@opengis/fastify-table 1.1.49 → 1.1.50

package/crud/funcs/setToken.js

@@ -1,53 +1,53 @@
-import { createHash, randomUUID } from 'crypto';
-
-import config from '../../config.js';
-import getRedis from '../../redis/funcs/getRedis.js';
-
-const generateCodes = (ids, userToken) => {
-  const token = userToken || randomUUID();
-  const notNullIds = ids.filter((el) => el);
-  const obj = {};
-  const codes = notNullIds.reduce((acc, id) => {
-    const newToken = createHash('sha1').update(token + id).digest('base64url').replace(/-/g, '');
-    acc[newToken] = id; obj[id] = newToken;
-    return acc;
-  }, {});
-  return { codes, obj };
-};
-
-function setToken({
-  ids: idsOrigin, mode = 'r', uid, referer, array,
-}) {
-  const rclient2 = getRedis({ db: 0 });
-  //  const rclient5 = getRedis({ db: 0, funcs });
-
-  if (!uid) return { user: 'empty' };
-  if (!Object.keys(idsOrigin).length) return { ids: 'empty' };
-
-  const ids = idsOrigin.map((el) => (typeof el === 'object' ? JSON.stringify(el) : el));
-  // update/delete
-
-  if (mode === 'r') return null;
-
-  // TODO generate salt
-  const { codes, obj } = generateCodes(ids, uid);
-
-  if (!Object.keys(codes).length) return { ids: 'empty' };
-
-  rclient2.hmset(`${config.pg.database}:token:${{
-    e: 'exec', r: 'view', w: 'edit', a: 'add',
-  }[mode]}:${uid}`, codes);
-
-  // log token for debug. add extra data - uid, mode, date
-  /* const dt = new Date().toISOString();
-   const codesLog = Object.keys(codes).reduce((acc, key) => {
-    acc[key] = `{"referer": "${referer}" ,"uid":"${uid}","mode":"${mode}","date":"${dt}",${codes[key].substr(1)}`;
-    return acc;
-  }, {});
-   rclient5.hmset(`${config.pg.database}:token:edit`, codesLog); // 'EX', 64800 */
-
-  // TODO дополнительно писать в hset token -> uid
-  return array ? Object.values(obj) : obj;
-}
-
-export default setToken;
+import { createHash, randomUUID } from 'crypto';
+
+import config from '../../config.js';
+import getRedis from '../../redis/funcs/getRedis.js';
+
+const generateCodes = (ids, userToken) => {
+  const token = userToken || randomUUID();
+  const notNullIds = ids.filter((el) => el);
+  const obj = {};
+  const codes = notNullIds.reduce((acc, id) => {
+    const newToken = createHash('sha1').update(token + id).digest('base64url').replace(/-/g, '');
+    acc[newToken] = id; obj[id] = newToken;
+    return acc;
+  }, {});
+  return { codes, obj };
+};
+
+function setToken({
+  ids: idsOrigin, mode = 'r', uid, array,
+}) {
+  const rclient2 = getRedis({ db: 0 });
+  //  const rclient5 = getRedis({ db: 0, funcs });
+
+  if (!uid) return { user: 'empty' };
+  if (!Object.keys(idsOrigin).length) return { ids: 'empty' };
+
+  const ids = idsOrigin.map((el) => (typeof el === 'object' ? JSON.stringify(el) : el));
+  // update/delete
+
+  if (mode === 'r') return null;
+
+  // TODO generate salt
+  const { codes, obj } = generateCodes(ids, uid);
+
+  if (!Object.keys(codes).length) return { ids: 'empty' };
+
+  rclient2.hmset(`${config.pg.database}:token:${{
+    e: 'exec', r: 'view', w: 'edit', a: 'add',
+  }[mode]}:${uid}`, codes);
+  // console.log(codes);
+  // log token for debug. add extra data - uid, mode, date
+  /* const dt = new Date().toISOString();
+   const codesLog = Object.keys(codes).reduce((acc, key) => {
+    acc[key] = `{"referer": "${referer}" ,"uid":"${uid}","mode":"${mode}","date":"${dt}",${codes[key].substr(1)}`;
+    return acc;
+  }, {});
+   rclient5.hmset(`${config.pg.database}:token:edit`, codesLog); // 'EX', 64800 */
+
+  // TODO дополнительно писать в hset token -> uid
+  return array ? Object.values(obj) : obj;
+}
+
+export default setToken;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.1.49",
+  "version": "1.1.50",
   "type": "module",
   "description": "core-plugins",
   "main": "index.js",
@@ -15,6 +15,7 @@
     "@fastify/sensible": "^5.0.0",
     "@fastify/url-data": "^5.4.0",
     "@opengis/fastify-hb": "^1.4.2",
+    "@opengis/fastify-table": "^1.1.47",
     "fastify": "^4.26.1",
     "fastify-plugin": "^4.0.0",
     "ioredis": "^5.3.2",
@@ -25,17 +26,17 @@
   },
   "devDependencies": {
     "@panzoom/panzoom": "^4.5.1",
+    "eslint": "^8.49.0",
+    "eslint-config-airbnb": "^19.0.4",
     "markdown-it-abbr": "^2.0.0",
-    "mermaid": "10.9.1",
+    "mermaid": "^10.9.3",
     "sass": "1.72.0",
     "vitepress": "^1.3.4",
     "vitepress-plugin-mermaid": "^2.0.16",
     "vitepress-plugin-tabs": "^0.5.0",
     "vitepress-sidebar": "^1.25.0",
-    "vue": "^3.4.27",
-    "eslint": "^8.49.0",
-    "eslint-config-airbnb": "^19.0.4"
+    "vue": "^3.4.27"
   },
   "author": "Softpro",
   "license": "ISC"
-}
+}

