@opengis/fastify-table 1.4.5 → 1.4.7

package/server/routes/crud/controllers/update.js

@@ -23,14 +23,18 @@ export default async function update(req, reply) {
 
   const { referer } = headers;
   const tokenData = await getToken({
-    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
+    uid: user.uid, token: body.token || params.id || params.table, mode: 'w', json: 1,
   });
 
-  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
+  const { form, table: edit, id } = hookData || tokenData || (config.security?.disableToken || config.local || config.auth?.disable ? params : {});
 
   const { actions = [] } = await getAccess({ table: edit, id, user }, pg) || {};
 
-  if (!actions.includes('edit') && !config.local && !config.debug && !tokenData) {
+  if (!tokenData && !config.local && !config.security?.disableToken && !config.auth?.disable) {
+    return reply.status(400).send('invalid token');
+  }
+
+  if (!actions.includes('edit') && !config.local) {
     return reply.status(403).send('access restricted');
   }
 
@@ -114,5 +118,5 @@ export default async function update(req, reply) {
     }));
   }
 
-  return res;
+  return reply.status(200).send(res);
 }

package/server/routes/logger/controllers/logger.file.js

@@ -1,93 +1,93 @@
-import path from 'node:path';
-import { lstat, readdir, readFile } from 'node:fs/promises';
-import { createReadStream, existsSync } from 'node:fs';
-import readline from 'node:readline';
-
-import checkUserAccess from './utils/checkUserAccess.js';
-import getRootDir from './utils/getRootDir.js';
-
-/**
- *
- * @method GET
- * @summary API для перегляду логів
- *
- */
-
-export default async function loggerFile({
-  params = {}, user = {}, query = {}, originalUrl,
-}, reply) {
-  const limit = 200000;
-  // console.log(user);
-  const access = checkUserAccess({ user });
-  // log.info('Сервер запущен по адресу?'); // test!
-
-  if (access?.status !== 200) return access;
-
-  // absolute / relative path
-  const rootDir = getRootDir();
-
-  const filepath = path.join(rootDir, params['*'] || '');
-
-  if (!existsSync(filepath)) {
-    return { message: 'file not exists', status: 404 };
-  }
-  const stat = await lstat(filepath);
-  const isFile = stat.isFile();
-
-  if (query.download && isFile) {
-    const buffer = await readFile(filepath, { buffer: true });
-    return buffer;
-  }
-
-  if (query.full && isFile) {
-    if (stat.size > 20 * 1000 * 1000) {
-      return { message: 'file size > 20MB' };
-    }
-    const buffer = await readFile(filepath, { buffer: true });
-    return buffer;
-  }
-
-  if (isFile) {
-    const ext = path.extname(filepath);
-
-    const lines = await new Promise((resolve) => {
-      const rl = readline.createInterface({
-        input: createReadStream(filepath, { start: stat.size > limit ? stat.size - limit : 0 }),
-      });
-      const lines1 = [];
-      rl.on('close', () => resolve(lines1));
-      rl.on('line', (line) => lines1.push(line));
-    });
-
-    if (ext === '.html') {
-      const buffer = await readFile(filepath, { buffer: true });
-      reply.headers({ 'Content-type': 'text/html; charset=UTF-8' });
-      return buffer;
-    }
-
-    reply.headers({ 'Content-type': 'text/plain; charset=UTF-8' });
-    return stat.size > limit && lines.length > 1
-      ? lines.reverse().slice(0, -1).join('\n')
-      : lines.reverse().join('\n');
-  }
-
-  // dir
-  const files = await readdir(filepath);
-
-  if (query.dir) {
