@opengis/fastify-table 1.1.71 → 1.1.73

package/server/routes/crud/controllers/insert.js

@@ -1,79 +1,79 @@
-import {
-  applyHook, getAccess, getTemplate, checkXSS, dataInsert, getToken, config,
-} from '../../../../utils.js';
-
-export default async function insert(req) {
-  const {
-    user = {}, params = {}, body = {},
-  } = req || {};
-  if (!user) return { message: 'access restricted', status: 403 };
-  const hookData = await applyHook('preInsert', { table: params?.table, user });
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-  const tokenData = await getToken({
-    uid: user?.uid, token: params.table, mode: 'a', json: 1,
-  });
-
-  const { form, table: add } = hookData || tokenData || (config.auth?.disable ? req.params : {});
-
-  const { actions = [] } = await getAccess({ table: add, user }) || {};
-
-  if (!actions.includes('add') && !config?.local && !tokenData) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  if (!add) {
-    return { message: 'table is required', status: 400 };
-  }
-
-  const loadTemplate = await getTemplate('table', add);
-  const { table } = loadTemplate || hookData || tokenData || req.params || {};
-  if (!table) {
-    return { message: 'table not found', status: 404 };
-  }
-
-  const formData = form || loadTemplate?.form ? (await getTemplate('form', form || loadTemplate?.form) || {}) : {};
-
-  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  if (![add, table].includes('admin.users')) {
-    Object.assign(body, { uid: user?.uid, editor_id: user?.uid });
-  }
-  if (tokenData?.obj) {
-    const objData = tokenData.obj?.split('#').reduce((p, el) => ({ ...p, [el.split('=')[0]]: el.split('=')[1] }), {}) || {};
-    Object.assign(body, objData);
-  }
-
-  const res = await dataInsert({
-    table: loadTemplate?.table || table, data: body, uid: user?.uid,
-  });
-  if (!res) return { message: 'nothing added ' };
-
-  // admin.custom_column
-  await applyHook('afterInsert', {
-    table, body, payload: res, user,
-  });
-  // form DataTable
-  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
-  if (extraKeys?.length) {
-    res.extra = {};
-    await Promise.all(extraKeys?.map(async (key) => {
-      const objId = body[formData[key].parent_id] || req.body?.id;
-      const extraRows = await Promise.all(body[key].map(async (row) => {
-        const extraRes = await dataInsert({
-          table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid: user?.uid,
-        });
-        return extraRes?.rows?.[0];
-      }));
-      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
-    }));
-  }
-
-  return { rows: res.rows, extra: res.extra };
-}
+import {
+  applyHook, getAccess, getTemplate, checkXSS, dataInsert, getToken, config,
+} from '../../../../utils.js';
+
+export default async function insert(req) {
+  const {
+    user = {}, params = {}, body = {},
+  } = req || {};
+  if (!user) return { message: 'access restricted', status: 403 };
+  const hookData = await applyHook('preInsert', { table: params?.table, user });
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+  const tokenData = await getToken({
+    uid: user?.uid, token: params.table, mode: 'a', json: 1,
+  });
+
+  const { form, table: add } = hookData || tokenData || (config.auth?.disable ? req.params : {});
+
+  const { actions = [] } = await getAccess({ table: add, user }) || {};
+
+  if (!actions.includes('add') && !config?.local && !tokenData) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (!add) {
+    return { message: 'table is required', status: 400 };
+  }
+
+  const loadTemplate = await getTemplate('table', add);
+  const { table } = loadTemplate || hookData || tokenData || req.params || {};
+  if (!table) {
+    return { message: 'table not found', status: 404 };
+  }
+
+  const formData = form || loadTemplate?.form ? (await getTemplate('form', form || loadTemplate?.form) || {}) : {};
+
+  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  if (![add, table].includes('admin.users')) {
+    Object.assign(body, { uid: user?.uid, editor_id: user?.uid });
+  }
+  if (tokenData?.obj) {
+    const objData = tokenData.obj?.split('#').reduce((p, el) => ({ ...p, [el.split('=')[0]]: el.split('=')[1] }), {}) || {};
+    Object.assign(body, objData);
+  }
+
+  const res = await dataInsert({
+    table: loadTemplate?.table || table, data: body, uid: user?.uid,
+  });
+  if (!res) return { message: 'nothing added ' };
+
+  // admin.custom_column
+  await applyHook('afterInsert', {
+    table, body, payload: res, user,
+  });
+  // form DataTable
+  const extraKeys = Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length);
+  if (extraKeys?.length) {
+    res.extra = {};
+    await Promise.all(extraKeys?.map(async (key) => {
+      const objId = body[formData[key].parent_id] || req.body?.id;
+      const extraRows = await Promise.all(body[key].map(async (row) => {
+        const extraRes = await dataInsert({
+          table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid: user?.uid,
+        });
+        return extraRes?.rows?.[0];
+      }));
+      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
+    }));
+  }
+
+  return { rows: res.rows, extra: res.extra };
+}

