@opengis/fastify-table 1.1.60 → 1.1.62

package/server/routes/crud/controllers/insert.js

@@ -1,73 +1,73 @@
-import {
-  applyHook, getAccess, getTemplate, checkXSS, dataInsert, getToken, config,
-} from '../../../../utils.js';
-
-export default async function insert(req) {
-  const {
-    user, params = {}, body = {},
-  } = req || {};
-  const hookData = await applyHook('preInsert', { table: params?.table, user });
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-  const tokenData = await getToken({
-    uid: user.uid, token: params.table, mode: 'a', json: 1,
-  });
-
-  const { form, table: add } = hookData || tokenData || (config.auth?.disable ? req.params : {});
-
-  const { actions = [] } = await getAccess({ table: add, user }) || {};
-
-  if (!actions.includes('add') && !config?.local) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  if (!add) {
-    return { message: 'table is required', status: 400 };
-  }
-
-  const loadTemplate = await getTemplate('table', add);
-  const { table } = loadTemplate || hookData || req.params || {};
-  if (!table) {
-    return { message: 'table not found', status: 404 };
-  }
-
-  const formData = form || loadTemplate?.form ? (await getTemplate('form', form || loadTemplate?.form) || {}) : {};
-
-  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const uid = user?.uid;
-  if (![add, table].filter((el) => el !== 'admin.users')?.length) {
-    Object.assign(body, { uid, editor_id: uid });
-  }
-  const res = await dataInsert({
-    table: loadTemplate?.table, data: body, uid,
-  });
-
-  // admin.custom_column
-  await applyHook('afterInsert', {
-    table, body, payload: res, user,
-  });
-  // form DataTable
-  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
-  if (extraKeys?.length) {
-    res.extra = {};
-    await Promise.all(extraKeys?.map(async (key) => {
-      const objId = body[formData[key].parent_id] || req.body?.id;
-      const extraRows = await Promise.all(body[key].map(async (row) => {
-        const extraRes = await dataInsert({
-          table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid,
-        });
-        return extraRes?.rows?.[0];
-      }));
-      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
-    }));
-  }
-
-  return { rows: res.rows, extra: res.extra };
-}
+import {
+  applyHook, getAccess, getTemplate, checkXSS, dataInsert, getToken, config,
+} from '../../../../utils.js';
+
+export default async function insert(req) {
+  const {
+    user, params = {}, body = {},
+  } = req || {};
+  const hookData = await applyHook('preInsert', { table: params?.table, user });
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+  const tokenData = await getToken({
+    uid: user.uid, token: params.table, mode: 'a', json: 1,
+  });
+
+  const { form, table: add } = hookData || tokenData || (config.auth?.disable ? req.params : {});
+
+  const { actions = [] } = await getAccess({ table: add, user }) || {};
+
+  if (!actions.includes('add') && !config?.local) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (!add) {
+    return { message: 'table is required', status: 400 };
+  }
+
+  const loadTemplate = await getTemplate('table', add);
+  const { table } = loadTemplate || hookData || req.params || {};
+  if (!table) {
+    return { message: 'table not found', status: 404 };
+  }
+
+  const formData = form || loadTemplate?.form ? (await getTemplate('form', form || loadTemplate?.form) || {}) : {};
+
+  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const uid = user?.uid;
+  if (![add, table].filter((el) => el !== 'admin.users')?.length) {
+    Object.assign(body, { uid, editor_id: uid });
+  }
+  const res = await dataInsert({
+    table: loadTemplate?.table, data: body, uid,
+  });
+
+  // admin.custom_column
+  await applyHook('afterInsert', {
+    table, body, payload: res, user,
+  });
+  // form DataTable
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
+  if (extraKeys?.length) {
+    res.extra = {};
+    await Promise.all(extraKeys?.map(async (key) => {
+      const objId = body[formData[key].parent_id] || req.body?.id;
+      const extraRows = await Promise.all(body[key].map(async (row) => {
+        const extraRes = await dataInsert({
+          table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid,
+        });
+        return extraRes?.rows?.[0];
+      }));
+      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
+    }));
+  }
+
+  return { rows: res.rows, extra: res.extra };
+}

