@opengis/fastify-table 1.1.51 → 1.1.52

package/crud/controllers/update.js

@@ -1,76 +1,76 @@
-import {
-  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken,
-} from '../../utils.js';
-import config from '../../config.js';
-
-export default async function update(req) {
-  const { user, params = {}, body = {} } = req;
-  const hookData = await applyHook('preUpdate', {
-    table: params?.table, id: params?.id, user,
-  });
-
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-  const tokenData = await getToken({
-    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
-  });
-
-  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
-
-  const { actions = [] } = await getAccess({ table: edit, id, user }) || {};
-
-  if (!actions.includes('edit')) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  if (!edit) {
-    return { message: 'table is required', status: 400 };
-  }
-
-  if (!id) {
-    return { message: 'id is required', status: 404 };
-  }
-
-  const loadTemplate = await getTemplate('table', edit);
-  const { table } = loadTemplate || hookData || params || {};
-
-  const uid = user?.uid;
-
-  const formData = form || loadTemplate?.form ? await getTemplate('form', form || loadTemplate?.form) : {};
-
-  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    logger.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataUpdate({
-    table: loadTemplate?.table || table, id, data: body, uid,
-  });
-
-  // admin.custom_column
-  await applyHook('afterUpdate', {
-    table: params?.table, body, payload: res, user,
-  });
-
-  // form DataTable
-  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
-  if (extraKeys?.length) {
-    res.extra = {};
-    await Promise.all(extraKeys?.map(async (key) => {
-      const objId = body[formData[key].parent_id] || body?.id;
-      // delete old extra data
-      await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [objId]); // rewrite?
-      // insert new extra data
-      const extraRows = await Promise.all(body[key].map(async (row) => {
-        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid });
-        return extraRes?.rows?.[0];
-      }));
-      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
-    }));
-  }
-
-  return res;
-}
+import {
+  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken,
+} from '../../utils.js';
+import config from '../../config.js';
+
+export default async function update(req) {
+  const { user, params = {}, body = {} } = req;
+  const hookData = await applyHook('preUpdate', {
+    table: params?.table, id: params?.id, user,
+  });
+
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+  const tokenData = await getToken({
+    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
+  });
+
+  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
+
+  const { actions = [] } = await getAccess({ table: edit, id, user }) || {};
+
+  if (!actions.includes('edit')) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (!edit) {
+    return { message: 'table is required', status: 400 };
+  }
+
+  if (!id) {
+    return { message: 'id is required', status: 404 };
+  }
+
+  const loadTemplate = await getTemplate('table', edit);
+  const { table } = loadTemplate || hookData || params || {};
+
+  const uid = user?.uid;
+
+  const formData = form || loadTemplate?.form ? await getTemplate('form', form || loadTemplate?.form) : {};
+
+  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    logger.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataUpdate({
+    table: loadTemplate?.table || table, id, data: body, uid,
+  });
+
+  // admin.custom_column
+  await applyHook('afterUpdate', {
+    table: params?.table, body, payload: res, user,
+  });
+
+  // form DataTable
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
+  if (extraKeys?.length) {
+    res.extra = {};
+    await Promise.all(extraKeys?.map(async (key) => {
+      const objId = body[formData[key].parent_id] || body?.id;
+      // delete old extra data
+      await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [objId]); // rewrite?
+      // insert new extra data
+      const extraRows = await Promise.all(body[key].map(async (row) => {
+        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid });
+        return extraRes?.rows?.[0];
+      }));
+      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
+    }));
+  }
+
+  return res;
+}

