',
+    port: config.redis?.port || 6379, // Redis port
+    family: 4, // 4 (IPv4) or 6 (IPv6)
+    closeClient: true,
+  };
+
+  redisClients[db] = new Redis(redisConfig);
+
+  return redisClients[db];
+}
+
+export default getRedis;

package/server/migrations/log.sql

@@ -1,81 +1,81 @@
-create schema if not exists log;
-
--- DROP TABLE IF EXISTS log.table_changes cascade;
-CREATE TABLE IF NOT EXISTS log.table_changes();
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_id text NOT NULL DEFAULT next_id();
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_type text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_date date;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_user_id text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_type text; -- table_name
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS uid text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_id text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
-
--- DROP TABLE IF EXISTS log.table_changes_data;
-CREATE TABLE IF NOT EXISTS log.table_changes_data();
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_data_id text NOT NULL DEFAULT next_id();
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_id text not null;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS entity_key text; -- column_name
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_old text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_new text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS uid text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_id text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
-
--- DROP TABLE IF EXISTS log.user_auth;
-CREATE TABLE IF NOT EXISTS log.user_auth();
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_auth_id text NOT NULL DEFAULT next_id();
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_id text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_date timestamp without time zone;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_type text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS uid text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_id text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
-
-COMMENT ON TABLE log.table_changes IS 'Логи подій змін в БД';
-COMMENT ON COLUMN log.table_changes.change_type IS 'Тип події (insert / update / delete)';
-COMMENT ON COLUMN log.table_changes.change_date IS 'Дата внесення змін до БД';
-COMMENT ON COLUMN log.table_changes.entity_type IS 'Таблиця, до якої вносяться зміни';
-COMMENT ON COLUMN log.table_changes.entity_id IS 'ID строки, до якої вносяться зміни';
-COMMENT ON COLUMN log.table_changes.change_user_id IS 'Ініціатор внесення змін';
-
-COMMENT ON TABLE log.table_changes_data IS 'Логи змін в таблицях БД';
-COMMENT ON COLUMN log.table_changes_data.change_id IS 'ID події зміни в БД';
-COMMENT ON COLUMN log.table_changes_data.entity_key IS 'Колонка таблиці, до якої вносяться зміни';
-COMMENT ON COLUMN log.table_changes_data.value_old IS 'Старе значення';
-COMMENT ON COLUMN log.table_changes_data.value_new IS 'Нове значення';
-
-COMMENT ON TABLE log.user_auth IS 'Логи авторизації';
-COMMENT ON COLUMN log.user_auth.user_id IS 'ID користувача';
-COMMENT ON COLUMN log.user_auth.auth_date IS 'Дата авторизації';
-COMMENT ON COLUMN log.user_auth.auth_type IS 'Тип авторизації';
-
-ALTER TABLE log.table_changes DROP CONSTRAINT IF EXISTS log_table_changes_pkey cascade;
-ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_pkey;
-ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_change_id_fkey;
-ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_pkey;
-ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_user_id_fkey;
-
-ALTER TABLE log.table_changes ADD CONSTRAINT log_table_changes_pkey PRIMARY KEY (change_id);
-ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_pkey PRIMARY KEY (change_data_id);
-ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_change_id_fkey FOREIGN KEY (change_id)
-REFERENCES log.table_changes (change_id);
-ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_pkey PRIMARY KEY (user_auth_id);
--- ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_user_id_fkey FOREIGN KEY (user_id) REFERENCES admin.users (uid) MATCH SIMPLE;
-
-/* drop old columns */
-alter table log.table_changes drop column if exists date_new;
-alter table log.table_changes drop column if exists date_old;
-alter table log.table_changes drop column if exists number_new;
-alter table log.table_changes drop column if exists number_old;
-alter table log.table_changes drop column if exists json_new;
-alter table log.table_changes drop column if exists json_old;
-alter table log.table_changes drop column if exists text_new;
-alter table log.table_changes drop column if exists text_old;
-alter table log.table_changes drop column if exists bool_new;
-alter table log.table_changes drop column if exists bool_old;