package/redis/funcs/getRedis.js

@@ -1,23 +1,23 @@
-import Redis from 'ioredis';
-import config from '../../config.js';
-import redisClients from './redisClients.js';
-
-function getRedis({ db } = { db: 0 }) {
-  if (!config.redis) return null;
-  if (redisClients[db]) return redisClients[db];
-
-  const redisConfig = {
-    db,
-    keyPrefix: `${config.db}:`,
-    host: config.redis?.host || '127.0.0.1',
-    port: config.redis?.port || 6379, // Redis port
-    family: 4, // 4 (IPv4) or 6 (IPv6)
-    closeClient: true,
-  };
-
-  redisClients[db] = new Redis(redisConfig);
-
-  return redisClients[db];
-}
-
-export default getRedis;
+import Redis from 'ioredis';
+import config from '../../config.js';
+import redisClients from './redisClients.js';
+
+function getRedis({ db } = { db: 0 }) {
+  if (!config.redis) return null;
+  if (redisClients[db]) return redisClients[db];
+
+  const redisConfig = {
+    db,
+    keyPrefix: `${config.db}:`,
+    host: config.redis?.host || '127.0.0.1',
+    port: config.redis?.port || 6379, // Redis port
+    family: 4, // 4 (IPv4) or 6 (IPv6)
+    closeClient: true,
+  };
+
+  redisClients[db] = new Redis(redisConfig);
+
+  return redisClients[db];
+}
+
+export default getRedis;

