@opengis/fastify-table 1.3.65 → 1.3.67

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.3.65",
+  "version": "1.3.67",
   "type": "module",
   "description": "core-plugins",
   "keywords": [

package/server/plugins/crud/funcs/validateData.js

@@ -3,8 +3,25 @@ import config from '../../../../config.js';
 const emailReg = /(?:[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-zA-Z0-9-]*[a-zA-Z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])/g;
 
 function checkField(key, val, options, idx, body) {
+    const type = options?.type?.toLowerCase?.();
+    const isrequired = options?.validators?.includes?.('required');
+
     // validators: [required]
-    if (options?.validators?.includes('required') && !val) {
+    if (type === 'switcher') {
+        // skip nulls at non-required switchers, restrict invalid values
+        if (val && typeof val !== 'boolean') {
+            return {
+                error: 'not a boolean', key, idx,
+            };
+        }
+        // restrict nulls at required switchers
+        if (isrequired && typeof val !== 'boolean') {
+            return {
+                error: 'empty required', key, idx,
+            };
+        }
+    }
+    else if (isrequired && !val) {
         if (options?.conditions) {
             const allowed = JSON.parse(options?.conditions?.[2] || null);
             const check = options?.conditions?.[1] === 'in' && Array.isArray(allowed)
@@ -61,4 +78,4 @@ function checkBody({ body = {}, arr = [], idx }) {
 export default function validateData({ body = {}, schema = {} }) {
     const res = checkBody({ body, arr: Object.keys(schema).map(key => ({ ...schema[key], key })) });
     return res;
-}
+}

package/server/plugins/metric/loggerSystem.js

@@ -122,7 +122,7 @@ export default async function loggerSystem(req) {
       cpu: cpuInfo[0].model,
       ram: formatMemoryUsage(totalMemory),
       db: dbVerion,
-      redis: rclient.server_info?.redis_version,
+      redis: rclient?.server_info?.redis_version,
       node: process.version,
     },
     top: topProcess,

package/server/plugins/policy/funcs/checkXSS.js

@@ -3,7 +3,7 @@ import xssInjection from '../xssInjection.js';
 
 function checkXSS({ body, schema = {} }) {
   const data = typeof body === 'string' ? body : JSON.stringify(body);
-  const stopWords = xssInjection.filter((el) => data.toLowerCase().includes(el));
+  const stopWords = xssInjection.filter((el) => data?.toLowerCase?.()?.includes?.(el));
 
   // check sql injection
   const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/gi);
@@ -13,7 +13,7 @@ function checkXSS({ body, schema = {} }) {
   const skipScreening = config.skipScreening || ['Summernote', 'Tiny', 'Ace', 'Texteditor'];
   Object.keys(body)
     .filter((key) => ['<', '>'].find((el) => body[key]?.includes?.(el))
-  && !skipScreening.includes(schema?.[key]?.type))
+      && !skipScreening.includes(schema?.[key]?.type))
     ?.forEach((key) => {
       Object.assign(body, { [key]: body[key].replace(/</g, '&lt;').replace(/>/g, '&gt;') });
     });
@@ -24,9 +24,9 @@ function checkXSS({ body, schema = {} }) {
 
   const field = Object.keys(body)
     ?.find((key) => body[key]?.toLowerCase
-        && !disabledCheckFields.includes(key)
-        && (skipScreening.includes(schema?.[key]?.type) ? stopWords.find(el => !['href=', 'src='].includes(el)) : true)
-        && body[key].toLowerCase().includes(stopWords[0]));
+      && !disabledCheckFields.includes(key)
+      && (skipScreening.includes(schema?.[key]?.type) ? stopWords.find(el => !['href=', 'src='].includes(el)) : true)
+      && body[key].toLowerCase().includes(stopWords[0]));
   if (field) {
     console.error(stopWords[0], field, body[field]);
     return { error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`, body };