package/server/routes/crud/controllers/table.js

@@ -1,87 +1,87 @@
-import {
-  config, getAccess, getTemplate, getMeta, setToken, applyHook, getToken,
-} from '../../../../utils.js';
-
-export default async function tableAPI(req) {
-  const {
-    pg, params, user = {}, query = {},
-  } = req;
-  const tokenData = await getToken({ token: params?.table, uid: user.uid, json: 1 }) || {};
-
-  const hookData = await applyHook('preTable', {
-    table: params?.table, id: params?.id, ...tokenData || {}, user,
-  });
-
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-  const tableName1 = hookData?.table || tokenData.table || params.table;
-
-  const loadTable = await getTemplate('table', tableName1) || {};
-  if (!loadTable && !pg.pk?.[tokenData.table]) {
-    return { message: 'not found', status: 404 };
-  }
-
-  const { table, /* columns, */ form } = loadTable;
-
-  const tableName = table || hookData?.table || tokenData.table || params.table;
-
-  const id = hookData?.id || tokenData.id || params.id;
-
-  if (tokenData && !id) return { message: {} };
-  if (!tableName && !id) {
-    return { message: 'not enough params', status: 400 };
-  }
-
-  const { actions = [], query: accessQuery } = await getAccess({
-    table: tableName,
-    id,
-    user,
-  }) || {};
-
-  if (!actions.includes('edit') && !config?.local && !tokenData) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  const { pk, columns: dbColumns = [] } = await getMeta(tableName);
-  if (!pk) return { message: `table not found: ${table}`, status: 404 };
-
-  // const cols = columns.map((el) => el.name || el).join(',');
-  const schema = await getTemplate('form', hookData?.form || form) || {};
-  // skip DataTable from another table
-  const extraKeys = Object.keys(schema)?.filter((key) => schema[key]?.type === 'DataTable' && schema[key]?.table && schema[key]?.parent_id && schema[key]?.colModel?.length);
-  // skip non-existing columns
-  const columnList = dbColumns.map((el) => el.name || el).join(',');
-
-  const { fields = [] } = !loadTable?.table ? await pg.query(`select * from ${tableName} limit 0`) : {};
-  const cols = loadTable?.table
-    ? Object.keys(schema || {}).filter((col) => columnList.includes(col) && !extraKeys.includes(col))?.map((col) => (col?.includes('geom') ? `st_asgeojson(${col})::json as "${col}"` : `"${col}"`))?.join(',')
-    : fields.map((el) => (el?.name?.includes('geom') ? `st_asgeojson(${el.name})::json as "${el.name}"` : `"${el?.name}"`)).join(',');
-  const where = [`"${pk}" = $1`, loadTable.query, accessQuery].filter((el) => el);
-  const geom = columnList.includes('geom') ? ',st_asgeojson(geom)::json as geom' : '';
-  const q = `select "${pk}" as id, ${cols || '*'} ${geom} from ${tableName} t where ${where.join(' and ') || 'true'} limit 1`;
-
-  if (query?.sql === '1') return q;
-
-  const data = await pg.query(q, [id]).then(el => el.rows[0]);
-  if (!data) return { message: 'not found', status: 404 };
-
-  if (extraKeys?.length) {
-    await Promise.all(extraKeys?.map(async (key) => {
-      const { colModel, table: extraTable, parent_id: parentId } = schema[key];
-      const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [hookData?.id || params?.id]);
-      Object.assign(data, { [key]: extraRows });
-    }));
-  }
-  if (user.uid) {
-    data.token = tokenData?.table ? params.table : setToken({
-      ids: [JSON.stringify({ id, table: tableName, form: loadTable.form })],
-      uid: user.uid,
-      array: 1,
-    })[0];
-  }
-  const res = await applyHook('afterTable', {
-    table: tableName, payload: [data], user,
-  });
-  return res || data || {};
-}
+import {