package/server/routes/{table → crud}/controllers/table.js

@@ -1,81 +1,87 @@
-import {
-  config, getAccess, getTemplate, getMeta, setToken, applyHook,
-} from '../../../../utils.js';
-
-export default async function tableAPI(req) {
-  const {
-    pg, params, user, query = {},
-  } = req;
-  const hookData = await applyHook('preTable', {
-    table: params?.table, id: params?.id, user,
-  });
-
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-
-  if (!params?.id && !hookData?.id) {
-    return { message: 'not enough params', status: 400 };
-  }
-  const tableName = hookData?.table || params.table;
-  const loadTable = await getTemplate('table', tableName) || {};
-  if (!loadTable || (pg.pk?.[tableName])) {
-    return { message: 'not found', status: 404 };
-  }
-
-  const { actions = [], query: accessQuery } = await getAccess({
-    table: hookData?.table || params.table,
-    id: hookData?.id || params?.id,
-    user,
-  }) || {};
-
-  if (!actions.includes('edit') && !config?.local) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  const { table, /* columns, */ form } = loadTable;
-
-  const { pk, columns: dbColumns = [] } = await getMeta(table || hookData?.table || params.table);
-  if (!pk) return { message: `table not found: ${table}`, status: 404 };
-
-  // const cols = columns.map((el) => el.name || el).join(',');
-  const schema = await getTemplate('form', hookData?.form || form) || {};
-  // skip DataTable from another table
-  const extraKeys = Object.keys(schema)?.filter((key) => schema[key]?.type === 'DataTable' && schema[key]?.table && schema[key]?.parent_id && schema[key]?.colModel?.length);
-  // skip non-existing columns
-  const columnList = dbColumns.map((el) => el.name || el).join(',');
-
-  const { fields = [] } = !loadTable?.table ? await pg.query(`select * from ${table || hookData?.table || params.table} limit 0`) : {};
-  const cols = loadTable?.table
-    ? Object.keys(schema || {}).filter((col) => columnList.includes(col) && !extraKeys.includes(col))?.map((col) => (col?.includes('geom') ? `st_asgeojson(${col})::json as "${col}"` : `"${col}"`))?.join(',')
-    : fields.map((el) => (el?.name?.includes('geom') ? `st_asgeojson(${el.name})::json as "${el.name}"` : `"${el?.name}"`)).join(',');
-  const where = [`"${pk}" = $1`, loadTable.query, accessQuery].filter((el) => el);
-  const geom = columnList.includes('geom') ? ',st_asgeojson(geom)::json as geom' : '';
-  const q = `select "${pk}" as id, ${cols || '*'} ${geom} from ${table || hookData?.table || params.table} t where ${where.join(' and ') || 'true'} limit 1`;
-
-  if (query?.sql === '1') return q;
-
-  const data = await pg.query(q, [hookData?.id || params.id]).then(el => el.rows[0]);
-  if (!data) return { message: 'not found', status: 404 };
-
-  if (extraKeys?.length) {
-    await Promise.all(extraKeys?.map(async (key) => {
-      const { colModel, table: extraTable, parent_id: parentId } = schema[key];
-      const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [hookData?.id || params?.id]);
-      Object.assign(data, { [key]: extraRows });
-    }));
-  }
-  if (user.uid) {
-    const [token] = setToken({
-      ids: [JSON.stringify({ id: params?.id, table: params.table || loadTable.table, form: loadTable.form })],
-      mode: 'w',
-      uid: user.uid,
-      array: 1,
-    });
-    data.token = token;
-  }
-  const res = await applyHook('afterTable', {
-    table: loadTable?.table, payload: [data], user,
-  });
-  return res || data || {};