package/crud/controllers/utils/xssInjection.js

@@ -1,72 +1,72 @@
-const xssInjection = [
-  'onkeypress=',
-  'onkeyup=',
-  'ondblclick=',
-  'onerror=',
-  'onmouseover=',
-  '<meta',
-  '<script',
-  'vascript:',
-  'onkeydown=',
-  'onmousedown=',
-  'onmouseenter=',
-  'onmouseleave=',
-  'onmousemove=',
-  'onmouseout=',
-  'onmouseup=',
-  'onmousewheel=',
-  'onpaste=',
-  'onscroll=',
-  'onwheel=',
-  'javascript:',
-  '\\x',
-  'eval(',
-  'onmouseover=',
-  'action=',
-  'xlink:',
-  'allowscriptaccess',
-  'href=',
-  'behavior:',
-  'onreadystatechange=',
-  'onstart=',
-  'offline=',
-  'onabort=',
-  'onafterprint=',
-  'onbeforeonload=',
-  'onbeforeprint=',
-  'onblur=',
-  'oncanplay=',
-  'oncanplaythrough=',
-  'onchange=',
-  'onclick=',
-  'oncontextmenu=',
-  'ondblclick=',
-  'ondrag=',
-  'ondragend=',
-  'ondragenter=',
-  'ondragleave=',
-  'ondragover=',
-  'ondragstart=',
-  'ondrop=',
-  'ondurationchange=',
-  'onemptied=',
-  'onended=',
-  'onerror=',
-  'onfocus=',
-  'onformchange=',
-  'onforminput=',
-  'onhaschange=',
-  'oninput=',
-  'oninvalid=',
-  'onkeydown=',
-  'onkeypress=',
-  'onkeyup=',
-  'onload=',
-  'onloadeddata=',
-  'onloadedmetadata=',
-  'onloadstart=',
-  'alert(',
-  'script:',
-];
-
-export default xssInjection;
+const xssInjection = [
+  'onkeypress=',
+  'onkeyup=',
+  'ondblclick=',
+  'onerror=',
+  'onmouseover=',
+  '<meta',
+  '<script',
+  'vascript:',
+  'onkeydown=',
+  'onmousedown=',
+  'onmouseenter=',
+  'onmouseleave=',
+  'onmousemove=',
+  'onmouseout=',
+  'onmouseup=',
+  'onmousewheel=',
+  'onpaste=',
+  'onscroll=',
+  'onwheel=',
+  'javascript:',
+  '\\x',
+  'eval(',
+  'onmouseover=',
+  'action=',
+  'xlink:',
+  'allowscriptaccess',
+  'href=',
+  'behavior:',
+  'onreadystatechange=',
+  'onstart=',
+  'offline=',
+  'onabort=',
+  'onafterprint=',
+  'onbeforeonload=',
+  'onbeforeprint=',
+  'onblur=',
+  'oncanplay=',
+  'oncanplaythrough=',
+  'onchange=',
+  'onclick=',
+  'oncontextmenu=',
+  'ondblclick=',
+  'ondrag=',
+  'ondragend=',
+  'ondragenter=',
+  'ondragleave=',
+  'ondragover=',
+  'ondragstart=',
+  'ondrop=',
+  'ondurationchange=',
+  'onemptied=',
+  'onended=',
+  'onerror=',
+  'onfocus=',
+  'onformchange=',
+  'onforminput=',
+  'onhaschange=',
+  'oninput=',
+  'oninvalid=',
+  'onkeydown=',
+  'onkeypress=',
+  'onkeyup=',
+  'onload=',
+  'onloadeddata=',
+  'onloadedmetadata=',
+  'onloadstart=',
+  'alert(',
+  'script:',
+];
+
+export default xssInjection;

package/crud/funcs/dataDelete.js

@@ -1,19 +1,19 @@
-import getPG from '../../pg/funcs/getPG.js';
-
-import getMeta from '../../pg/funcs/getMeta.js';
-import logChanges from './utils/logChanges.js';
-
-export default async function dataDelete({
-  table, id, pg: pg1, uid,
-}) {
-  const pg = pg1 || getPG({ name: 'client' });
-  const { pk } = await getMeta(table);
-  if (!pg.tlist?.includes(table)) return 'table not exist';
-  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
-  //  console.log(updateDataset);
-  const res = await pg.one(delQuery, [id]) || {};
-  await logChanges({
-    pg, table, id, uid, type: 'DELETE',
-  });
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+
+import getMeta from '../../pg/funcs/getMeta.js';
+import logChanges from './utils/logChanges.js';
+
+export default async function dataDelete({
+  table, id, pg: pg1, uid,
+}) {
+  const pg = pg1 || getPG({ name: 'client' });
+  const { pk } = await getMeta(table);
+  if (!pg.tlist?.includes(table)) return 'table not exist';
+  const delQuery = `delete from ${table} WHERE ${pk} = $1 returning *`;
+  //  console.log(updateDataset);
+  const res = await pg.one(delQuery, [id]) || {};
+  await logChanges({
+    pg, table, id, uid, type: 'DELETE',
+  });
+  return res;
+}