+create schema if not exists log;
+
+-- DROP TABLE IF EXISTS log.table_changes cascade;
+CREATE TABLE IF NOT EXISTS log.table_changes();
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_id text NOT NULL DEFAULT next_id();
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_type text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_date date;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_user_id text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_type text; -- table_name
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS uid text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+
+-- DROP TABLE IF EXISTS log.table_changes_data;
+CREATE TABLE IF NOT EXISTS log.table_changes_data();
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_data_id text NOT NULL DEFAULT next_id();
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_id text not null;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS entity_key text; -- column_name
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_old text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_new text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS uid text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+
+-- DROP TABLE IF EXISTS log.user_auth;
+CREATE TABLE IF NOT EXISTS log.user_auth();
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_auth_id text NOT NULL DEFAULT next_id();
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_id text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_date timestamp without time zone;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_type text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS uid text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+
+COMMENT ON TABLE log.table_changes IS 'Логи подій змін в БД';
+COMMENT ON COLUMN log.table_changes.change_type IS 'Тип події (insert / update / delete)';
+COMMENT ON COLUMN log.table_changes.change_date IS 'Дата внесення змін до БД';
+COMMENT ON COLUMN log.table_changes.entity_type IS 'Таблиця, до якої вносяться зміни';
+COMMENT ON COLUMN log.table_changes.entity_id IS 'ID строки, до якої вносяться зміни';
+COMMENT ON COLUMN log.table_changes.change_user_id IS 'Ініціатор внесення змін';
+
+COMMENT ON TABLE log.table_changes_data IS 'Логи змін в таблицях БД';
+COMMENT ON COLUMN log.table_changes_data.change_id IS 'ID події зміни в БД';
+COMMENT ON COLUMN log.table_changes_data.entity_key IS 'Колонка таблиці, до якої вносяться зміни';
+COMMENT ON COLUMN log.table_changes_data.value_old IS 'Старе значення';
+COMMENT ON COLUMN log.table_changes_data.value_new IS 'Нове значення';
+
+COMMENT ON TABLE log.user_auth IS 'Логи авторизації';
+COMMENT ON COLUMN log.user_auth.user_id IS 'ID користувача';
+COMMENT ON COLUMN log.user_auth.auth_date IS 'Дата авторизації';
+COMMENT ON COLUMN log.user_auth.auth_type IS 'Тип авторизації';
+
+ALTER TABLE log.table_changes DROP CONSTRAINT IF EXISTS log_table_changes_pkey cascade;
+ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_pkey;
+ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_change_id_fkey;
+ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_pkey;
+ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_user_id_fkey;
+
+ALTER TABLE log.table_changes ADD CONSTRAINT log_table_changes_pkey PRIMARY KEY (change_id);
+ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_pkey PRIMARY KEY (change_data_id);
+ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_change_id_fkey FOREIGN KEY (change_id)
+REFERENCES log.table_changes (change_id);
+ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_pkey PRIMARY KEY (user_auth_id);
+-- ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_user_id_fkey FOREIGN KEY (user_id) REFERENCES admin.users (uid) MATCH SIMPLE;
+
+/* drop old columns */
+alter table log.table_changes drop column if exists date_new;
+alter table log.table_changes drop column if exists date_old;
+alter table log.table_changes drop column if exists number_new;
+alter table log.table_changes drop column if exists number_old;
+alter table log.table_changes drop column if exists json_new;
+alter table log.table_changes drop column if exists json_old;
+alter table log.table_changes drop column if exists text_new;
+alter table log.table_changes drop column if exists text_old;
+alter table log.table_changes drop column if exists bool_new;
+alter table log.table_changes drop column if exists bool_old;
 alter table log.table_changes drop column if exists table_change_id;

package/table/controllers/data.js

@@ -13,7 +13,6 @@ export default async function dataAPI(req) {
   const {
     pg, params, query = {}, user,
   } = req;
-
   const time = Date.now();
 
   const uid = user?.uid || query.uid || 0;
@@ -25,20 +24,25 @@ export default async function dataAPI(req) {
     return { message: hookData?.message, status: hookData?.status };
   }
 
