@opengis/fastify-table 1.4.46 → 1.4.47

package/index.js

@@ -42,6 +42,8 @@ import dblistRoutes from './server/routes/dblist/index.mjs';
 import menuRoutes from './server/routes/menu/index.mjs';
 import templatesRoutes from './server/routes/templates/index.mjs';
 
+import widgetRoutes from './server/routes/widget/index.mjs';
+
 // core templates && cls
 const filename = fileURLToPath(import.meta.url);
 const cwd = path.dirname(filename);
@@ -110,6 +112,7 @@ async function plugin(fastify, opt) {
   propertiesRoutes(fastify, opt);
   tableRoutes(fastify, opt);
   utilRoutes(fastify, opt);
+  widgetRoutes(fastify, opt);
 
   menuRoutes(fastify, opt);
   templatesRoutes(fastify, opt);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.4.46",
+  "version": "1.4.47",
   "type": "module",
   "description": "core-plugins",
   "keywords": [

package/server/routes/widget/controllers/file.edit.js

@@ -0,0 +1,55 @@
+import path from 'node:path';
+
+import dataUpdate from '../../../plugins/crud/funcs/dataUpdate.js';
+import pgClients from '../../../plugins/pg/pgClients.js';
+import uploadMultiPart from '../../../plugins/file/uploadMultiPart.js';
+
+export default async function widgetSet(req, reply) {
+    const {
+        pg = pgClients.client, headers = {}, user = {}, params = {},
+    } = req;
+
+    if (!params?.id) {
+        return reply.status(400).send('not enough params: id');
+    }
+
+    if (!pg.pk?.['crm.files']) {
+        return reply.status(404).send('table not found');
+    }
+
+    if (headers['content-type']?.split?.(';')?.shift?.() !== 'multipart/form-data') {
+        return reply.status(400).send('invalid payload content type');
+    }
+
+    const file = await uploadMultiPart(req);
+    const extName = path.extname(file.filepath).slice(1).toLowerCase();
+
+    const data = {
+        uploaded_name: file?.originalFilename?.toLocaleLowerCase()?.replace(/'/g, '\'\''),
+        file_path: file?.relativeFilepath?.replace(/\\/g, '/'),
+        ext: extName,
+        size: file?.size,
+        file_status: 1,
+        uid: user?.uid || 1,
+    };
+
+    const result = await dataUpdate({
+        pg,
+        table: 'crm.files',
+        id: params.id,
+        data,
+        uid: user?.uid,
+    });
+
+    if (!result?.file_id) {
+        return reply.status(404).send('file not found');
+    }
+
+    return reply.status(200).send({
+        rowCount: 1,
+        data: result,
+        command: 'UPLOAD',
+        id: result?.file_id,
+        entity_id: result?.entity_id,
+    });
+}

package/server/routes/widget/controllers/widget.del.js

@@ -0,0 +1,89 @@
+import config from '../../../../config.js';
+import isFileExists from '../../../plugins/file/isFileExists.js';
+import logChanges from '../../../plugins/crud/funcs/utils/logChanges.js';
+import pgClients from '../../../plugins/pg/pgClients.js';
+
+const isAdmin = (req) => process.env.NODE_ENV === 'admin'
+  || config.admin
+  || req?.hostname?.split?.(':')?.shift?.() === config.adminDomain
+  || req?.hostname?.startsWith?.('admin');
+
+async function checkAccess(pg, objectid, id) {
+  const { uid, filepath } = await pg.query('select uid, file_path as filepath from crm.files where entity_id=$1 and file_id=$2', [objectid, id])
+    .then(el => el.rows?.[0] || {});
+  return { uid, exists: filepath ? await isFileExists(filepath) : null };
+}
+
+/**
+ * Дістає CRM дані для vue хешує ідентифікатори, підтягує селекти
+ *
+ * @method DELETE
+ * @summary CRM дані для обраного віджета.
+ * @priority 2
+ * @tag table
+ * @type api
+ * @requires setTokenById
+ * @requires getSelect
+ * @param {String} id Ідентифікатор для хешування
+ * @param {Any} sql Використовується для повернення sql запиту
+ * @param {String} type Тип для хешування даних
+ * @errors 400, 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+
+export default async function widgetDel(req, reply) {
+  const {
+    pg = pgClients.client, params = {}, user = {},
+  } = req;
+
+  if (!user?.uid) {
+    return reply.status(401).send('access restricted: user not authorized');
+  }
+
+  const { type, objectid, id } = params;
+
+  if (!objectid) {
+    return reply.status(400).send('not enough params: id');
+  }
+
+  // force delete db entry if file not exists
+  const { exists, uid } = ['file', 'gallery'].includes(type) ? await checkAccess(pg, objectid, id) : {};
+
+  if (exists && !isAdmin(req) && uid && user?.uid !== uid) {
+    return reply.status(403).send('access restricted: file exists, not an author');
+  }
+
+  const sqls = {
+    comment: `delete from crm.communications where entity_id=$1 and ${isAdmin(req) ? '$2=$2' : 'uid=$2'} and communication_id=$3`,
+    checklist: `delete from crm.checklists where entity_id=$1 and ${isAdmin(req) ? '$2=$2' : 'uid=$2'} and checklist_id=$3`,
+    file: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || isAdmin(req) ? '$2=$2' : 'uid=$2'} and file_id=$3 returning uploaded_name`,
+    gallery: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || isAdmin(req) ? '$2=$2' : 'uid=$2'} and file_id=$3 returning uploaded_name`,
+  };
+
+  const sql = sqls[type];
+  const table = {
+    comment: 'crm.communications',
+    checklist: 'crm.checklists',
+    file: 'crm.files',
+    gallery: 'crm.files',
+  }[type];
+
+  if (!sql) {
+    return reply.status(400).send('invalid widget type');
+  }
+
+  const { rows = [] } = await pg.query(sql, [objectid, user.uid, id]);
+
+  await logChanges({
+    pg,
+    table,
+    id,
+    data: rows[0],
+    uid: user?.uid,
+    type: 'DELETE',
+  });
+
+  return reply.status(200).send({ data: { id }, user: { uid: user.uid, name: user.user_name } });
+}

