@opengis/fastify-table 1.2.34 → 1.2.36

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.2.34",
+  "version": "1.2.36",
   "type": "module",
   "description": "core-plugins",
   "keywords": [

package/server/plugins/policy/funcs/checkPolicy.js

@@ -71,6 +71,9 @@ export default function checkPolicy(req, reply) {
 
   /* === 0. policy: unauthorized access from admin URL === */
   const validToken = (req.ip === '193.239.152.181' || req.ip === '127.0.0.1' || req.ip.startsWith('192.168.') || config.debug) && req.headers?.uid && req.headers?.token && config.auth?.tokens?.includes?.(headers.token);
+  if (validToken && !req?.user?.uid) {
+    req.user = { uid: req.headers?.uid };
+  }
   if (!validToken && !user?.uid && !config.auth?.disable && isAdmin && !policy.includes('public') && !skipCheckPolicyRoutes.filter((el) => el).find(el => req.url.includes(el))) {
     logger.file('policy/unauthorized', {
       path, method, params, query, body, token: headers?.token, userId: headers?.uid, ip: req.ip, headers, message: 'unauthorized',

package/server/routes/table/controllers/data.js

@@ -10,7 +10,7 @@ const components = {
 };
 
 const maxLimit = 100;
-export default async function dataAPI(req) {
+export default async function dataAPI(req, reply, called) {
   const {
     pg, params, query = {}, user = {},
   } = req;
@@ -34,7 +34,7 @@ export default async function dataAPI(req) {
   const id = tokenData?.id || hookData?.id || params?.id;
   const { actions = [], query: accessQuery } = await getAccess({ table: tokenData?.table || hookData?.table || params.table, id, user }) || {};
 
-  if (!actions.includes('view') && !config?.local) {
+  if (!actions.includes('view') && !config?.local && !called) {
     return { message: 'access restricted', status: 403 };
   }