package/server/plugins/table/funcs/getTemplateSync.js

@@ -0,0 +1,87 @@
+import path from 'node:path';
+import { readdirSync, readFileSync } from 'node:fs';
+import yaml from 'js-yaml';
+
+import getTemplatePath from './getTemplatePath.js';
+import loadTemplate from './loadTemplate.js';
+import mdToHTML from '../../md/funcs/mdToHTML.js';
+
+function readFileData(file) {
+  const data = readFileSync(file, 'utf-8');
+  const ext = file.substring(file.lastIndexOf('.') + 1);
+
+  if (ext === 'yml') {
+    return yaml.load(data);
+  }
+  if (ext === 'json') {
+    return JSON.parse(data);
+  }
+  if (ext === 'md') {
+    const match = data.match(/^---\r?\n([\s\S]*?)---\r?\n([\s\S]*)$/);
+
+    const parseLinesRecursively = (lines, index = 0, result = {}) => (index >= lines.length
+      ? result
+      : (([key, ...rest]) => (key && rest.length
+        ? parseLinesRecursively(lines, index + 1, { ...result, [key.trim()]: rest.join(':').trim() })
+        : parseLinesRecursively(lines, index + 1, result)))((lines[index] || '').split(':')));
+
+    const header = parseLinesRecursively(match[1]?.split?.(/\r?\n/) || []);
+    const body = match[2]?.replace(/\r\n/g, '')?.startsWith('```html') ? match[2]?.match?.(/```html\r?\n([\s\S]*?)```/)?.[1] : match[2];
+
+    return { ...header, html: mdToHTML(body) };
+  }
+  return data;
+}
+
+const isProduction = process.env.NODE_ENV === 'production';
+
+function getTemplateData(template) {
+  // dir template: dashboard, card
+  if (template[0][3]) {
+    const files = readdirSync(template[0][1]);
+    const data = files.map(async el => readFileData(path.join(template[0][1], el)));
+    return files.map((el, i) => [el, data[i]]);
+  }
+
+  // one file template: table, form
+  if (template.length === 1) {
+    const data = readFileData(template[0][1]);
+    return data;
+  }
+
+  // multi file template: select, etc
+  if (template.length > 1) {
+    const data = template.map(el => readFileData(el[1]));
+    if (Array.isArray(data[0])) {
+      return data[0];
+    }
+    const result = {};
+    template.forEach((el, i) => {
+      Object.assign(result, typeof data[i] === 'object' ? data[i] : { [el[2]]: data[i] });
+    });
+    return result;
+  }
+  return null;
+}
+export default function getTemplateSync(type, name) {
+  if (!type) return null;
+  if (!name) return null;
+
+  const key = `${type}:${name}`;
+  if (name === 'cache' && !isProduction) return loadTemplate; // all cache debug
+  if (loadTemplate[key] && isProduction && false) return loadTemplate[key]; // from cache
+
+  // type one or multi
+  const templateList = Array.isArray(type)
+    ? type.map(el => getTemplatePath(el)).filter(list => list?.filter(el => el[0] === name).length)[0] || []
+    : getTemplatePath(type);
+
+  // find template
+  const template = templateList?.filter(el => el[0] === name);
+  if (name === 'list' && !isProduction) return templateList; // all template debug
+
+  if (!template.length) return null; // not found
+
+  loadTemplate[key] = getTemplateData(template);
+  return loadTemplate[key];
+}

package/server/routes/crud/controllers/deleteCrud.js

@@ -3,7 +3,9 @@ import {
 } from '../../../../utils.js';
 
 export default async function deleteCrud(req, reply) {
-  const { pg = pgClients.client, user, params = {}, headers = {} } = req || {};
+  const {
+    pg = pgClients.client, user, params = {}, headers = {},
+  } = req || {};
 
   const hookData = await applyHook('preDelete', {
     pg, table: params?.table, id: params?.id, user,
@@ -36,7 +38,7 @@ export default async function deleteCrud(req, reply) {
   }).catch(err => {
     if (err.message?.includes?.('foreign key' || 'unique')) {
       const constraint = err.message.match(/constraint "([^"]+)"/g);
-      return reply.status(400).send('Видалення заборонено для збереження цілісності БД: ' + constraint);
+      return reply.status(400).send(`Видалення заборонено для збереження цілісності БД: ${constraint}`);
     }
     if (config.trace) console.error(err.toString());
     return err.toString();

package/server/routes/crud/controllers/insert.js

@@ -2,13 +2,17 @@ import {
   applyHook, getAccess, getTemplate, checkXSS, dataInsert, getToken, config, pgClients, logger, validateData,
 } from '../../../../utils.js';
 