package/server/routes/widget/controllers/widget.get.js

@@ -0,0 +1,137 @@
+import getMeta from '../../../plugins/pg/funcs/getMeta.js';
+import getToken from '../../../plugins/crud/funcs/getToken.js';
+import pgClients from '../../../plugins/pg/pgClients.js';
+
+const galleryExtList = ['png', 'svg', 'jpg', 'jpeg', 'gif', 'mp4', 'mov', 'avi'];
+const username = 'coalesce(u.sur_name,\'\')||coalesce(\' \'||u.user_name,\'\') ||coalesce(\' \'||u.father_name,\'\')';
+
+/**
+ * Дістає CRM для widget
+ *
+ */
+
+export default async function widgetGet({
+  pg = pgClients.client, user = {}, params = {}, query = {}, unittest,
+}, reply) {
+  const param = user?.uid ? await getToken({
+    token: params.objectid, mode: 'w', uid: user.uid,
+  }) : null;
+
+  const objectid = param ? JSON.parse(param)?.id : params.objectid;
+
+  if (!objectid) {
+    return reply.status(400).send('not enough params: id');
+  }
+
+  const sqls = {
+    comment: pg.pk['admin.users']
+      ? `select communication_id, entity_id, body, subject, c.cdate, c.uid, 
+    ${username} as username, u.login, u.avatar
+    from crm.communications c
+    left join admin.users u on u.uid=c.uid 
+    where entity_id=$1 order by cdate desc`
+      : 'select communication_id, entity_id, body, subject, cdate, uid from crm.communications where entity_id=$1 order by cdate desc',
+
+    history: `select * from (
+      SELECT change_id, entity_id, entity_type, change_type, change_date, a.change_user_id, a.uid, a.cdate, b.json_agg as changes,
+      ${username} as username, u.login, u.avatar
+      FROM log.table_changes a
+      left join admin.users u on a.change_user_id = u.uid
+      left join lateral(
+        select json_agg(row_to_json(q)) from (
+          select change_data_id, entity_key, value_new, value_old from log.table_changes_data
+          where change_id=a.change_id
+        )q
+      )b on 1=1
+      where b.json_agg is not null and (entity_id=$1 or entity_id in (
+        select communication_id as comments from crm.communications where entity_id=$1
+        union all select checklist_id from crm.checklists where entity_id=$1)
+      )
+
+    union all
+    select change_id, entity_id, entity_type, change_type, change_date, a.change_user_id, a.uid, a.cdate, b.json_agg as changes,
+        ${username} as username, u.login, u.avatar
+        FROM log.table_changes a
+        left join admin.users u on a.change_user_id = u.uid
+            left join lateral(
+          select json_agg(o) from (
+            select json_object_agg(entity_key, coalesce(value_new, value_old)) as o from log.table_changes_data
+            where change_id=a.change_id and entity_key not in ('uid', 'file_status', 'editor_id', 'cdate', 'editor_date', 'entity_id')
+          )q 
+        )b on 1=1
+        where a.change_type in ('INSERT', 'DELETE') and a.entity_id in (select file_id from crm.files where entity_id=$1)
+        limit 100
+
+    )q order by cdate desc limit 100`,
+
+    checklist: pg.pk['admin.users']
+      ? `SELECT checklist_id, entity_id, subject, is_done, done_date, c.uid, c.cdate, ${username} as username, u.login, u.avatar
+      FROM crm.checklists c