+  config, getAccess, getTemplate, getMeta, setToken, applyHook, getToken,
+} from '../../../../utils.js';
+
+export default async function tableAPI(req) {
+  const {
+    pg, params, user = {}, query = {},
+  } = req;
+  const tokenData = await getToken({ token: params?.table, uid: user.uid, json: 1 }) || {};
+
+  const hookData = await applyHook('preTable', {
+    table: params?.table, id: params?.id, ...tokenData || {}, user,
+  });
+
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+  const tableName1 = hookData?.table || tokenData.table || params.table;
+
+  const loadTable = await getTemplate('table', tableName1) || {};
+  if (!loadTable && !pg.pk?.[tokenData.table]) {
+    return { message: 'not found', status: 404 };
+  }
+
+  const { table, /* columns, */ form } = loadTable;
+
+  const tableName = table || hookData?.table || tokenData.table || params.table;
+
+  const id = hookData?.id || tokenData.id || params.id;
+
+  if (tokenData && !id) return { message: {} };
+  if (!tableName && !id) {
+    return { message: 'not enough params', status: 400 };
+  }
+
+  const { actions = [], query: accessQuery } = await getAccess({
+    table: tableName,
+    id,
+    user,
+  }) || {};
+
+  if (!actions.includes('edit') && !config?.local && !tokenData) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  const { pk, columns: dbColumns = [] } = await getMeta(tableName);
+  if (!pk) return { message: `table not found: ${table}`, status: 404 };
+
+  // const cols = columns.map((el) => el.name || el).join(',');
+  const schema = await getTemplate('form', hookData?.form || form) || {};
+  // skip DataTable from another table
+  const extraKeys = Object.keys(schema)?.filter((key) => schema[key]?.type === 'DataTable' && schema[key]?.table && schema[key]?.parent_id && schema[key]?.colModel?.length);
+  // skip non-existing columns
+  const columnList = dbColumns.map((el) => el.name || el).join(',');
+
+  const { fields = [] } = !loadTable?.table ? await pg.query(`select * from ${tableName} limit 0`) : {};
+  const cols = loadTable?.table
+    ? Object.keys(schema || {}).filter((col) => columnList.includes(col) && !extraKeys.includes(col))?.map((col) => (col?.includes('geom') ? `st_asgeojson(${col})::json as "${col}"` : `"${col}"`))?.join(',')
+    : fields.map((el) => (el?.name?.includes('geom') ? `st_asgeojson(${el.name})::json as "${el.name}"` : `"${el?.name}"`)).join(',');
+  const where = [`"${pk}" = $1`, loadTable.query, accessQuery].filter((el) => el);
+  const geom = columnList.includes('geom') ? ',st_asgeojson(geom)::json as geom' : '';
+  const q = `select "${pk}" as id, ${cols || '*'} ${geom} from ${tableName} t where ${where.join(' and ') || 'true'} limit 1`;
+
+  if (query?.sql === '1') return q;
+
+  const data = await pg.query(q, [id]).then(el => el.rows[0]);
+  if (!data) return { message: 'not found', status: 404 };
+
+  if (extraKeys?.length) {
+    await Promise.all(extraKeys?.map(async (key) => {
+      const { colModel, table: extraTable, parent_id: parentId } = schema[key];
+      const { rows: extraRows } = await pg.query(`select ${parentId} as parent, ${colModel.map((col) => col.name).join(',')} from ${extraTable} a where ${parentId}=$1`, [hookData?.id || params?.id]);
+      Object.assign(data, { [key]: extraRows });
+    }));
+  }
+  if (user.uid) {
+    data.token = tokenData?.table ? params.table : setToken({
+      ids: [JSON.stringify({ id, table: tableName, form: loadTable.form })],
+      uid: user.uid,
+      array: 1,
+    })[0];
+  }
+  const res = await applyHook('afterTable', {
+    table: tableName, payload: [data], user,
+  });
+  return res || data || {};
+}