-export default async function insert(req) {
+export default async function insert(req, reply) {
   const {
     pg = pgClients.client, user = {}, params = {}, body = {}, headers = {},
   } = req || {};
-  if (!user) return { message: 'access restricted', status: 403 };
+  if (!user) {
+    return reply.status(403).send('access restricted');
+  }
 
-  const hookData = await applyHook('preInsert', { pg, table: params?.table, user, body });
+  const hookData = await applyHook('preInsert', {
+    pg, table: params?.table, user, body,
+  });
 
   if (hookData?.message && hookData?.status) {
     return { message: hookData?.message, status: hookData?.status };
@@ -23,12 +27,12 @@ export default async function insert(req) {
 
   const { actions = [] } = await getAccess({ table: add, user }, pg) || {};
 
-  if (!actions.includes('add') && !config?.local && !tokenData) {
-    return { message: 'access restricted', status: 403 };
+  if (!actions.includes('add') && !config.local && !config.debug && !tokenData) {
+    return reply.status(403).send('access restricted');
   }
 
   if (!add) {
-    return { message: 'table is required', status: 400 };
+    return reply.status(400).send('table is required');
   }
 
   const loadTemplate = await getTemplate('table', add);
@@ -43,8 +47,10 @@ export default async function insert(req) {
   const xssCheck = checkXSS({ body, schema });
 
   if (xssCheck.error && formData?.xssCheck !== false) {
-    logger.file('injection/xss', { table, form: form || loadTemplate?.form, body, uid: user?.uid, msg: xssCheck.error });
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+    logger.file('injection/xss', {
+      table, form: form || loadTemplate?.form, body, uid: user?.uid, msg: xssCheck.error,
+    });
+    return reply.status(409).send('Дані містять заборонені символи. Приберіть їх та спробуйте ще раз');
   }
 
   const fieldCheck = validateData({ body, schema });
@@ -56,7 +62,7 @@ export default async function insert(req) {
       uid: user?.uid,
       ...fieldCheck,
     });
-    return { message: 'Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз', status: 409 };
+    return reply.status(409).send('Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз');
   }
 
   if (![add, table].includes('admin.users')) {
@@ -76,7 +82,10 @@ export default async function insert(req) {
     tokenData,
     referer,
   });
-  if (!res) return { message: 'nothing added ' };
+
+  if (!res) {
+    return reply.status(400).send('nothing added');
+  }
 
   // admin.custom_column
   await applyHook('afterInsert', {

package/server/routes/crud/controllers/table.js

@@ -33,17 +33,20 @@ export default async function tableAPI(req) {
 
   if (tokenData && !id) return { message: {} };
   if (!tableName && !id) {
-    return { message: 'not enough params', status: 400 };
+    return reply.status(400).send('not enough params');
   }
 
   const { actions = [], query: accessQuery } = await getAccess({ table: templateName, id, user }, pg) || {};
 
   if (!actions.includes('edit') && !config?.local && !tokenData) {
-    return { message: 'access restricted', status: 403 };
+    return reply.status(403).send('access restricted');
   }
 
   const { pk, columns: dbColumns = [] } = await getMeta({ pg, table: tableName });
-  if (!pk) return { message: `table not found: ${table}`, status: 404 };
+
+  if (!pk) {
+    return reply.status(404).send(`table not found: ${table}`);
+  }
 