-}
+import {
+  config, getAccess, getTemplate, getMeta, setToken, applyHook, getToken,
+} from '../../../../utils.js';
+
+export default async function tableAPI(req) {
+  const {
+    pg, params, user = {}, query = {},
+  } = req;
+  const tokenData = await getToken({ token: params?.table, uid: user.uid, json: 1 }) || {};
+
+  const hookData = await applyHook('preTable', {
+    table: params?.table, id: params?.id, ...tokenData || {}, user,
+  });
+
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+  const tableName1 = hookData?.table || tokenData.table || params.table;
+
+  const loadTable = await getTemplate('table', tableName1) || {};
+  if (!loadTable && !pg.pk?.[tokenData.table]) {
+    return { message: 'not found', status: 404 };
+  }
+
+  const { table, /* columns, */ form } = loadTable;
+
+  const tableName = table || hookData?.table || tokenData.table || params.table;
+
+  const id = hookData?.id || tokenData.id || params.id;
+
+  if (!tableName && !id) {
+    return { message: 'not enough params', status: 400 };
+  }
+
+  const { actions = [], query: accessQuery } = await getAccess({
+    table: tableName,
+    id,
+    user,
+  }) || {};
+
+  if (!actions.includes('edit') && !config?.local) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  const { pk, columns: dbColumns = [] } = await getMeta(tableName);
+  if (!pk) return { message: `table not found: ${table}`, status: 404 };
+
+  // const cols = columns.map((el) => el.name || el).join(',');
+  const schema = await getTemplate('form', hookData?.form || form) || {};
+  // skip DataTable from another table
+  const extraKeys = Object.keys(schema)?.filter((key) => schema[key]?.type === 'DataTable' && schema[key]?.table && schema[key]?.parent_id && schema[key]?.colModel?.length);
+  // skip non-existing columns
+  const columnList = dbColumns.map((el) => el.name || el).join(',');
+
+  const { fields = [] } = !loadTable?.table ? await pg.query(`select * from ${tableName} limit 0`) : {};
+  const cols = loadTable?.table
+    ? Object.keys(schema || {}).filter((col) => columnList.includes(col) && !extraKeys.includes(col))?.map((col) => (col?.includes('geom') ? `st_asgeojson(${col})::json as "${col}"` : `"${col}"`))?.join(',')
+    : fields.map((el) => (el?.name?.includes('geom') ? `st_asgeojson(${el.name})::json as "${el.name}"` : `"${el?.name}"`)).join(',');
+  const where = [`"${pk}" = $1`, loadTable.query, accessQuery].filter((el) => el);
+  const geom = columnList.includes('geom') ? ',st_asgeojson(geom)::json as geom' : '';
+  const q = `select "${pk}" as id, ${cols || '*'} ${geom} from ${tableName} t where ${where.join(' and ') || 'true'} limit 1`;
+
+  if (query?.sql === '1') return q;
+
+  const data = await pg.query(q, [id]).then(el => el.rows[0]);
+  if (!data) return { message: 'not found', status: 404 };
+
+  if (extraKeys?.length) {
+    await Promise.all(extraKeys?.map(async (key) => {
+      const { colModel, table: extraTable, parent_id: parentId } = schema[key];
+      const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [hookData?.id || params?.id]);
+      Object.assign(data, { [key]: extraRows });
+    }));
+  }
+  if (user.uid) {
+    const [token] = setToken({
+      ids: [JSON.stringify({ id, table, form: loadTable.form })],
+      uid: user.uid,
+      array: 1,
+    });
+    data.token = token;
+  }
+  const res = await applyHook('afterTable', {
+    table: tableName, payload: [data], user,
+  });
+  return res || data || {};
+}

