@opengis/fastify-table 1.4.6 → 1.4.8

package/config.js

@@ -1,11 +1,33 @@
-import fs from 'fs';
+import dotenv from 'dotenv';
 
-const fileName = ['config.json', '/data/local/config.json'].find(el => (fs.existsSync(el) ? el : null));
-const config = fileName ? JSON.parse(fs.readFileSync(fileName)) : {};
+import { existsSync, readFileSync } from 'node:fs';
 
+import unflattenObject from './server/plugins/util/funcs/unflattenObject.js';
+
+const fileName = ['config.json', '/data/local/config.json'].find(el => (existsSync(el) ? el : null));
+const config = fileName ? JSON.parse(readFileSync(fileName)) : {};
+
+// npm run dev === cross-env NODE_ENV=development
+// alt: node --env=development
 Object.assign(config, {
   allTemplates: config?.allTemplates || {},
   skipCheckPolicyRoutes: [],
+  env: process.env?.NODE_ENV || process.argv[2]?.split?.('=')?.pop?.(),
 });
 
+if (config.env && existsSync(`.env.${config.env}`)) {
+  const { parsed } = dotenv.config({ path: `.env.${config.env}` });
+  console.log('start with env:', config.env);
+
+  const obj = unflattenObject(parsed);
+
+  Object.keys(obj)
+    .filter(key => typeof obj[key] === 'string'
+      && (obj[key].startsWith('[') || ['true', 'false'].includes(obj[key]))) // json array / boolean
+    .forEach(key => {
+      obj[key] = JSON.parse(obj[key]);
+    });
+  Object.assign(config, { ...obj });
+}
+
 export default config;

package/index.js

@@ -113,5 +113,6 @@ async function plugin(fastify, opt) {
   templatesRoutes(fastify, opt);
 
   fastify.get('/api/test-proxy', {}, (req) => ({ ...req.headers || {}, sessionId: req.session?.sessionId }));
+  fastify.get('/api/config', { config: { policy: ['admin', 'site'] } }, () => config);
 }
 export default fp(plugin);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "1.4.6",
+  "version": "1.4.8",
   "type": "module",
   "description": "core-plugins",
   "keywords": [
@@ -25,10 +25,12 @@
     "test:helpers": "node --test .\\test\\helpers",
     "test:routes": "node --test .\\test\\routes",
     "test:functions": "node --test .\\test\\functions",
-    "compress": "node compress.js"
+    "compress": "node compress.js",
+    "dev": "cross-env NODE_ENV=development node server.js"
   },
   "dependencies": {
     "@fastify/http-proxy": "11.1.2",
+    "dotenv": "16.5.0",
     "fastify": "5.3.3",
     "fastify-plugin": "5.0.1",
     "handlebars": "4.7.8",
@@ -43,6 +45,7 @@
     "uglify-js": "3.19.3"
   },
   "devDependencies": {
+    "cross-env": "7.0.3",
     "eslint": "8.49.0",
     "eslint-config-airbnb": "19.0.4"
   },

package/server/plugins/crud/funcs/dataDelete.js

@@ -46,7 +46,7 @@ export default async function dataDelete({
       });
       throw err;
     })
-    .then(el => el.rows?.[0] || {});
+    .then(el => (el.rows?.[0] ? { rowCount: 1, ...el.rows[0] } : {}));
 
   await logChanges({
     pg, table, tokenData, referer, id, uid, type: 'DELETE',

package/server/plugins/extra/extraDataGet.js

@@ -1,4 +1,4 @@
-import { config, getTemplate, pgClients } from "../../../utils.js";
+import { config, getTemplate, pgClients } from '../../../utils.js';
 
 const defaultTable = 'crm.extra_data';
 
@@ -24,7 +24,7 @@ export default async function extraDataGet({
 
   const extraDataTable = config.extraData?.[table]
     || config.extraData?.[table.split('.').shift()]
-    || config.extraData?.['default']
+    || config.extraData?.default
     || config.extraData
     || defaultTable;
 
@@ -44,9 +44,10 @@ export default async function extraDataGet({
         ...extraRows
           .filter(el => el.object_id === row.id)
           .reduce((acc, curr) => Object.assign(acc, {
-            [curr.property_key]: format(curr.property_key, curr.value_text, loadTemplate?.schema)
-          }), {})
+            [curr.property_key]: format(curr.property_key, curr.value_text, loadTemplate?.schema),
+          }), {}),
       });
     });
   }
-};
+  return null;
+}

package/server/plugins/table/funcs/getData.js

@@ -1,8 +1,14 @@
 import routeData from '../../../routes/table/controllers/tableData.js';
 