package/crud/funcs/dataInsert.js

@@ -1,30 +1,30 @@
-import getPG from '../../pg/funcs/getPG.js';
-import getMeta from '../../pg/funcs/getMeta.js';
-import logChanges from './utils/logChanges.js';
-
-export default async function dataInsert({
-  table, data, pg: pg1, uid,
-}) {
-  const pg = pg1 || getPG({ name: 'client' });
-  if (!data) return null;
-  const { columns } = await getMeta(table);
-  if (!columns) return null;
-
-  const names = columns.map((el) => el.name);
-  const filterData = Object.keys(data)
-    .filter((el) => data[el] && names.includes(el)).map((el) => [el, data[el]]);
-
-  const insertQuery = `insert into ${table}
-
-    ( ${filterData?.map((key) => `"${key[0]}"`).join(',')}) 
-
-    values  (${filterData?.map((key, i) => (key[0] === 'geom' ? `st_setsrid(st_geomfromgeojson($${i + 1}::json),4326)` : `$${i + 1}`)).join(',')}) 
-    
-    returning *`;
-
-  const res = await pg.query(insertQuery, [...filterData.map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]))]) || {};
-  await logChanges({
-    pg, table, data, id: res.rows?.[0]?.[pg.pk[table]], uid, type: 'INSERT',
-  });
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+import getMeta from '../../pg/funcs/getMeta.js';
+import logChanges from './utils/logChanges.js';
+
+export default async function dataInsert({
+  table, data, pg: pg1, uid,
+}) {
+  const pg = pg1 || getPG({ name: 'client' });
+  if (!data) return null;
+  const { columns } = await getMeta(table);
+  if (!columns) return null;
+
+  const names = columns.map((el) => el.name);
+  const filterData = Object.keys(data)
+    .filter((el) => data[el] && names.includes(el)).map((el) => [el, data[el]]);
+
+  const insertQuery = `insert into ${table}
+
+    ( ${filterData?.map((key) => `"${key[0]}"`).join(',')}) 
+
+    values  (${filterData?.map((key, i) => (key[0] === 'geom' ? `st_setsrid(st_geomfromgeojson($${i + 1}::json),4326)` : `$${i + 1}`)).join(',')}) 
+    
+    returning *`;
+
+  const res = await pg.query(insertQuery, [...filterData.map((el) => (typeof el[1] === 'object' && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]))]) || {};
+  await logChanges({
+    pg, table, data, id: res.rows?.[0]?.[pg.pk[table]], uid, type: 'INSERT',
+  });
+  return res;
+}