-    return files.filter((el) => !['backup', 'marker_icon', 'error', 'migration'].includes(el));
-  }
-
-  const lstatsArr = await Promise.all(files.map(async (file) => [file, await lstat(path.join(filepath, file))]));
-  const lstats = Object.fromEntries(lstatsArr);
-
-  const message = (params['*'] ? '<a href="/logger-file/">...</a><br>' : '')
-    + files.map((file) => `<a href="${originalUrl}/${file}">${file}</a> (${lstats[file].size} bytes)`).join('</br>');
-
-  reply.headers({
-    'Content-Type': 'text/html; charset=UTF-8',
-    'Content-Security-Policy': "default-src 'none'",
-    'X-Content-Type-Options': 'nosniff',
-  });
-  return message;
-}
+import path from 'node:path';
+import { lstat, readdir, readFile } from 'node:fs/promises';
+import { createReadStream, existsSync } from 'node:fs';
+import readline from 'node:readline';
+
+import checkUserAccess from './utils/checkUserAccess.js';
+import getRootDir from './utils/getRootDir.js';
+
+/**
+ *
+ * @method GET
+ * @summary API для перегляду логів
+ *
+ */
+
+export default async function loggerFile({
+  params = {}, user = {}, query = {}, originalUrl,
+}, reply) {
+  const limit = 200000;
+  // console.log(user);
+  const access = checkUserAccess({ user });
+  // log.info('Сервер запущен по адресу?'); // test!
+
+  if (access?.status !== 200) return access;
+
+  // absolute / relative path
+  const rootDir = getRootDir();
+
+  const filepath = path.join(rootDir, params['*'] || '');
+
+  if (!existsSync(filepath)) {
+    return { message: 'file not exists', status: 404 };
+  }
+  const stat = await lstat(filepath);
+  const isFile = stat.isFile();
+
+  if (query.download && isFile) {
+    const buffer = await readFile(filepath, { buffer: true });
+    return buffer;
+  }
+
+  if (query.full && isFile) {
+    if (stat.size > 20 * 1000 * 1000) {
+      return { message: 'file size > 20MB' };
+    }
+    const buffer = await readFile(filepath, { buffer: true });
+    return buffer;
+  }
+
+  if (isFile) {
+    const ext = path.extname(filepath);
+
+    const lines = await new Promise((resolve) => {
+      const rl = readline.createInterface({
+        input: createReadStream(filepath, { start: stat.size > limit ? stat.size - limit : 0 }),
+      });
+      const lines1 = [];
+      rl.on('close', () => resolve(lines1));
+      rl.on('line', (line) => lines1.push(line));
+    });
+
+    if (ext === '.html') {
+      const buffer = await readFile(filepath, { buffer: true });
+      reply.headers({ 'Content-type': 'text/html; charset=UTF-8' });
+      return buffer;
+    }
+
+    reply.headers({ 'Content-type': 'text/plain; charset=UTF-8' });
+    return stat.size > limit && lines.length > 1
+      ? lines.reverse().slice(0, -1).join('\n')
+      : lines.reverse().join('\n');
+  }
+
+  // dir
+  const files = await readdir(filepath);
+
+  if (query.dir) {
+    return files.filter((el) => !['backup', 'marker_icon', 'error', 'migration'].includes(el));
+  }
+
+  const lstatsArr = await Promise.all(files.map(async (file) => [file, await lstat(path.join(filepath, file))]));
+  const lstats = Object.fromEntries(lstatsArr);
+
+  const message = (params['*'] ? '<a href="/logger-file/">...</a><br>' : '')
+    + files.map((file) => `<a href="${originalUrl}/${file}">${file}</a> (${lstats[file].size} bytes)`).join('</br>');
+
+  reply.headers({
+    'Content-Type': 'text/html; charset=UTF-8',
+    'Content-Security-Policy': "default-src 'none'",
+    'X-Content-Type-Options': 'nosniff',
+  });
+  return message;
+}