-export default async function getData({ id, table, pg, filter, state, limit, page, search, user, order, sql, contextQuery, sufix }, reply, called) {
+export default async function getData({
+  id, table, pg, headers, filter, state, limit, page, search, user, order, sql, contextQuery, sufix,
+}, reply, called) {
   const params = { table, id };
-  const query = { filter, limit, page, search, sql, state, order };
-  const result = await routeData({ pg, params, query, user, contextQuery, sufix }, reply, called);
+  const query = {
+    filter, limit, page, search, sql, state, order,
+  };
+  const result = await routeData({
+    pg, headers, params, query, user, contextQuery, sufix,
+  }, reply, called);
   return result;
 }

package/server/plugins/util/funcs/flattenObject.js

@@ -0,0 +1,11 @@
+export default function flattenObject(obj = {}, keys, parent = '') {
+    return Object.keys(obj).reduce((acc, key) => {
+        const newKey = parent ? `${parent}.${key}` : key;
+        if (typeof obj[key] === 'object' && obj[key] !== null && !Array.isArray(obj[key])) {
+            Object.assign(acc, flattenObject(obj[key], keys, newKey));
+        } else if (keys ? keys.includes(newKey) : true) {
+            acc[newKey] = obj[key];
+        }
+        return acc;
+    }, {});
+}

package/server/plugins/util/funcs/unflattenObject.js

@@ -0,0 +1,14 @@
+export default function unflattenObject(flatObj) {
+    return Object.keys(flatObj).reduce((acc, key) => {
+        const keys = key.split('.');
+        keys.reduce((nestedObj, part, index) => {
+            if (index === keys.length - 1) {
+                nestedObj[part] = flatObj[key];
+            } else {
+                nestedObj[part] = nestedObj[part] || {};
+            }
+            return nestedObj[part];
+        }, acc);
+        return acc;
+    }, {});
+}

package/server/routes/crud/controllers/deleteCrud.js

@@ -17,21 +17,31 @@ export default async function deleteCrud(req, reply) {
 
   const { referer } = headers;
   const tokenData = await getToken({
-    uid: user.uid, token: params.table, json: 1,
+    uid: user.uid, token: params.id || params.table, json: 1,
   });
 
-  const { table: del, id } = hookData || tokenData || (config.auth?.disable ? req.params : {});
+  const { table: del, id } = hookData || tokenData || (config.security?.disableToken || config.local || config.auth?.disable ? req.params : {});
   const { actions = [] } = await getAccess({ table: del, id, user }, pg) || {};
 
-  if (!actions.includes('del') && !config?.local && !tokenData) {
+  if (!tokenData && !config?.local && !config.security?.disableToken && !config.auth?.disable) {
+    return reply.status(400).send('invalid token');
+  }
+
+  if (!actions.includes('del') && !config?.local) {
     return reply.status(403).send('access restricted');
   }
+
   const loadTemplate = await getTemplate('table', del);
 
   const { table } = loadTemplate || hookData || tokenData || req.params || {};
 
-  if (!table) reply.status(404).send('table is required');
-  if (!id) reply.status(404).send('id is required');
+  if (!table) {
+    return reply.status(404).send('table is required');
+  }
+
+  if (!id) {
+    return reply.status(404).send('id is required');
+  }
 
   const data = await dataDelete({
     pg, table, id, uid: user?.uid, tokenData, referer,

package/server/routes/crud/controllers/insert.js

@@ -19,15 +19,20 @@ export default async function insert(req, reply) {
   }
 
   const { referer } = headers;
+
   const tokenData = await getToken({
     uid: user?.uid, token: params.table, mode: 'a', json: 1,
   });
 
-  const { form, table: add } = hookData || tokenData || (config.auth?.disable ? req.params : {});
+  const { form, table: add } = hookData || tokenData || (config.security?.disableToken || config.local || config.auth?.disable ? req.params : {});
 
   const { actions = [] } = await getAccess({ table: add, user }, pg) || {};
 
-  if (!actions.includes('add') && !config.local && !config.debug && !tokenData) {
+  if (!tokenData && !config.local && !config.security?.disableToken && !config.auth?.disable) {
+    return reply.status(400).send('invalid token');
+  }
+
+  if (!actions.includes('add') && !config.local) {
     return reply.status(403).send('access restricted');
   }
 
@@ -37,8 +42,9 @@ export default async function insert(req, reply) {
 
   const loadTemplate = await getTemplate('table', add);
   const { table } = loadTemplate || hookData || tokenData || req.params || {};
+
   if (!table) {
-    return { message: 'table not found', status: 404 };
+    return reply.status(404).send('table not found');
   }
 
   const formData = form || loadTemplate?.form ? (await getTemplate('form', form || loadTemplate?.form) || {}) : {};
@@ -110,5 +116,5 @@ export default async function insert(req, reply) {
   }
 
   const pk = pg.pk?.[loadTemplate?.table || table];
-  return { id: res?.rows?.[0]?.[pk], rows: res.rows, extra: res.extra };
+  return reply.status(200).send({ id: res?.rows?.[0]?.[pk], rows: res.rows, extra: res.extra });
 }

package/server/routes/crud/controllers/table.js

@@ -4,7 +4,7 @@ import {
 
 import extraDataGet from '../../../plugins/extra/extraDataGet.js';
 
-export default async function tableAPI(req) {
+export default async function tableAPI(req, reply) {
   const {
     pg = pgClients.client, params, user = {}, query = {},
   } = req;
@@ -38,7 +38,11 @@ export default async function tableAPI(req) {
 
   const { actions = [], query: accessQuery } = await getAccess({ table: templateName, id, user }, pg) || {};
 