package/server/migrations/log.sql

@@ -1,81 +1,81 @@
-create schema if not exists log;
-
--- DROP TABLE IF EXISTS log.table_changes cascade;
-CREATE TABLE IF NOT EXISTS log.table_changes();
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_id text NOT NULL DEFAULT next_id();
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_type text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_date date;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_user_id text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_type text; -- table_name
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS uid text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_id text;
-ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
-
--- DROP TABLE IF EXISTS log.table_changes_data;
-CREATE TABLE IF NOT EXISTS log.table_changes_data();
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_data_id text NOT NULL DEFAULT next_id();
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_id text not null;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS entity_key text; -- column_name
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_old text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_new text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS uid text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_id text;
-ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
-
--- DROP TABLE IF EXISTS log.user_auth;
-CREATE TABLE IF NOT EXISTS log.user_auth();
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_auth_id text NOT NULL DEFAULT next_id();
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_id text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_date timestamp without time zone;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_type text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS uid text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_id text;
-ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
-
-COMMENT ON TABLE log.table_changes IS 'Логи подій змін в БД';
-COMMENT ON COLUMN log.table_changes.change_type IS 'Тип події (insert / update / delete)';
-COMMENT ON COLUMN log.table_changes.change_date IS 'Дата внесення змін до БД';
-COMMENT ON COLUMN log.table_changes.entity_type IS 'Таблиця, до якої вносяться зміни';
-COMMENT ON COLUMN log.table_changes.entity_id IS 'ID строки, до якої вносяться зміни';
-COMMENT ON COLUMN log.table_changes.change_user_id IS 'Ініціатор внесення змін';
-
-COMMENT ON TABLE log.table_changes_data IS 'Логи змін в таблицях БД';
-COMMENT ON COLUMN log.table_changes_data.change_id IS 'ID події зміни в БД';
-COMMENT ON COLUMN log.table_changes_data.entity_key IS 'Колонка таблиці, до якої вносяться зміни';
-COMMENT ON COLUMN log.table_changes_data.value_old IS 'Старе значення';
-COMMENT ON COLUMN log.table_changes_data.value_new IS 'Нове значення';
-
-COMMENT ON TABLE log.user_auth IS 'Логи авторизації';
-COMMENT ON COLUMN log.user_auth.user_id IS 'ID користувача';
-COMMENT ON COLUMN log.user_auth.auth_date IS 'Дата авторизації';
-COMMENT ON COLUMN log.user_auth.auth_type IS 'Тип авторизації';
-
-ALTER TABLE log.table_changes DROP CONSTRAINT IF EXISTS log_table_changes_pkey cascade;
-ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_pkey;
-ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_change_id_fkey;
-ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_pkey;
-ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_user_id_fkey;
-
-ALTER TABLE log.table_changes ADD CONSTRAINT log_table_changes_pkey PRIMARY KEY (change_id);
-ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_pkey PRIMARY KEY (change_data_id);
-ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_change_id_fkey FOREIGN KEY (change_id)
-REFERENCES log.table_changes (change_id);
-ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_pkey PRIMARY KEY (user_auth_id);
--- ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_user_id_fkey FOREIGN KEY (user_id) REFERENCES admin.users (uid) MATCH SIMPLE;
-
-/* drop old columns */
-alter table log.table_changes drop column if exists date_new;
-alter table log.table_changes drop column if exists date_old;
-alter table log.table_changes drop column if exists number_new;
-alter table log.table_changes drop column if exists number_old;
-alter table log.table_changes drop column if exists json_new;
-alter table log.table_changes drop column if exists json_old;
-alter table log.table_changes drop column if exists text_new;
-alter table log.table_changes drop column if exists text_old;
-alter table log.table_changes drop column if exists bool_new;
-alter table log.table_changes drop column if exists bool_old;
+create schema if not exists log;
+
+-- DROP TABLE IF EXISTS log.table_changes cascade;
+CREATE TABLE IF NOT EXISTS log.table_changes();
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_id text NOT NULL DEFAULT next_id();