+      left join admin.users u on u.uid=c.uid
+      where entity_id=$1 order by cdate desc`
+      : 'SELECT checklist_id, entity_id, subject, is_done, done_date, uid, cdate FROM crm.checklists where entity_id=$1 order by cdate desc',
+
+    file: pg.pk['admin.users']
+      ? `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, c.uid, c.cdate, file_type, c.ismain, 
+    ${username} as username, u.login, isverified, u.avatar, u.uid as author, file_status 
+    FROM crm.files c 
+    left join admin.users u on u.uid=c.uid
+    where entity_id=$1 and file_status<>3 order by cdate desc`
+      : `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, uid, cdate, file_type, ismain,
+      isverified, uid as author, file_status FROM crm.files c where entity_id=$1 and file_status<>3 order by cdate desc`,
+    gallery: pg.pk['admin.users']
+      ? `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, c.uid, c.cdate, file_type, c.ismain,
+    ${username} as username, u.login, u.avatar, isverified, u.avatar, c.uid as author, file_status 
+    FROM crm.files c 
+    left join admin.users u on u.uid=c.uid
+    where entity_id=$1 and file_status<>3 and ext = any($2) order by cdate desc`
+      : `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, c.uid, c.cdate, file_type, ismain,
+      isverified, uid as author, file_status FROM crm.files c where entity_id=$1 and file_status<>3 and ext = any($2) order by cdate desc`,
+
+  };
+
+  const q = sqls[params.type];
+
+  if (!q) {
+    return reply.status(400).send('invalid widget type');
+  }
+
+  /* data */
+  const time = [Date.now()];
+  const { rows = [] } = await pg.query(q, [objectid, params.type === 'gallery' ? galleryExtList : null].filter((el) => el));
+  rows.forEach(row => Object.assign(row, { username: row.username?.trim?.() || row.login }));
+  time.push(Date.now());
+
+  /* Object info  */
+  const { tableName } = pg.pk['log.table_changes'] ? await pg.query(
+    'select entity_type as "tableName" from log.table_changes where entity_id=$1 limit 1',
+    [objectid],
+  ).then(el => el.rows?.[0] || {}) : {};
+
+  const { pk, columns = [] } = await getMeta({ pg, table: tableName });
+
+  const authorIdColumn = columns.find(col => ['uid', 'created_by'].includes(col.name))?.name;
+
+  if (!pk && params.type === 'history' && !unittest) {
+    return reply.status(404).send('log table not found');
+  }
+
+  const q1 = `select ${username} as author, u.login, a.cdate, a.editor_date from ${tableName} a 
+  left join admin.users u on a.${authorIdColumn}=u.uid where a.${pk}=$1 limit 1`;
+
+  const data = pg.pk['admin.users'] && pk && tableName ? await pg.query(q, [objectid, params.type === 'gallery' ? galleryExtList : null].filter((el) => el)).then(el => el.rows?.[0] || {}) : {};
+
+  if (query.debug && user?.user_type === 'admin') {
+    return {
+      q, type: params.type, q1, id: objectid, data,
+    };
+  }
+
+  return reply.status(200).send({
+    time: { data: time[1] - time[0] },
+    rows,
+    user: { uid: user?.uid, name: user?.user_name },
+    data: { author: data?.author, cdate: data?.cdate, edate: data?.editor_date },
+    objectid: params.objectid,
+  });
+}