package/server/routes/logger/controllers/utils/checkUserAccess.js

@@ -1,19 +1,19 @@
-import config from '../../../../../config.js';
-
-/**
- *
- * @summary check user access to logger interface - per admin user type or user group
- * @returns {Object} message, status
- */
-
-export default function checkUserAccess({ user = {} }) {
-  // console.log(user);
-  if (user.user_type !== 'admin' && !config?.local) {
-    return { message: 'access restricted', status: 403 };
-  }
-
-  /* if (!['admin', 'superadmin']?.includes(user.user_type) && count === '0') {
-    return { message: 'access restricted', status: 403 };
-  } */
-  return { message: 'access granted', status: 200 };
-}
+import config from '../../../../../config.js';
+
+/**
+ *
+ * @summary check user access to logger interface - per admin user type or user group
+ * @returns {Object} message, status
+ */
+
+export default function checkUserAccess({ user = {} }) {
+  // console.log(user);
+  if (user.user_type !== 'admin' && !config?.local) {
+    return { message: 'access restricted', status: 403 };
+  }
+
+  /* if (!['admin', 'superadmin']?.includes(user.user_type) && count === '0') {
+    return { message: 'access restricted', status: 403 };
+  } */
+  return { message: 'access granted', status: 200 };
+}

package/server/routes/logger/controllers/utils/getRootDir.js

@@ -1,26 +1,26 @@
-import fs from 'node:fs';
-import path from 'node:path';
-
-import config from '../../../../../config.js';
-
-// import { existsSync } from 'fs';
-let logDir = null;
-export default function getRootDir() {
-  // absolute / relative path
-  if (logDir) return logDir;
-  const file = ['config.json', '/data/local/config.json'].find(el => (fs.existsSync(el) ? el : null));
-  const root = file === 'config.json' ? process.cwd() : '/data/local';
-  logDir = config.logDir || path.join(root, config.log?.dir || 'log');
-  console.log({ logDir });
-  return logDir;
-
-  // windows debug support
-  /* const customLogDir = process.cwd().includes(':') ? 'c:/data/local' : '/data/local';
-  // docker default path
-  if (existsSync(customLogDir)) {
-    return path.join(customLogDir, config.folder || '', 'log');
-  }
-
-  // non-docker default path
-  return path.join(config.root || '/data/local', config.folder || '', 'log'); */
-}
+import fs from 'node:fs';
+import path from 'node:path';
+
+import config from '../../../../../config.js';
+
+// import { existsSync } from 'fs';
+let logDir = null;
+export default function getRootDir() {
+  // absolute / relative path
+  if (logDir) return logDir;
+  const file = ['config.json', '/data/local/config.json'].find(el => (fs.existsSync(el) ? el : null));
+  const root = file === 'config.json' ? process.cwd() : '/data/local';
+  logDir = config.logDir || path.join(root, config.log?.dir || 'log');
+  console.log({ logDir });
+  return logDir;
+
+  // windows debug support
+  /* const customLogDir = process.cwd().includes(':') ? 'c:/data/local' : '/data/local';
+  // docker default path
+  if (existsSync(customLogDir)) {
+    return path.join(customLogDir, config.folder || '', 'log');
+  }
+
+  // non-docker default path
+  return path.join(config.root || '/data/local', config.folder || '', 'log'); */
+}

package/server/routes/menu/controllers/getMenu.js

@@ -5,7 +5,7 @@ import { join } from 'node:path';
 import { existsSync, readdirSync, readFileSync } from 'node:fs';
 
 import {
- menuDirs, pgClients, applyHook, config,
+    menuDirs, pgClients, applyHook, config,
 } from '../../../../utils.js';
 
 const menuCache = [];
@@ -63,7 +63,7 @@ export default async function adminMenu({
     };
     await applyHook('userMenu', result);
 
-    if (session && user?.uid && !user.user_type?.includes?.('admin') && !user.type?.includes?.('admin') && pg.pk['admin.role_access']) {
+    if (session && user?.uid && !user.user_type?.includes?.('admin') && !user.type?.includes?.('admin') && pg.pk?.['admin.role_access']) {
         const { type, gl = [], routes = [] } = await pg.query(`select user_type as type, b.gl,routes from admin.users a
         left join lateral (
             select array_agg(role_id) as gl from admin.user_roles 

