npm - @opengis/fastify-table - Versions diffs - 1.2.2 → 1.2.4 - Mend

@opengis/fastify-table 1.2.2 → 1.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +1 -1
package/server/migrations/0.sql +10 -6
package/server/plugins/crud/funcs/utils/logChanges.js +14 -2
package/server/plugins/crud/funcs/validateData.js +22 -0
package/server/routes/crud/controllers/insert.js +14 -3
package/server/routes/crud/controllers/update.js +13 -1
package/utils.js +2 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.2.2",
+  "version": "1.2.4",
   "type": "module",
   "description": "core-plugins",
   "keywords": [

package/server/migrations/0.sql CHANGED Viewed

@@ -35,8 +35,8 @@ if (_returnType != 'text') then
 	DROP FUNCTION IF EXISTS next_id();
-	CREATE EXTENSION if not exists "uuid-ossp";
-	ALTER EXTENSION "uuid-ossp" SET SCHEMA public;
+	/* CREATE EXTENSION if not exists "uuid-ossp";
+	ALTER EXTENSION "uuid-ossp" SET SCHEMA public; */
 	CREATE OR REPLACE FUNCTION next_id()
 	  RETURNS text AS
@@ -44,7 +44,9 @@ if (_returnType != 'text') then
 	DECLARE
 	BEGIN
-	    return replace(public.uuid_generate_v4()::text, '-', '');
+	    -- return replace(public.uuid_generate_v4()::text, '-', '');
+		-- return replace(gen_random_uuid()::text, '-', ''); -- native from postgres 13 onward
+		return encode(public.gen_random_bytes(6), 'hex');
 	END;
 	$BODY$
 	  LANGUAGE plpgsql VOLATILE
@@ -61,8 +63,8 @@ if (_returnType != 'text') then
 else
 	raise notice 'skip default reassign';
-		CREATE EXTENSION if not exists "uuid-ossp";
-		ALTER EXTENSION "uuid-ossp" SET SCHEMA public;
+		/* CREATE EXTENSION if not exists "uuid-ossp";
+		ALTER EXTENSION "uuid-ossp" SET SCHEMA public; */
 	CREATE OR REPLACE FUNCTION next_id()
 	  RETURNS text AS
@@ -70,7 +72,9 @@ else
 	DECLARE
 	BEGIN
-	    return replace(public.uuid_generate_v4()::text, '-', '');
+	    -- return replace(public.uuid_generate_v4()::text, '-', '');
+		-- return replace(gen_random_uuid()::text, '-', ''); -- native from postgres 13 onward
+		return encode(public.gen_random_bytes(6), 'hex');
 	END;
 	$BODY$
 	  LANGUAGE plpgsql VOLATILE

package/server/plugins/crud/funcs/utils/logChanges.js CHANGED Viewed

@@ -1,6 +1,18 @@
 import getTemplate from '../../..//table/funcs/getTemplate.js';
 import { metaFormat } from '@opengis/fastify-table/utils.js';
+const defaultTitles = {
+  // editor_date: 'Дата оновлення',
+  // editor_id: 'Редактор',
+  // сdate: 'Дата створення',
+  // uid: 'Автор',
+  body: 'Зміст',
+  // entity_id: 'ID Сутності',
+  // entity_type: 'Таблиця сутності',
+  file_path: 'Шлях до файлу',
+  uploaded_name: 'Назва файлу',
+};
 function getValue(val) {
   if (!val) return null;
   return typeof val === 'object'
@@ -67,10 +79,10 @@ export default async function logChanges({
       await metaFormat({ rows: [data], cls, sufix: false });
     }
-    const newObj = Object.fromEntries(Object.entries(data || {}).map(el => ([[titles[el[0]] || el[0]], el[1]])));
+    const newObj = Object.fromEntries(Object.entries(data || {}).map(el => ([[titles[el[0]] || defaultTitles[el[0]] || el[0]], el[1]])));
     const changesData = Object.keys(newObj || {}).map(el => ({
       change_id: changeId,
-      entity_key: titles[el[0]] || el,
+      entity_key: el,
       value_old: getValue(old?.[el]),
       value_new: type === 'DELETE' ? null : getValue(newObj?.[el]),
       uid,