-  const loadTable = await getTemplate('table', hookData?.table || params.table);
-  if (!loadTable) { return { message: 'template not found', status: 404 }; }
-
-  const id = hookData?.id || params?.id;
-  const { actions = [], query: accessQuery } = await getAccess({ table: hookData?.table || params.table, id, user }) || {};
-
-  if (!actions.includes('get')) {
+  const {
+    actions = [], scope, my, query: access,
+  } = await getAccess({
+    table: hookData?.table || params.table,
+    id: hookData?.id || params?.id,
+    user,
+  }) || {};
+
+  if (!actions.includes('get') || (scope === 'my' && !my)) {
     return { message: 'access restricted', status: 403 };
   }
 
+  const loadTable = await getTemplate('table', hookData?.table || params.table);
+
+  if (!loadTable) { return { message: 'template not found', status: 404 }; }
+
   const {
-    table, columns, sql, cardSql, filters, form, meta, sqlColumns, public: ispublic,
+    table, columns, sql, cardSql, filters, form, meta, sqlColumns, ispublic,
   } = loadTable;
-
   const tableMeta = await getMeta(table);
   if (tableMeta?.view) {
     if (!loadTable?.key) return { message: `key not found: ${table}`, status: 404 };
@@ -87,59 +91,39 @@ export default async function dataAPI(req) {
   const queryPolyline = meta?.bbox && query?.polyline ? `ST_Contains(ST_MakePolygon(ST_LineFromEncodedPolyline('${query?.polyline}')),${meta.bbox})` : undefined;
   const bbox = meta?.bbox && queryBbox.filter((el) => !Number.isNaN(el))?.length === 4 ? `${meta.bbox} && 'box(${queryBbox[0]} ${queryBbox[1]},${queryBbox[2]} ${queryBbox[3]})'::box2d ` : undefined;
 
-  const where = [(hookData?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, search, accessQuery || '1=1', bbox, queryPolyline].filter((el) => el);
-
+  const where = [(hookData?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, search, access?.query || '1=1', bbox, queryPolyline].filter((el) => el);
   const cardColumns = cardSqlFiltered.length ? `,${cardSqlFiltered.map((el) => el.name)}` : '';
-  const q = `select  ${pk ? `"${pk}" as id,` : ''} 
-                     ${columnList.includes('geom') ? 'st_asgeojson(geom)::json as geom,' : ''} 
-                     ${query.id || query.key ? '*' : sqlColumns || cols || '*'} 
-                     ${metaCols} 
-                     ${cardColumns} 
-                     from ${table} t ${sqlTable} ${cardSqlTable} 
-                     where ${where.join(' and ') || 'true'} 
-                     ${order} ${offset}  limit ${limit}`
-    .replace(/{{uid}}/g, user.uid);
+  const q = `select  ${pk ? `"${pk}" as id,` : ''} ${columnList.includes('geom') ? 'st_asgeojson(geom)::json as geom,' : ''} ${query.id || query.key ? '*' : sqlColumns || cols || '*'} ${metaCols} ${cardColumns} from ${table} t ${sqlTable} ${cardSqlTable} where ${where.join(' and ') || 'true'} ${order} ${offset}  limit ${limit}`;
 
   if (query.sql === '1') { return q; }
 
   const { rows } = await pg.query(q, (hookData?.id || params.id ? [hookData?.id || params.id] : null) || (query.key && loadTable.key ? [query.key] : []));
 