   // const cols = columns.map((el) => el.name || el).join(',');
   const formName = hookData?.form || tokenData?.form || form;
@@ -72,7 +75,10 @@ export default async function tableAPI(req) {
   }
 
   const data = await pg.query(q.replace(/{{uid}}/, user?.uid), [id]).then(el => el.rows[0]);
-  if (!data) return { message: 'not found', status: 404 };
+
+  if (!data) {
+    return reply.status(404).send(`object not found: ${id}`);
+  }
 
   Object.keys(schema).filter(key => schema[key]?.type === 'DataTable').forEach(key => {
     if (data[key] && !Array.isArray(data[key])) { data[key] = null; }

package/server/routes/crud/controllers/update.js

@@ -4,12 +4,15 @@ import {
 import config from '../../../../config.js';
 import insert from './insert.js';
 
-export default async function update(req) {
+export default async function update(req, reply) {
   const {
     pg = pgClients.client, user, params = {}, body = {}, headers = {}, unittest,
   } = req;
 
-  if (!user) return { message: 'access restricted', status: 403 };
+  if (!user) {
+    return reply.status(403).send('access restricted');
+  }
+
   const hookData = await applyHook('preUpdate', {
     pg, table: params?.table, id: params?.id, user,
   });
@@ -27,19 +30,20 @@ export default async function update(req) {
 
   const { actions = [] } = await getAccess({ table: edit, id, user }, pg) || {};
 
-  if (!actions.includes('edit') && !config?.local && !tokenData) {
-    return { message: 'access restricted', status: 403 };
+  if (!actions.includes('edit') && !config.local && !config.debug && !tokenData) {
+    return reply.status(403).send('access restricted');
   }
 
   if (!edit) {
-    return { message: 'table is required', status: 400 };
+    return reply.status(400).send('table is required');
   }
 
   if (!id && tokenData?.table) {
     return insert(req);
   }
+
   if (!id) {
-    return { message: 'id is required', status: 404 };
+    return reply.status(400).send('id is required');
   }
 
   const loadTemplate = await getTemplate('table', edit);
@@ -59,7 +63,7 @@ export default async function update(req) {
 
   if (xssCheck.error && formData?.xssCheck !== false) {
     logger.file('injection/xss', { msg: xssCheck.error, table }, req);
-    return { message: 'Дані містять заборонені символи. Приберіть їх та спробуйте ще раз', status: 409 };
+    return reply.status(409).send('Дані містять заборонені символи. Приберіть їх та спробуйте ще раз');
   }
 
   const fieldCheck = validateData({ body, schema });
@@ -71,7 +75,7 @@ export default async function update(req) {
       uid: user?.uid,
       ...fieldCheck,
     });
-    return { message: 'Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз', status: 409 };
+    return reply.status(409).send('Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз');
   }
 
   const res = await dataUpdate({
@@ -100,7 +104,9 @@ export default async function update(req) {
       // insert new extra data
       if (Array.isArray(body[key]) && body[key]?.length) {
         const extraRows = await Promise.all(body[key]?.map?.(async (row) => {
-          const extraRes = await dataInsert({ pg, table: schema[key].table, data: { ...row, [schema[key].parent_id]: objId }, uid, tokenData, referer });
+          const extraRes = await dataInsert({
+            pg, table: schema[key].table, data: { ...row, [schema[key].parent_id]: objId }, uid, tokenData, referer,
+          });
           return extraRes?.rows?.[0];
         }));
         Object.assign(res.extra, { [key]: extraRows.filter((el) => el) });

package/utils.js

@@ -19,6 +19,7 @@ import redisClients from './server/plugins/redis/funcs/redisClients.js';
 
 // template
 import getTemplate from './server/plugins/table/funcs/getTemplate.js';
+import getTemplateSync from './server/plugins/table/funcs/getTemplateSync.js';
 import getTemplates from './server/plugins/table/funcs/getTemplates.js';
 import getTemplatePath from './server/plugins/table/funcs/getTemplatePath.js';
 import addTemplateDir from './server/plugins/table/funcs/addTemplateDir.js';
@@ -104,6 +105,7 @@ export {
 
   // template
   getTemplate,
+  getTemplateSync,
   getTemplates,
   getTemplatePath,
   addTemplateDir,