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_type text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_date date;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS change_user_id text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_type text; -- table_name
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS entity_id text; -- object_id
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS uid text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE log.table_changes ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+
+-- DROP TABLE IF EXISTS log.table_changes_data;
+CREATE TABLE IF NOT EXISTS log.table_changes_data();
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_data_id text NOT NULL DEFAULT next_id();
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS change_id text not null;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS entity_key text; -- column_name
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_old text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS value_new text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS uid text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE log.table_changes_data ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+
+-- DROP TABLE IF EXISTS log.user_auth;
+CREATE TABLE IF NOT EXISTS log.user_auth();
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_auth_id text NOT NULL DEFAULT next_id();
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS user_id text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_date timestamp without time zone;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS auth_type text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS uid text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS cdate timestamp without time zone DEFAULT (now())::timestamp without time zone;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_id text;
+ALTER TABLE log.user_auth ADD COLUMN IF NOT EXISTS editor_date timestamp without time zone;
+
+COMMENT ON TABLE log.table_changes IS 'Логи подій змін в БД';
+COMMENT ON COLUMN log.table_changes.change_type IS 'Тип події (insert / update / delete)';
+COMMENT ON COLUMN log.table_changes.change_date IS 'Дата внесення змін до БД';
+COMMENT ON COLUMN log.table_changes.entity_type IS 'Таблиця, до якої вносяться зміни';
+COMMENT ON COLUMN log.table_changes.entity_id IS 'ID строки, до якої вносяться зміни';
+COMMENT ON COLUMN log.table_changes.change_user_id IS 'Ініціатор внесення змін';
+
+COMMENT ON TABLE log.table_changes_data IS 'Логи змін в таблицях БД';
+COMMENT ON COLUMN log.table_changes_data.change_id IS 'ID події зміни в БД';
+COMMENT ON COLUMN log.table_changes_data.entity_key IS 'Колонка таблиці, до якої вносяться зміни';
+COMMENT ON COLUMN log.table_changes_data.value_old IS 'Старе значення';
+COMMENT ON COLUMN log.table_changes_data.value_new IS 'Нове значення';
+
+COMMENT ON TABLE log.user_auth IS 'Логи авторизації';
+COMMENT ON COLUMN log.user_auth.user_id IS 'ID користувача';
+COMMENT ON COLUMN log.user_auth.auth_date IS 'Дата авторизації';
+COMMENT ON COLUMN log.user_auth.auth_type IS 'Тип авторизації';
+
+ALTER TABLE log.table_changes DROP CONSTRAINT IF EXISTS log_table_changes_pkey cascade;
+ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_pkey;
+ALTER TABLE log.table_changes_data DROP CONSTRAINT IF EXISTS log_table_changes_data_change_id_fkey;
+ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_pkey;
+ALTER TABLE log.user_auth DROP CONSTRAINT IF EXISTS log_user_auth_user_id_fkey;
+
+ALTER TABLE log.table_changes ADD CONSTRAINT log_table_changes_pkey PRIMARY KEY (change_id);
+ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_pkey PRIMARY KEY (change_data_id);
+ALTER TABLE log.table_changes_data ADD CONSTRAINT log_table_changes_data_change_id_fkey FOREIGN KEY (change_id)
+REFERENCES log.table_changes (change_id);
+ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_pkey PRIMARY KEY (user_auth_id);
+-- ALTER TABLE log.user_auth ADD CONSTRAINT log_user_auth_user_id_fkey FOREIGN KEY (user_id) REFERENCES admin.users (uid) MATCH SIMPLE;
+
+/* drop old columns */
+alter table log.table_changes drop column if exists date_new;
+alter table log.table_changes drop column if exists date_old;
+alter table log.table_changes drop column if exists number_new;
+alter table log.table_changes drop column if exists number_old;
+alter table log.table_changes drop column if exists json_new;
+alter table log.table_changes drop column if exists json_old;
+alter table log.table_changes drop column if exists text_new;
+alter table log.table_changes drop column if exists text_old;
+alter table log.table_changes drop column if exists bool_new;
+alter table log.table_changes drop column if exists bool_old;
 alter table log.table_changes drop column if exists table_change_id;