package/server/routes/crud/controllers/update.js

@@ -1,76 +1,76 @@
-import {
-  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken,
-} from '../../../../utils.js';
-import config from '../../../../config.js';
-
-export default async function update(req) {
-  const { user, params = {}, body = {} } = req;
-  const hookData = await applyHook('preUpdate', {
-    table: params?.table, id: params?.id, user,
-  });
-
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-  const tokenData = await getToken({
-    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
-  });
-
-  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
-
-  const { actions = [] } = await getAccess({ table: edit, id, user }) || {};
-
-  if (!actions.includes('edit') && !config?.local) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  if (!edit) {
-    return { message: 'table is required', status: 400 };
-  }
-
-  if (!id) {
-    return { message: 'id is required', status: 404 };
-  }
-
-  const loadTemplate = await getTemplate('table', edit);
-  const { table } = loadTemplate || hookData || params || {};
-
-  const uid = user?.uid;
-
-  const formData = form || loadTemplate?.form ? await getTemplate('form', form || loadTemplate?.form) : {};
-
-  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    logger.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataUpdate({
-    table: loadTemplate?.table || table, id, data: body, uid,
-  });
-
-  // admin.custom_column
-  await applyHook('afterUpdate', {
-    table: params?.table, body, payload: res, user,
-  });
-
-  // form DataTable
-  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
-  if (extraKeys?.length) {
-    res.extra = {};
-    await Promise.all(extraKeys?.map(async (key) => {
-      const objId = body[formData[key].parent_id] || body?.id;
-      // delete old extra data
-      await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [objId]); // rewrite?
-      // insert new extra data
-      const extraRows = await Promise.all(body[key].map(async (row) => {
-        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid });
-        return extraRes?.rows?.[0];
-      }));
-      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
-    }));
-  }
-
-  return res;
-}
+import {
+  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken,
+} from '../../../../utils.js';
+import config from '../../../../config.js';
+
+export default async function update(req) {
+  const { user, params = {}, body = {} } = req;
+  const hookData = await applyHook('preUpdate', {
+    table: params?.table, id: params?.id, user,
+  });
+
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+  const tokenData = await getToken({
+    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
+  });
+
+  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
+
+  const { actions = [] } = await getAccess({ table: edit, id, user }) || {};
+
+  if (!actions.includes('edit') && !config?.local) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (!edit) {
+    return { message: 'table is required', status: 400 };
+  }
+
+  if (!id) {
+    return { message: 'id is required', status: 404 };
+  }
+
+  const loadTemplate = await getTemplate('table', edit);
+  const { table } = loadTemplate || hookData || params || {};
+
+  const uid = user?.uid;
+
+  const formData = form || loadTemplate?.form ? await getTemplate('form', form || loadTemplate?.form) : {};
+
+  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    logger.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataUpdate({
+    table: loadTemplate?.table || table, id, data: body, uid,
+  });
+
+  // admin.custom_column
+  await applyHook('afterUpdate', {
+    table: params?.table, body, payload: res, user,
+  });
+
+  // form DataTable
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
+  if (extraKeys?.length) {
+    res.extra = {};
+    await Promise.all(extraKeys?.map(async (key) => {
+      const objId = body[formData[key].parent_id] || body?.id;
+      // delete old extra data
+      await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [objId]); // rewrite?
+      // insert new extra data
+      const extraRows = await Promise.all(body[key].map(async (row) => {
+        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid });
+        return extraRes?.rows?.[0];
+      }));
+      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
+    }));
+  }
+
+  return res;
+}

package/server/routes/crud/index.js

@@ -1,19 +1,21 @@
-import update from './controllers/update.js';
-import insert from './controllers/insert.js';
-import deleteCrud from './controllers/deleteCrud.js';
-
-const tableSchema = {
-  params: {
-    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  fastify.put(`${prefix}/table/:table/:id?`, { schema: tableSchema }, update);
-  fastify.delete(`${prefix}/table/:table/:id?`, { schema: tableSchema }, deleteCrud);
-  fastify.post(`${prefix}/table/:table?`, { schema: tableSchema }, insert);
-}
-
-export default plugin;
+import update from './controllers/update.js';
+import insert from './controllers/insert.js';
+import deleteCrud from './controllers/deleteCrud.js';
+import table from './controllers/table.js';
+
+const tableSchema = {
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  fastify.put(`${prefix}/table/:table/:id?`, { schema: tableSchema }, update);
+  fastify.delete(`${prefix}/table/:table/:id?`, { schema: tableSchema }, deleteCrud);
+  fastify.post(`${prefix}/table/:table?`, { schema: tableSchema }, insert);
+  fastify.get(`${prefix}/table/:table/:id?`, { schema: tableSchema }, table);
+}
+
+export default plugin;