-  const filterWhere = [fData.q, search, bbox, queryPolyline].filter((el) => el);
-
-  const qCount = `select 
-            count(*)::int as total,  
-            count(*) FILTER(WHERE ${filterWhere.filter(el => el).join(' and ') || 'true'})::int as filtered 
-            from ${table} t ${sqlTable} 
-            where ${[loadTable.query, accessQuery].filter(el => el).join(' and ') || 'true'} `
-    .replace(/{{uid}}/g, user.uid);
-
-  const { total, filtered } = keyQuery || hookData?.id || params.id ? rows.length
-    : await pg.queryCache(qCount).then((el) => el?.rows[0]);
+  const total = keyQuery || hookData?.id || params.id ? rows.length : await pg.queryCache(`select count(*) from ${table} t ${sqlTable} where ${where.join(' and ') || 'true'}`).then((el) => (el?.rows[0]?.count || 0) - 0);
 
   await metaFormat({ rows, table: params.table });
   const res = {
-    time: Date.now() - time, public: ispublic, card: loadTable.card, actions: loadTable.actions, total, filtered, count: rows.length, pk, form, rows, meta, columns, filters,
+    time: Date.now() - time, card: loadTable.card, actions: loadTable.actions, access, total, count: rows.length, pk, form, rows, meta, columns, filters,
   };
 
-  // console.log({ add: loadTable.table, form: loadTable.form });
-  if (user.uid && actions.includes('add')) {
+  if (!config?.security?.disableToken) {
     const addTokens = setToken({
-      ids: [JSON.stringify({ table: hookData?.table || params.table, form: loadTable.form })],
+      ids: [JSON.stringify({ add: loadTable.table, form: loadTable.form })],
       mode: 'a',
-      uid,
+      uid: config?.auth?.disable || ispublic ? '1' : uid,
       array: 1,
     });
     Object.assign(res, { addToken: addTokens[0] });
 
-    /* rows.forEach((row) => {
+    rows.forEach((row) => {
       const editTokens = setToken({
         ids: [JSON.stringify({ id: row.id, table: loadTable.table, form: loadTable.form })],
         mode: 'w',
-        uid: config?.auth?.disable ? '1' : uid,
+        uid: config?.auth?.disable || ispublic ? '1' : uid,
         array: 1,
       });
       Object.assign(row, { token: editTokens[0] });
-    }); */
+    });
   }
 
   const result = await applyHook('afterData', {

package/table/controllers/table.js

@@ -1,4 +1,3 @@
-import setToken from '../../crud/funcs/setToken.js';
 import getTemplate from './utils/getTemplate.js';
 import getMeta from '../../pg/funcs/getMeta.js';
 import applyHook from '../../hook/funcs/applyHook.js';
@@ -19,23 +18,27 @@ export default async function tableAPI(req) {
   if (!params?.id && !hookData?.id) {
     return { message: 'not enough params', status: 400 };
   }
-  const tableName = hookData?.table || params.table;
-  const loadTable = await getTemplate('table', tableName) || {};
-  if (!loadTable || (pg.pk?.[tableName])) {
-    return { message: 'not found', status: 404 };
+
+  const loadTable = await getTemplate('table', hookData?.table || params.table) || {};
+  if (!loadTable) {
+    if (!pg.pk?.[hookData?.table || params.table]) { return { message: 'not found', status: 404 }; }
   }
 
-  const { actions = [], query: accessQuery } = await getAccess({
+  const {
+    actions = [], scope, my,
+  } = await getAccess({
     table: hookData?.table || params.table,
     id: hookData?.id || params?.id,
     user,
   }) || {};
 
-  if (!actions.includes('edit')) {
+  if (!actions.includes('get') || (scope === 'my' && !my)) {
     return { message: 'access restricted', status: 403 };
   }
 