package/table/controllers/data.js

@@ -6,13 +6,14 @@ import getAccess from '../../crud/funcs/getAccess.js';
 import setToken from '../../crud/funcs/setToken.js';
 import gisIRColumn from './utils/gisIRColumn.js';
 import applyHook from '../../hook/funcs/applyHook.js';
-import config from '../../config.js';
+// import config from '../../config.js';
 
 const maxLimit = 100;
 export default async function dataAPI(req) {
   const {
     pg, params, query = {}, user,
   } = req;
+
   const time = Date.now();
 
   const uid = user?.uid || query.uid || 0;
@@ -24,25 +25,20 @@ export default async function dataAPI(req) {
     return { message: hookData?.message, status: hookData?.status };
   }
 
-  const {
-    actions = [], scope, my, query: access,
-  } = await getAccess({
-    table: hookData?.table || params.table,
-    id: hookData?.id || params?.id,
-    user,
-  }) || {};
-
-  if (!actions.includes('get') || (scope === 'my' && !my)) {
-    return { message: 'access restricted', status: 403 };
-  }
-
   const loadTable = await getTemplate('table', hookData?.table || params.table);
-
   if (!loadTable) { return { message: 'template not found', status: 404 }; }
 
+  const id = hookData?.id || params?.id;
+  const { actions = [], query: accessQuery } = await getAccess({ table: hookData?.table || params.table, id, user }) || {};
+
+  if (!actions.includes('get')) {
+    return { message: 'access restricted', status: 403 };
+  }
+
   const {
-    table, columns, sql, cardSql, filters, form, meta, sqlColumns, ispublic,
+    table, columns = [], sql, cardSql, filters, form, meta, sqlColumns, public: ispublic,
   } = loadTable;
+
   const tableMeta = await getMeta(table);
   if (tableMeta?.view) {
     if (!loadTable?.key) return { message: `key not found: ${table}`, status: 404 };
@@ -91,39 +87,59 @@ export default async function dataAPI(req) {
   const queryPolyline = meta?.bbox && query?.polyline ? `ST_Contains(ST_MakePolygon(ST_LineFromEncodedPolyline('${query?.polyline}')),${meta.bbox})` : undefined;
   const bbox = meta?.bbox && queryBbox.filter((el) => !Number.isNaN(el))?.length === 4 ? `${meta.bbox} && 'box(${queryBbox[0]} ${queryBbox[1]},${queryBbox[2]} ${queryBbox[3]})'::box2d ` : undefined;
 
-  const where = [(hookData?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, search, access?.query || '1=1', bbox, queryPolyline].filter((el) => el);
+  const where = [(hookData?.id || params.id ? ` "${pk}" = $1` : null), keyQuery, loadTable.query, fData.q, search, accessQuery || '1=1', bbox, queryPolyline].filter((el) => el);
+
   const cardColumns = cardSqlFiltered.length ? `,${cardSqlFiltered.map((el) => el.name)}` : '';
-  const q = `select  ${pk ? `"${pk}" as id,` : ''} ${columnList.includes('geom') ? 'st_asgeojson(geom)::json as geom,' : ''} ${query.id || query.key ? '*' : sqlColumns || cols || '*'} ${metaCols} ${cardColumns} from ${table} t ${sqlTable} ${cardSqlTable} where ${where.join(' and ') || 'true'} ${order} ${offset}  limit ${limit}`;
+  const q = `select  ${pk ? `"${pk}" as id,` : ''} 
+                     ${columnList.includes('geom') ? 'st_asgeojson(geom)::json as geom,' : ''} 
+                     ${query.id || query.key ? '*' : sqlColumns || cols || '*'} 
+                     ${metaCols} 
+                     ${cardColumns} 
+                     from ${table} t ${sqlTable} ${cardSqlTable} 
+                     where ${where.join(' and ') || 'true'} 
+                     ${order} ${offset}  limit ${limit}`
+    .replace(/{{uid}}/g, user.uid);
 
   if (query.sql === '1') { return q; }
 
   const { rows } = await pg.query(q, (hookData?.id || params.id ? [hookData?.id || params.id] : null) || (query.key && loadTable.key ? [query.key] : []));
 