package/crud/funcs/dataUpdate.js

@@ -1,48 +1,48 @@
-import getPG from '../../pg/funcs/getPG.js';
-
-import getMeta from '../../pg/funcs/getMeta.js';
-import logChanges from './utils/logChanges.js';
-
-const srids = {};
-
-export default async function dataUpdate({
-  table, id, data, pg: pg1, uid,
-}) {
-  if (!data || !table || !id) return null;
-
-  const pg = pg1 || getPG({ name: 'client' });
-  const { columns, pk } = await getMeta(table);
-
-  const names = columns?.map((el) => el.name);
-  Object.assign(data, { editor_id: uid });
-  const filterData = Object.keys(data)
-    .filter((el) => (/* typeof data[el] === 'boolean' ? true : data[el] &&  */ names?.includes(el) && el !== 'editor_date'));
-
-  const editorDate = names?.includes('editor_date') ? 'editor_date=now(),' : '';
-
-  const filterValue = filterData.map((el) => [el, data[el]]).map((el) => (typeof el[1] === 'object' && el[1] && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]));
-
-  // update geometry with srid
-  if (!srids[table]) {
-    const { srids1 } = await pg.query(`select json_object_agg(_table,rel) as srids1 from (
-      select  f_table_schema||'.'||f_table_name as _table, 
-        json_object_agg(f_geometry_column, case when srid = 0 then 4326 else srid end) as rel 
-      from geometry_columns group by f_table_schema||'.'||f_table_name
-      )q`).then((res1) => res1.rows?.[0] || {});
-    Object.assign(srids, srids1);
-  }
-
-  const updateQuery = `UPDATE ${table} SET ${editorDate} ${filterData
-    ?.map((key, i) => (key?.includes('geom') && key !== 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),${srids[table]?.[key] || 4326})` : undefined)
-      || (key === 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),4326)` : `"${key}"=$${i + 2}`))
-    .join(',')} 
-      WHERE ${pk} = $1 returning *`;
-  // console.log(updateQuery, filterValue);
-  const res = await pg.query(updateQuery, [id, ...filterValue]).then(el => el?.rows?.[0]) || {};
-
-  await logChanges({
-    pg, table, data, id, uid, type: 'UPDATE',
-  });
-
-  return res;
-}
+import getPG from '../../pg/funcs/getPG.js';
+
+import getMeta from '../../pg/funcs/getMeta.js';
+import logChanges from './utils/logChanges.js';
+
+const srids = {};
+
+export default async function dataUpdate({
+  table, id, data, pg: pg1, uid,
+}) {
+  if (!data || !table || !id) return null;
+
+  const pg = pg1 || getPG({ name: 'client' });
+  const { columns, pk } = await getMeta(table);
+
+  const names = columns?.map((el) => el.name);
+  Object.assign(data, { editor_id: uid });
+  const filterData = Object.keys(data)
+    .filter((el) => (/* typeof data[el] === 'boolean' ? true : data[el] &&  */ names?.includes(el) && el !== 'editor_date'));
+
+  const editorDate = names?.includes('editor_date') ? 'editor_date=now(),' : '';
+
+  const filterValue = filterData.map((el) => [el, data[el]]).map((el) => (typeof el[1] === 'object' && el[1] && (!Array.isArray(el[1]) || typeof el[1]?.[0] === 'object') ? JSON.stringify(el[1]) : el[1]));
+
+  // update geometry with srid
+  if (!srids[table]) {
+    const { srids1 } = await pg.query(`select json_object_agg(_table,rel) as srids1 from (
+      select  f_table_schema||'.'||f_table_name as _table, 
+        json_object_agg(f_geometry_column, case when srid = 0 then 4326 else srid end) as rel 
+      from geometry_columns group by f_table_schema||'.'||f_table_name
+      )q`).then((res1) => res1.rows?.[0] || {});
+    Object.assign(srids, srids1);
+  }
+
+  const updateQuery = `UPDATE ${table} SET ${editorDate} ${filterData
+    ?.map((key, i) => (key?.includes('geom') && key !== 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),${srids[table]?.[key] || 4326})` : undefined)
+      || (key === 'geom' ? `"${key}"=st_setsrid(st_geomfromgeojson($${i + 2}::json),4326)` : `"${key}"=$${i + 2}`))
+    .join(',')} 
+      WHERE ${pk} = $1 returning *`;
+  // console.log(updateQuery, filterValue);
+  const res = await pg.query(updateQuery, [id, ...filterValue]).then(el => el?.rows?.[0]) || {};
+
+  await logChanges({
+    pg, table, data, id, uid, type: 'UPDATE',
+  });
+
+  return res;
+}