package/server/routes/crud/controllers/update.js

@@ -1,81 +1,81 @@
-import {
-  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken,
-} from '../../../../utils.js';
-import config from '../../../../config.js';
-import insert from './insert.js';
-
-export default async function update(req) {
-  const { user, params = {}, body = {} } = req;
-  if (!user) return { message: 'access restricted', status: 403 };
-  const hookData = await applyHook('preUpdate', {
-    table: params?.table, id: params?.id, user,
-  });
-
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-  const tokenData = await getToken({
-    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
-  });
-
-  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
-
-  const { actions = [] } = await getAccess({ table: edit, id, user }) || {};
-
-  if (!actions.includes('edit') && !config?.local && !tokenData) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  if (!edit) {
-    return { message: 'table is required', status: 400 };
-  }
-
-  if (!id && tokenData?.table) {
-    return insert(req);
-  }
-  if (!id) {
-    return { message: 'id is required', status: 404 };
-  }
-
-  const loadTemplate = await getTemplate('table', edit);
-  const { table } = loadTemplate || hookData || tokenData || params || {};
-
-  const uid = user?.uid;
-
-  const formData = form || loadTemplate?.form ? await getTemplate('form', form || loadTemplate?.form) : {};
-
-  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
-
-  if (xssCheck.error && formData?.xssCheck !== false) {
-    logger.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
-  }
-
-  const res = await dataUpdate({
-    table: loadTemplate?.table || table, id, data: body, uid,
-  });
-
-  // admin.custom_column
-  await applyHook('afterUpdate', {
-    table: params?.table, body, payload: res, user,
-  });
-
-  // form DataTable
-  const extraKeys = formData ? Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length) : [];
-  if (extraKeys?.length) {
-    res.extra = {};
-    await Promise.all(extraKeys?.map(async (key) => {
-      const objId = body[formData[key].parent_id] || body?.id;
-      // delete old extra data
-      await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [objId]); // rewrite?
-      // insert new extra data
-      const extraRows = await Promise.all(body[key].map(async (row) => {
-        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid });
-        return extraRes?.rows?.[0];
-      }));
-      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
-    }));
-  }
-
-  return res;
-}
+import {
+  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken,
+} from '../../../../utils.js';
+import config from '../../../../config.js';
+import insert from './insert.js';
+
+export default async function update(req) {
+  const { user, params = {}, body = {} } = req;
+  if (!user) return { message: 'access restricted', status: 403 };
+  const hookData = await applyHook('preUpdate', {
+    table: params?.table, id: params?.id, user,
+  });
+
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+  const tokenData = await getToken({
+    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
+  });
+
+  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
+
+  const { actions = [] } = await getAccess({ table: edit, id, user }) || {};
+
+  if (!actions.includes('edit') && !config?.local && !tokenData) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  if (!edit) {
+    return { message: 'table is required', status: 400 };
+  }
+
+  if (!id && tokenData?.table) {
+    return insert(req);
+  }
+  if (!id) {
+    return { message: 'id is required', status: 404 };
+  }
+
+  const loadTemplate = await getTemplate('table', edit);
+  const { table } = loadTemplate || hookData || tokenData || params || {};
+
+  const uid = user?.uid;
+
+  const formData = form || loadTemplate?.form ? await getTemplate('form', form || loadTemplate?.form) : {};
+
+  const xssCheck = checkXSS({ body, schema: formData?.schema || formData });
+
+  if (xssCheck.error && formData?.xssCheck !== false) {
+    logger.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+  }
+
+  const res = await dataUpdate({
+    table: loadTemplate?.table || table, id, data: body, uid,
+  });
+
+  // admin.custom_column
+  await applyHook('afterUpdate', {
+    table: params?.table, body, payload: res, user,
+  });
+
+  // form DataTable
+  const extraKeys = formData ? Object.keys(formData)?.filter((key) => formData?.[key]?.type === 'DataTable' && formData?.[key]?.table && formData?.[key]?.parent_id && body[key].length) : [];
+  if (extraKeys?.length) {
+    res.extra = {};
+    await Promise.all(extraKeys?.map(async (key) => {
+      const objId = body[formData[key].parent_id] || body?.id;
+      // delete old extra data
+      await pgClients.client.query(`delete from ${formData[key].table} where ${formData[key].parent_id}=$1`, [objId]); // rewrite?
+      // insert new extra data
+      const extraRows = await Promise.all(body[key].map(async (row) => {
+        const extraRes = await dataInsert({ table: formData[key].table, data: { ...row, [formData[key].parent_id]: objId }, uid });
+        return extraRes?.rows?.[0];
+      }));
+      Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });
+    }));
+  }
+
+  return res;
+}

package/server/routes/crud/index.js

@@ -1,21 +1,21 @@
-import update from './controllers/update.js';
-import insert from './controllers/insert.js';
-import deleteCrud from './controllers/deleteCrud.js';
-import table from './controllers/table.js';
-
-const tableSchema = {
-  params: {
-    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
-    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
-  },
-};
-
-async function plugin(fastify, config = {}) {
-  const prefix = config.prefix || '/api';
-  fastify.put(`${prefix}/table/:table/:id?`, { schema: tableSchema }, update);
-  fastify.delete(`${prefix}/table/:table/:id?`, { schema: tableSchema }, deleteCrud);
-  fastify.post(`${prefix}/table/:table?`, { schema: tableSchema }, insert);
-  fastify.get(`${prefix}/table/:table/:id?`, { schema: tableSchema }, table);
-}
-
-export default plugin;
+import update from './controllers/update.js';
+import insert from './controllers/insert.js';
+import deleteCrud from './controllers/deleteCrud.js';
+import table from './controllers/table.js';
+
+const tableSchema = {
+  params: {
+    id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+    table: { type: 'string', pattern: '^([\\w\\d_.]+)$' },
+  },
+};
+
+async function plugin(fastify, config = {}) {
+  const prefix = config.prefix || '/api';
+  fastify.put(`${prefix}/table/:table/:id?`, { schema: tableSchema }, update);
+  fastify.delete(`${prefix}/table/:table/:id?`, { schema: tableSchema }, deleteCrud);
+  fastify.post(`${prefix}/table/:table?`, { schema: tableSchema }, insert);
+  fastify.get(`${prefix}/table/:table/:id?`, { schema: tableSchema }, table);
+}
+
+export default plugin;