-  const total = keyQuery || hookData?.id || params.id ? rows.length : await pg.queryCache(`select count(*) from ${table} t ${sqlTable} where ${where.join(' and ') || 'true'}`).then((el) => (el?.rows[0]?.count || 0) - 0);
+  const filterWhere = [fData.q, search, bbox, queryPolyline].filter((el) => el);
+
+  const qCount = `select 
+            count(*)::int as total,  
+            count(*) FILTER(WHERE ${filterWhere.filter(el => el).join(' and ') || 'true'})::int as filtered 
+            from ${table} t ${sqlTable} 
+            where ${[loadTable.query, accessQuery].filter(el => el).join(' and ') || 'true'} `
+    .replace(/{{uid}}/g, user.uid);
+
+  const { total, filtered } = keyQuery || hookData?.id || params.id ? rows.length
+    : await pg.queryCache(qCount).then((el) => el?.rows[0]);
 
   await metaFormat({ rows, table: params.table });
   const res = {
-    time: Date.now() - time, card: loadTable.card, actions: loadTable.actions, access, total, count: rows.length, pk, form, rows, meta, columns, filters,
+    time: Date.now() - time, public: ispublic, card: loadTable.card, actions: loadTable.actions, total, filtered, count: rows.length, pk, form, rows, meta, columns, filters,
   };
 
-  if (!config?.security?.disableToken) {
+  // console.log({ add: loadTable.table, form: loadTable.form });
+  if (user.uid && actions.includes('add')) {
     const addTokens = setToken({
-      ids: [JSON.stringify({ add: loadTable.table, form: loadTable.form })],
+      ids: [JSON.stringify({ table: hookData?.table || params.table, form: loadTable.form })],
       mode: 'a',
-      uid: config?.auth?.disable || ispublic ? '1' : uid,
+      uid,
       array: 1,
     });
     Object.assign(res, { addToken: addTokens[0] });
 
-    rows.forEach((row) => {
+    /* rows.forEach((row) => {
       const editTokens = setToken({
         ids: [JSON.stringify({ id: row.id, table: loadTable.table, form: loadTable.form })],
         mode: 'w',
-        uid: config?.auth?.disable || ispublic ? '1' : uid,
+        uid: config?.auth?.disable ? '1' : uid,
         array: 1,
       });
       Object.assign(row, { token: editTokens[0] });
-    });
+    }); */
   }
 
   const result = await applyHook('afterData', {

package/table/controllers/table.js

@@ -1,3 +1,4 @@
+import setToken from '../../crud/funcs/setToken.js';
 import getTemplate from './utils/getTemplate.js';
 import getMeta from '../../pg/funcs/getMeta.js';
 import applyHook from '../../hook/funcs/applyHook.js';
@@ -18,27 +19,23 @@ export default async function tableAPI(req) {
   if (!params?.id && !hookData?.id) {
     return { message: 'not enough params', status: 400 };
   }
-
-  const loadTable = await getTemplate('table', hookData?.table || params.table) || {};
-  if (!loadTable) {
-    if (!pg.pk?.[hookData?.table || params.table]) { return { message: 'not found', status: 404 }; }
+  const tableName = hookData?.table || params.table;
+  const loadTable = await getTemplate('table', tableName) || {};
+  if (!loadTable || (pg.pk?.[tableName])) {
+    return { message: 'not found', status: 404 };
   }
 
-  const {
-    actions = [], scope, my,
-  } = await getAccess({
+  const { actions = [], query: accessQuery } = await getAccess({
     table: hookData?.table || params.table,
     id: hookData?.id || params?.id,
     user,
   }) || {};
 
-  if (!actions.includes('get') || (scope === 'my' && !my)) {
+  if (!actions.includes('edit')) {
     return { message: 'access restricted', status: 403 };
   }
 
-  const {
-    table, /* columns, */ form,
-  } = loadTable;
+  const { table, /* columns, */ form } = loadTable;
 