package/crud/funcs/getAccess.js

@@ -1,46 +1,46 @@
-// import getMeta from '../../pg/funcs/getMeta.js';
-import getTemplate from '../../table/controllers/utils/getTemplate.js';
-import config from '../../config.js';
-import pgClients from '../../pg/pgClients.js';
-import applyHook from '../../hook/funcs/applyHook.js';
-
-const q = `select a.route_id as id, coalesce(b.actions,array['get']) as actions, b.scope 
-from admin.routes a 
-left join admin.access b on 
-  a.route_id=b.route_id
-left join admin.roles c on 
-  b.role_id=c.role_id 
-  and c.enabled
-left join admin.user_roles d on 
-  c.role_id=d.role_id 
-  and ( case when 
-            d.expiration is not null 
-            then d.expiration > CURRENT_DATE 
-            else 1=1 
-        end )
-where $1 in (a.route_id, a.alias) and $2 in (b.user_uid, d.user_uid)`;
-
-export default async function getAccess({ table, user = {} }) {
-  if (!table) return null;
-
-  const hookData = await applyHook('getAccess', { table, user });
-  if (hookData) return hookData;
-
-  const { uid } = user;
-  const body = await getTemplate('table', table) || {};
-
-  // console.log(user?.type);
-  if (body.access === 'admin' && user?.type !== 'admin') return null;
-
-  if (config.auth?.disable || user?.type === 'admin' || body?.public || body.access === 'public' || (body.access === 'user' && user.uid)) {
-    return { actions: ['get'].concat(user.uid ? body.actions || body.action_default || [] : []), query: '1=1' };
-  }
-
-  if (!uid || !body?.table) return null;
-
-  const { scope, actions = [] } = await pgClients.client.query(q, [table, uid]).then((res) => res.rows?.[0] || {});
-
-  return {
-    scope, actions, query: scope === 'my' ? `uid='${uid}` : null,
-  };
-}
+// import getMeta from '../../pg/funcs/getMeta.js';
+import getTemplate from '../../table/controllers/utils/getTemplate.js';
+import config from '../../config.js';
+import pgClients from '../../pg/pgClients.js';
+import applyHook from '../../hook/funcs/applyHook.js';
+
+const q = `select a.route_id as id, coalesce(b.actions,array['get']) as actions, b.scope 
+from admin.routes a 
+left join admin.access b on 
+  a.route_id=b.route_id
+left join admin.roles c on 
+  b.role_id=c.role_id 
+  and c.enabled
+left join admin.user_roles d on 
+  c.role_id=d.role_id 
+  and ( case when 
+            d.expiration is not null 
+            then d.expiration > CURRENT_DATE 
+            else 1=1 
+        end )
+where $1 in (a.route_id, a.alias) and $2 in (b.user_uid, d.user_uid)`;
+
+export default async function getAccess({ table, user = {} }) {
+  if (!table) return null;
+
+  const hookData = await applyHook('getAccess', { table, user });
+  if (hookData) return hookData;
+
+  const { uid } = user;
+  const body = await getTemplate('table', table) || {};
+
+  // console.log(user?.type);
+  if (body.access === 'admin' && user?.type !== 'admin') return null;
+
+  if (config.auth?.disable || user?.type === 'admin' || body?.public || body.access === 'public' || (body.access === 'user' && user.uid)) {
+    return { actions: ['get'].concat(user.uid ? body.actions || body.action_default || [] : []), query: '1=1' };
+  }
+
+  if (!uid || !body?.table) return null;
+
+  const { scope, actions = [] } = await pgClients.client.query(q, [table, uid]).then((res) => res.rows?.[0] || {});
+
+  return {
+    scope, actions, query: scope === 'my' ? `uid='${uid}` : null,
+  };
+}

package/crud/funcs/getOpt.js

@@ -1,10 +1,10 @@
-import getRedis from '../../redis/funcs/getRedis.js';
-
-export default async function getOpt(token, funcs) {
-  const rclient = getRedis({ db: 0, funcs });
-
-  const key = `opt:${token}`;
-  const data = await rclient.get(key);
-  if (!data) return null;
-  return JSON.parse(data);
-}
+import getRedis from '../../redis/funcs/getRedis.js';
+
+export default async function getOpt(token, funcs) {
+  const rclient = getRedis({ db: 0, funcs });
+
+  const key = `opt:${token}`;
+  const data = await rclient.get(key);
+  if (!data) return null;
+  return JSON.parse(data);
+}