package/server/routes/properties/controllers/properties.add.js

@@ -1,55 +1,55 @@
-import { dataInsert } from '../../../../utils.js';
-
-const table = 'crm.properties';
-
-function checkKeyType({ body, key }) {
-  if (typeof body[key] === 'number' && (!/\D/.test(body[key].toString()) && body[key].toString().length < 10)) {
-    return { [key]: 'int' };
-  } if (typeof body[key] === 'object') {
-    return { [key]: 'json' };
-  }
-  if (Date.parse(body[key], 'yyyy/MM/ddTHH:mm:ss.000Z')) {
-    return { [key]: 'date' };
-  }
-  return { [key]: 'text' };
-}
-
-export default async function addExtraProperties({
-  pg, params = {}, body = {}, user = {},
-}) {
-  const { id } = params;
-  const { uid } = user;
-  if (!uid) {
-    return { message: 'access restricted: uid', status: 403 };
-  }
-  if (!id) {
-    return { message: 'not enougn params: 1', status: 400 };
-  }
-  const extraProperties = Object.keys(body);
-  if (!extraProperties.length) {
-    return { message: 'not enougn params: 2', status: 400 };
-  }
-
-  if (!pg.pk?.[table]) {
-    return { message: 'table not found: crm.properties', status: 400 };
-  }
-
-  await pg.query('delete from crm.properties where object_id=$1', [id]); // rewrite?
-  const keyTypeMatch = extraProperties.filter((key) => body[key]).reduce((acc, curr) => Object.assign(acc, checkKeyType({ body, key: curr })), {});
-  const res = await Promise.all(Object.keys(keyTypeMatch).map(async (key) => {
-    const propertyType = keyTypeMatch[key];
-    const { rows = [] } = await dataInsert({
-      pg,
-      table,
-      data: {
-        property_type: propertyType,
-        property_key: key,
-        object_id: id,
-        [`property_${propertyType}`]: body[key],
-      },
-      uid,
-    });
-    return { id: rows[0]?.property_id, type: propertyType, value: body[key] };
-  }));
-  return { message: { rows: res }, status: 200 };
-}
+import { dataInsert } from '../../../../utils.js';
+
+const table = 'crm.properties';
+
+function checkKeyType({ body, key }) {
+  if (typeof body[key] === 'number' && (!/\D/.test(body[key].toString()) && body[key].toString().length < 10)) {
+    return { [key]: 'int' };
+  } if (typeof body[key] === 'object') {
+    return { [key]: 'json' };
+  }
+  if (Date.parse(body[key], 'yyyy/MM/ddTHH:mm:ss.000Z')) {
+    return { [key]: 'date' };
+  }
+  return { [key]: 'text' };
+}
+
+export default async function addExtraProperties({
+  pg, params = {}, body = {}, user = {},
+}) {
+  const { id } = params;
+  const { uid } = user;
+  if (!uid) {
+    return { message: 'access restricted: uid', status: 403 };
+  }
+  if (!id) {
+    return { message: 'not enougn params: 1', status: 400 };
+  }
+  const extraProperties = Object.keys(body);
+  if (!extraProperties.length) {
+    return { message: 'not enougn params: 2', status: 400 };
+  }
+
+  if (!pg.pk?.[table]) {
+    return { message: 'table not found: crm.properties', status: 400 };
+  }
+
+  await pg.query('delete from crm.properties where object_id=$1', [id]); // rewrite?
+  const keyTypeMatch = extraProperties.filter((key) => body[key]).reduce((acc, curr) => Object.assign(acc, checkKeyType({ body, key: curr })), {});
+  const res = await Promise.all(Object.keys(keyTypeMatch).map(async (key) => {
+    const propertyType = keyTypeMatch[key];
+    const { rows = [] } = await dataInsert({
+      pg,
+      table,
+      data: {
+        property_type: propertyType,
+        property_key: key,
+        object_id: id,
+        [`property_${propertyType}`]: body[key],
+      },
+      uid,
+    });
+    return { id: rows[0]?.property_id, type: propertyType, value: body[key] };
+  }));
+  return { message: { rows: res }, status: 200 };
+}

package/server/routes/properties/controllers/properties.get.js

@@ -1,17 +1,17 @@
-export default async function getExtraProperties({
-  pg, params = {},
-}) {
-  const { id } = params;
-  if (!id) {
-    return { message: 'not enougn params', status: 400 };
-  }
-
-  const { rows = [] } = pg.pk?.['crm.properties']
-    ? await pg.query(`select property_key, property_type, property_text, property_int,
-            property_json, property_date from crm.properties where property_key is not null and object_id=$1`, [id])
-    : {};
-  if (!rows.length) return {};
-
-  const data = rows.reduce((acc, curr) => Object.assign(acc, { [curr.property_key]: curr[`property_${curr.property_type}`] }), {});
-  return { message: data, status: 200 };
-}
+export default async function getExtraProperties({
+  pg, params = {},
+}) {
+  const { id } = params;
+  if (!id) {
+    return { message: 'not enougn params', status: 400 };
+  }
+
+  const { rows = [] } = pg.pk?.['crm.properties']
+    ? await pg.query(`select property_key, property_type, property_text, property_int,
+            property_json, property_date from crm.properties where property_key is not null and object_id=$1`, [id])
+    : {};
+  if (!rows.length) return {};
+
+  const data = rows.reduce((acc, curr) => Object.assign(acc, { [curr.property_key]: curr[`property_${curr.property_type}`] }), {});
+  return { message: data, status: 200 };
+}

package/server/routes/table/controllers/cardData.js

@@ -2,10 +2,9 @@
 import path from 'node:path';
 
 import {
- getAccess, handlebars, setOpt, setToken, getTemplate, handlebarsSync, applyHook,
+    config, getAccess, handlebars, setOpt, setToken, getTemplate, handlebarsSync, applyHook, getData,
 } from '../../../../utils.js';
 
-import getTableData from './tableData.js';
 import conditions from './utils/conditions.js';
 
 const components = {
@@ -15,8 +14,9 @@ const components = {
 
 export default async function getCardData(req, reply) {
     const {
-        pg, params = {}, session = {}, user = {},
+        pg, params = {}, user = {},
     } = req;
+
     const { table, id } = params;
     const { uid } = user;
 