   const { pk, columns: dbColumns = [] } = await getMeta(table || hookData?.table || params.table);
   if (!pk) return { message: `table not found: ${table}`, status: 404 };
@@ -54,26 +51,33 @@ export default async function tableAPI(req) {
   const cols = loadTable?.table
     ? Object.keys(schema || {}).filter((col) => columnList.includes(col) && !extraKeys.includes(col))?.map((col) => (col?.includes('geom') ? `st_asgeojson(${col})::json as "${col}"` : `"${col}"`))?.join(',')
     : fields.map((el) => (el?.name?.includes('geom') ? `st_asgeojson(${el.name})::json as "${el.name}"` : `"${el?.name}"`)).join(',');
-  const where = [`"${pk}" = $1`, loadTable.query].filter((el) => el);
+  const where = [`"${pk}" = $1`, loadTable.query, accessQuery].filter((el) => el);
   const geom = columnList.includes('geom') ? ',st_asgeojson(geom)::json as geom' : '';
   const q = `select "${pk}" as id, ${cols || '*'} ${geom} from ${table || hookData?.table || params.table} t where ${where.join(' and ') || 'true'} limit 1`;
 
   if (query?.sql === '1') return q;
 
-  const { rows } = await pg.query(q, [hookData?.id || params.id]);
+  const data = await pg.query(q, [hookData?.id || params.id]).then(el => el.rows[0]);
+  if (!data) return { message: 'not found', status: 404 };
 
   if (extraKeys?.length) {
-    await Promise.all(rows?.map(async (row) => {
-      await Promise.all(extraKeys?.map(async (key) => {
-        const { colModel, table: extraTable, parent_id: parentId } = schema[key];
-        const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [row.id]);
-        Object.assign(row, { [key]: extraRows });
-      }));
+    await Promise.all(extraKeys?.map(async (key) => {
+      const { colModel, table: extraTable, parent_id: parentId } = schema[key];
+      const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [row.id]);
+      Object.assign(data, { [key]: extraRows });
     }));
   }
-
+  if (user.uid) {
+    const [token] = setToken({
+      ids: [JSON.stringify({ id: params?.id, table: params.table || loadTable.table, form: loadTable.form })],
+      mode: 'w',
+      uid: user.uid,
+      array: 1,
+    });
+    data.token = token;
+  }
   const res = await applyHook('afterTable', {
-    table: loadTable?.table, payload: rows, user,
+    table: loadTable?.table, payload: [data], user,
   });
-  return res || rows?.[0] || {};
+  return res || data || {};
 }

package/table/index.js

@@ -12,56 +12,9 @@ import getSelect from './controllers/utils/getSelect.js';
 
 import loadTemplatePath from './controllers/utils/loadTemplatePath.js';
 
-const tableSchema = {
-  querystring1: {
-    page: { type: 'string', pattern: '^(\\d+)$' },
-    order: { type: 'string', pattern: '^(\\d+)$' },
-    filter: { type: 'string', pattern: '^([\\w\\d_-]+)=([\\w\\d_-]+)$' },
-  },
-  params: {
-    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
-
-const searchSchema = {
-  querystring: {
-    page: { type: 'string', pattern: '^(\\d+)$' },
-    limit: { type: 'string', pattern: '^(\\d+)$' },
-    order: { type: 'string', pattern: '^([\\w_.]+)$' },
-    desc: { type: 'string', pattern: '^(desc)|(asc)$' },
-    key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-    sql: { type: 'string', pattern: '^(\\d)$' },
-  },
-};
-
-const suggestSchema = {
-  querystring: {
-    lang: { type: 'string', pattern: '^([\\w.]+)$' },
-    // parent: { type: 'string', pattern: '^([\\w,./]+)$' },
-    sel: { type: 'string', pattern: '^([\\w,./]+)$' },
-    name: { type: 'string', pattern: '^([\\w,./]+)$' },
-    // key: { type: 'string', pattern: '^([\\w\\d_]+)$' },
-    // val: { type: 'string', pattern: '^([\\w.,]+)$' },
-    sql: { type: 'string', pattern: '^(\\d)$' },
-  },
-  params: {
-    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
-  },
-};
-
-const formSchema = {
-  params: {
-    form: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
-
-const filterSchema = {
-  params: {
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
+import {
+  tableSchema, searchSchema, suggestSchema, formSchema, filterSchema,
+} from './schema.js';
 
 async function plugin(fastify, config = {}) {
   const prefix = config.prefix || '/api';