-  const { table, /* columns, */ form } = loadTable;
+  const {
+    table, /* columns, */ form,
+  } = loadTable;
 
   const { pk, columns: dbColumns = [] } = await getMeta(table || hookData?.table || params.table);
   if (!pk) return { message: `table not found: ${table}`, status: 404 };
@@ -51,33 +54,26 @@ export default async function tableAPI(req) {
   const cols = loadTable?.table
     ? Object.keys(schema || {}).filter((col) => columnList.includes(col) && !extraKeys.includes(col))?.map((col) => (col?.includes('geom') ? `st_asgeojson(${col})::json as "${col}"` : `"${col}"`))?.join(',')
     : fields.map((el) => (el?.name?.includes('geom') ? `st_asgeojson(${el.name})::json as "${el.name}"` : `"${el?.name}"`)).join(',');
-  const where = [`"${pk}" = $1`, loadTable.query, accessQuery].filter((el) => el);
+  const where = [`"${pk}" = $1`, loadTable.query].filter((el) => el);
   const geom = columnList.includes('geom') ? ',st_asgeojson(geom)::json as geom' : '';
   const q = `select "${pk}" as id, ${cols || '*'} ${geom} from ${table || hookData?.table || params.table} t where ${where.join(' and ') || 'true'} limit 1`;
 
   if (query?.sql === '1') return q;
 
-  const data = await pg.query(q, [hookData?.id || params.id]).then(el => el.rows[0]);
-  if (!data) return { message: 'not found', status: 404 };
+  const { rows } = await pg.query(q, [hookData?.id || params.id]);
 
   if (extraKeys?.length) {
-    await Promise.all(extraKeys?.map(async (key) => {
-      const { colModel, table: extraTable, parent_id: parentId } = schema[key];
-      const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [row.id]);
-      Object.assign(data, { [key]: extraRows });
+    await Promise.all(rows?.map(async (row) => {
+      await Promise.all(extraKeys?.map(async (key) => {
+        const { colModel, table: extraTable, parent_id: parentId } = schema[key];
+        const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [row.id]);
+        Object.assign(row, { [key]: extraRows });
+      }));
     }));
   }
-  if (user.uid) {
-    const [token] = setToken({
-      ids: [JSON.stringify({ id: params?.id, table: params.table || loadTable.table, form: loadTable.form })],
-      mode: 'w',
-      uid: user.uid,
-      array: 1,
-    });
-    data.token = token;
-  }
+
   const res = await applyHook('afterTable', {
-    table: loadTable?.table, payload: [data], user,
+    table: loadTable?.table, payload: rows, user,
   });
-  return res || data || {};
+  return res || rows?.[0] || {};
 }

package/table/index.js

@@ -12,9 +12,56 @@ import getSelect from './controllers/utils/getSelect.js';
 
 import loadTemplatePath from './controllers/utils/loadTemplatePath.js';
 
-import {
-  tableSchema, searchSchema, suggestSchema, formSchema, filterSchema,
-} from './schema.js';
+const tableSchema = {
+  querystring1: {
+    page: { type: 'string', pattern: '^(\\d+)$' },
+    order: { type: 'string', pattern: '^(\\d+)$' },
+    filter: { type: 'string', pattern: '^([\\w\\d_-]+)=([\\w\\d_-]+)$' },
+  },
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+const searchSchema = {
+  querystring: {
+    page: { type: 'string', pattern: '^(\\d+)$' },
+    limit: { type: 'string', pattern: '^(\\d+)$' },
+    order: { type: 'string', pattern: '^([\\w_.]+)$' },
+    desc: { type: 'string', pattern: '^(desc)|(asc)$' },
+    key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+    sql: { type: 'string', pattern: '^(\\d)$' },
+  },
+};
+
+const suggestSchema = {
+  querystring: {
+    lang: { type: 'string', pattern: '^([\\w.]+)$' },
+    // parent: { type: 'string', pattern: '^([\\w,./]+)$' },
+    sel: { type: 'string', pattern: '^([\\w,./]+)$' },
+    name: { type: 'string', pattern: '^([\\w,./]+)$' },
+    // key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
+    // val: { type: 'string', pattern: '^([\\w.,]+)$' },
+    sql: { type: 'string', pattern: '^(\\d)$' },
+  },
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+  },
+};
+
+const formSchema = {
+  params: {
+    form: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+const filterSchema = {
+  params: {
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
 
 async function plugin(fastify, config = {}) {
   const prefix = config.prefix || '/api';