@@ -40,11 +40,11 @@ export default async function getCardData(req, reply) {
         ? await pg.query(
             `select * from ${index.table} where ${handlebarsSync.compile(index.query)({ uid, user })}`,
         )
-        : await getTableData({
-            pg, params: { table, id }, session, user,
-        });
+        : await getData({
+            pg, table, id, user,
+        }, reply);
 
-    if (message) return { message };
+    if (message) return message;
 
     // conditions
     index.panels?.filter(el => el.items).forEach(el1 => {
@@ -72,7 +72,7 @@ export default async function getCardData(req, reply) {
 
     // tokens result
     const tokens = {};
-    if (index?.tokens && typeof index?.tokens === 'object' && !Array.isArray(index?.tokens)) {
+    if (!config.security?.disableToken && index?.tokens && typeof index?.tokens === 'object' && !Array.isArray(index?.tokens)) {
         Object.keys(index.tokens || {})
             .filter(key => index?.tokens[key]?.public
                 || access.actions?.includes?.('edit')

package/server/routes/table/controllers/form.js

@@ -1,42 +1,42 @@
-import { applyHook, getTemplate } from '../../../../utils.js';
-
-const sql = `select property_key as key, property_json as json, property_int as int,
-property_text as text from admin.properties where 1=1`;
-
-async function getSettings({ pg }) {
-  const { rows = [] } = await pg.query(sql);
-  const data = rows.reduce((acc, curr) => Object.assign(acc, { [curr.key]: curr.json || curr.int || curr.text }), {});
-  return data;
-}
-
-export default async function formFunction(req) {
-  const time = Date.now();
-
-  const { pg, params, user } = req;
-  const hookData = await applyHook('preForm', { form: params?.form, user });
-
-  if (hookData?.message && hookData?.status) {
-    return { message: hookData?.message, status: hookData?.status };
-  }
-
-  const form = await getTemplate('form', hookData?.form || params?.form);
-  if (!form) { return { status: 404, message: 'not found' }; }
-
-  // replace settings
-  const arr = JSON.stringify(form).match(/{{settings.([^}]*)}}/g);
-  if (arr?.length) {
-    const string = JSON.stringify(form);
-    const settings = await getSettings({ pg });
-    const match = arr.reduce((acc, curr) => Object.assign(acc, { [curr]: settings[curr.replace(/^{{settings./g, '').replace(/}}$/, '')] }), {});
-    const res = Object.keys(match).reduce((s, m) => s.replace(m, match[m]), string);
-    return { time: Date.now() - time, form: JSON.parse(res) };
-  }
-
-  const res = { time: Date.now() - time, form };
-  const res1 = await applyHook('afterForm', {
-    form: hookData?.form || params?.form,
-    payload: res,
-    user,
-  });
-  return res1 || { time: Date.now() - time, form };
-}
+import { applyHook, getTemplate } from '../../../../utils.js';
+
+const sql = `select property_key as key, property_json as json, property_int as int,
+property_text as text from admin.properties where 1=1`;
+
+async function getSettings({ pg }) {
+  const { rows = [] } = await pg.query(sql);
+  const data = rows.reduce((acc, curr) => Object.assign(acc, { [curr.key]: curr.json || curr.int || curr.text }), {});
+  return data;
+}
+
+export default async function formFunction(req) {
+  const time = Date.now();
+
+  const { pg, params, user } = req;
+  const hookData = await applyHook('preForm', { form: params?.form, user });
+
+  if (hookData?.message && hookData?.status) {
+    return { message: hookData?.message, status: hookData?.status };
+  }
+
+  const form = await getTemplate('form', hookData?.form || params?.form);
+  if (!form) { return { status: 404, message: 'not found' }; }
+
+  // replace settings
+  const arr = JSON.stringify(form).match(/{{settings.([^}]*)}}/g);
+  if (arr?.length) {
+    const string = JSON.stringify(form);
+    const settings = await getSettings({ pg });
+    const match = arr.reduce((acc, curr) => Object.assign(acc, { [curr]: settings[curr.replace(/^{{settings./g, '').replace(/}}$/, '')] }), {});
+    const res = Object.keys(match).reduce((s, m) => s.replace(m, match[m]), string);
+    return { time: Date.now() - time, form: JSON.parse(res) };
+  }
+
+  const res = { time: Date.now() - time, form };
+  const res1 = await applyHook('afterForm', {
+    form: hookData?.form || params?.form,
+    payload: res,
+    user,
+  });
+  return res1 || { time: Date.now() - time, form };
+}