package/server/routes/widget/controllers/widget.set.js

@@ -0,0 +1,106 @@
+import path from 'node:path';
+
+import getMeta from '../../../plugins/pg/funcs/getMeta.js';
+import dataInsert from '../../../plugins/crud/funcs/dataInsert.js';
+import dataUpdate from '../../../plugins/crud/funcs/dataUpdate.js';
+import applyHook from '../../../plugins/hook/funcs/applyHook.js';
+import uploadMultiPart from '../../../plugins/file/uploadMultiPart.js';
+
+const tableList = {
+  comment: 'crm.communications',
+  gallery: 'crm.files',
+  file: 'crm.files',
+  checklist: 'crm.checklists',
+};
+const pkList = {
+  comment: 'communication_id',
+  checklist: 'checklist_id',
+  file: 'file_id',
+  gallery: 'file_id',
+};
+
+const galleryExtList = ['png', 'svg', 'jpg', 'jpeg', 'gif', 'mp4', 'mov', 'avi'];
+
+export default async function widgetSet(req, reply) {
+  const {
+    pg, params = {}, session = {}, headers = {}, body = {}, user = {},
+  } = req;
+  const { type, id, objectid } = params;
+
+  if (!['comment', 'checklist', 'file', 'gallery'].includes(type)) {
+    return reply.status(400).send('param type not valid');
+  }
+
+  if (!objectid) {
+    return reply.status(400).send('not enough params: id');
+  }
+
+  const table = tableList[type];
+
+  // dsadasdad
+  if (['gallery', 'file'].includes(type) && headers['content-type']?.split?.(';')?.shift?.() === 'multipart/form-data') {
+    const file = await uploadMultiPart(req);
+    const extName = path.extname(file.filepath).slice(1).toLowerCase();
+
+    const data = {
+      uploaded_name: file?.originalFilename?.toLocaleLowerCase()?.replace(/'/g, '\'\''),
+      file_path: file?.relativeFilepath?.replace(/\\/g, '/'),
+      ext: extName,
+      size: file?.size,
+      file_status: 1,
+      uid: user?.uid || 1,
+      entity_id: objectid,
+    };
+
+    if (type === 'gallery' && !galleryExtList.includes(extName.toLowerCase())) {
+      return reply.status(400).send('invalid file extension');
+    }
+
+    const { rows = [] } = await dataInsert({
+      pg, table: 'crm.files', data, uid: user?.uid,
+    });
+
+    if (type === 'gallery') {
+      await pg.query(`update crm.files set ismain=true 
+      where entity_id=$1 
+      and file_id=$2 
+      and (select count(*) = 0 from crm.files where entity_id=$1 and ismain)`, [objectid, rows[0]?.file_id]);
+    }
+
+    return {
+      rowCount: 1, data: 'ok', command: 'UPLOAD', id: rows[0]?.file_id, entity_id: rows[0]?.entity_id,
+    };
+  }
+  const { pk } = await getMeta({ pg, table });
+
+  if (!pk) {
+    return reply.status(404).send('table not found');
+  }
+
+  const data = { ...body, uid: user?.uid, entity_id: objectid };
+
+  await applyHook('onWidgetSet', {
+    pg,
+    link: req.path,
+    id,
+    objectid,
+    session,
+    type,
+    payload: data,
+  });
+
+  const result = id
+    ? await dataUpdate({
+      pg, table, data, id, uid: user?.uid,
+    })
+    : await dataInsert({
+      pg, table, data, uid: user?.uid,
+    });
+
+  return reply.status(200).send({
+    rowCount: result.rowCount,
+    data: 'ok',
+    command: result.command,
+    id: result.rows?.[0]?.[pkList[type]] || result?.[pkList[type]],
+  });
+}

package/server/routes/widget/hook/onWidgetSet.js

@@ -0,0 +1,13 @@
+import pgClients from '../../../plugins/pg/pgClients.js';
+
+export default async function onWidgetSet({
+  pg = pgClients.client, id, objectid, type, payload = {},
+}) {
+  if (!id || !objectid || type !== 'gallery') {
+    return null;
+  }
+  if (payload?.ismain) {
+    await pg.query('update crm.files set ismain=false where entity_id=$1 and file_id<>$2', [objectid, id]);
+  }
+  return null;
+}

package/server/routes/widget/index.mjs

@@ -0,0 +1,38 @@
+import addHook from '../../plugins/hook/funcs/addHook.js';
+
+import widgetDel from './controllers/widget.del.js';
+import widgetSet from './controllers/widget.set.js';
+import widgetGet from './controllers/widget.get.js';
+import fileEdit from './controllers/file.edit.js';
+
+import onWidgetSet from './hook/onWidgetSet.js';
+
+const tableSchema = {
+  params: {
+    type: 'object',
+    properties: {
+      // type: { type: 'string', pattern: '^([\\d\\w]+)$' },
+      objectid: { type: 'string', pattern: '^([\\d\\w]+)$' },
+      id: { type: 'string', pattern: '^([\\d\\w]+)$' },
+    },
+  },
+  querystring: {
+    type: 'object',
+    properties: {
+      debug: { type: 'string', pattern: '^(\\d+)$' },
+    },
+  },
+};
+
+addHook('onWidgetSet', onWidgetSet);
+
+const policy = ['site'];
+const params = { config: { policy }, schema: tableSchema };
+
+export default async function route(app, config = {}) {
+  const { prefix = '/api' } = config;
+  app.delete(`${prefix}/widget/:type/:objectid/:id`, params, widgetDel);
+  app.post(`${prefix}/widget/:type/:objectid/:id?`, params, widgetSet);
+  app.put(`${prefix}/file-edit/:id`, params, fileEdit);
+  app.get(`${prefix}/widget/:type/:objectid`, { config: { policy: ['public'] }, schema: tableSchema }, widgetGet);
+}