package/server/plugins/crud/funcs/validateData.js ADDED Viewed

@@ -0,0 +1,22 @@
+const emailReg = /(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])/g;
+export default function validateData({ body = {}, schema = {} }) {
+    const requiredFields = Object.keys(schema).filter(key => schema[key].validators?.includes('required'));
+    const emptyRequiredKey = Object.keys(body).find(key => requiredFields.includes(key) && !body[key]);
+    if (emptyRequiredKey) {
+        return { error: 'empty required', key: emptyRequiredKey };
+    }
+    const emailFields = Object.keys(schema).filter(key => schema[key].type === 'Email');
+    const invalidEmailKey = Object.keys(body).find(key => body[key] && emailFields.includes(key) && !body[key].match(emailReg));
+    if (invalidEmailKey) {
+        return { error: 'invalid email', key: emptyRequiredKey, val: body[invalidEmailKey] };
+    }
+    return { message: 'ok' };
+}

package/server/routes/crud/controllers/insert.js CHANGED Viewed

@@ -1,6 +1,5 @@
 import {
-  applyHook, getAccess, getTemplate, checkXSS, dataInsert, getToken, config,
-  pgClients,
+  applyHook, getAccess, getTemplate, checkXSS, dataInsert, getToken, config, pgClients, logger, validateData,
 } from '../../../../utils.js';
 export default async function insert(req) {
@@ -44,10 +43,22 @@ export default async function insert(req) {
   const xssCheck = checkXSS({ body, schema });
   if (xssCheck.error && formData?.xssCheck !== false) {
-    req.log.warn({ name: 'injection/xss', msg: xssCheck.error, table }, req);
+    logger.file('injection/xss', { table, form: form || loadTemplate?.form, body, uid: user?.uid, msg: xssCheck.error });
     return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
   }
+  const fieldCheck = validateData({ body, schema });
+  if (fieldCheck.error) {
+    logger.file('injection/sql', {
+      table,
+      form: form || loadTemplate?.form,
+      uid: user?.uid,
+      ...fieldCheck,
+    });
+    return { message: 'Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз', status: 409 };
+  }
   if (![add, table].includes('admin.users')) {
     Object.assign(body, { uid: user?.uid, editor_id: user?.uid });
   }

package/server/routes/crud/controllers/update.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import {
-  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken,
+  pgClients, applyHook, getAccess, getTemplate, checkXSS, dataInsert, dataUpdate, logger, getToken, validateData,
 } from '../../../../utils.js';
 import config from '../../../../config.js';
 import insert from './insert.js';
@@ -62,6 +62,18 @@ export default async function update(req) {
     return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
   }
+  const fieldCheck = validateData({ body, schema });
+  if (fieldCheck.error) {
+    logger.file('injection/sql', {
+      table,
+      form: form || loadTemplate?.form,
+      uid: user?.uid,
+      ...fieldCheck,
+    });
+    return { message: 'Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз', status: 409 };
+  }
   const res = await dataUpdate({
     table: loadTemplate?.table || table,
     id,

package/utils.js CHANGED Viewed

@@ -40,6 +40,7 @@ import getToken from './server/plugins/crud/funcs/getToken.js';
 import setToken from './server/plugins/crud/funcs/setToken.js';
 import getOpt from './server/plugins/crud/funcs/getOpt.js';
 import setOpt from './server/plugins/crud/funcs/setOpt.js';
+import validateData from './server/plugins/crud/funcs/validateData.js';
 // policy
 import checkXSS from './server/plugins/policy/funcs/checkXSS.js';
@@ -98,6 +99,7 @@ export {
   getOpt,
   setOpt,
   setToken,
+  validateData,
   // crud
   dataInsert,