-  if (!actions.includes('edit') && !config?.local && !tokenData) {
+  if (!tokenData && !config?.local && !config.security?.disableToken) {
+    return reply.status(400).send('invalid token');
+  }
+
+  if (!actions.includes('edit') && !config?.local) {
     return reply.status(403).send('access restricted');
   }
 
@@ -94,7 +98,7 @@ export default async function tableAPI(req) {
       Object.assign(data, { [key]: extraRows });
     }));
   }
-  if (user?.uid && actions?.includes?.('edit')) {
+  if (user?.uid && !config.security?.disableToken && actions.includes('edit')) {
     data.token = tokenData?.table ? params.table : setToken({
       ids: [JSON.stringify({ id, table: tableName, form: loadTable.form })],
       uid: user.uid,

package/server/routes/crud/controllers/update.js

@@ -23,14 +23,18 @@ export default async function update(req, reply) {
 
   const { referer } = headers;
   const tokenData = await getToken({
-    uid: user.uid, token: body.token || params.table, mode: 'w', json: 1,
+    uid: user.uid, token: body.token || params.id || params.table, mode: 'w', json: 1,
   });
 
-  const { form, table: edit, id } = hookData || tokenData || (config.auth?.disable ? params : {});
+  const { form, table: edit, id } = hookData || tokenData || (config.security?.disableToken || config.local || config.auth?.disable ? params : {});
 
   const { actions = [] } = await getAccess({ table: edit, id, user }, pg) || {};
 
-  if (!actions.includes('edit') && !config.local && !config.debug && !tokenData) {
+  if (!tokenData && !config.local && !config.security?.disableToken && !config.auth?.disable) {
+    return reply.status(400).send('invalid token');
+  }
+
+  if (!actions.includes('edit') && !config.local) {
     return reply.status(403).send('access restricted');
   }
 
@@ -114,5 +118,5 @@ export default async function update(req, reply) {
     }));
   }
 
-  return res;
+  return reply.status(200).send(res);
 }

package/server/routes/menu/controllers/getMenu.js

@@ -5,7 +5,7 @@ import { join } from 'node:path';
 import { existsSync, readdirSync, readFileSync } from 'node:fs';
 
 import {
- menuDirs, pgClients, applyHook, config,
+    menuDirs, pgClients, applyHook, config,
 } from '../../../../utils.js';
 
 const menuCache = [];
@@ -63,7 +63,7 @@ export default async function adminMenu({
     };
     await applyHook('userMenu', result);
 
-    if (session && user?.uid && !user.user_type?.includes?.('admin') && !user.type?.includes?.('admin') && pg.pk['admin.role_access']) {
+    if (session && user?.uid && !user.user_type?.includes?.('admin') && !user.type?.includes?.('admin') && pg.pk?.['admin.role_access']) {
         const { type, gl = [], routes = [] } = await pg.query(`select user_type as type, b.gl,routes from admin.users a
         left join lateral (
             select array_agg(role_id) as gl from admin.user_roles 

package/server/routes/table/controllers/cardData.js

@@ -2,10 +2,9 @@
 import path from 'node:path';
 
 import {
- getAccess, handlebars, setOpt, setToken, getTemplate, handlebarsSync, applyHook,
+    config, getAccess, handlebars, setOpt, setToken, getTemplate, handlebarsSync, applyHook, getData,
 } from '../../../../utils.js';
 
-import getTableData from './tableData.js';
 import conditions from './utils/conditions.js';
 
 const components = {
@@ -15,8 +14,9 @@ const components = {
 
 export default async function getCardData(req, reply) {
     const {
-        pg, params = {}, session = {}, user = {},
+        pg, headers, params = {}, user = {},
     } = req;
+
     const { table, id } = params;
     const { uid } = user;
 
@@ -36,15 +36,21 @@ export default async function getCardData(req, reply) {
 
     const index = template?.find(el => el[0] === 'index.yml')?.[1] || {};
 
-    const { message, rows = [] } = index.table && index.query
+    const result = index.table && index.query
         ? await pg.query(
             `select * from ${index.table} where ${handlebarsSync.compile(index.query)({ uid, user })}`,
         )
-        : await getTableData({
-            pg, params: { table, id }, session, user,
-        });
+        : await getData({
+            pg, table, id, user, headers,
+        }, reply);
+
+    if (result?.message) return result?.message;
+
+    if (!result?.rows?.length) {
+        return reply.status(403).send('access restricted: empty rows');
+    }
 
-    if (message) return { message };
+    const { rows = [] } = result;
 
     // conditions
     index.panels?.filter(el => el.items).forEach(el1 => {
@@ -72,7 +78,7 @@ export default async function getCardData(req, reply) {
 
     // tokens result
     const tokens = {};
-    if (index?.tokens && typeof index?.tokens === 'object' && !Array.isArray(index?.tokens)) {
+    if (!config.security?.disableToken && index?.tokens && typeof index?.tokens === 'object' && !Array.isArray(index?.tokens)) {
         Object.keys(index.tokens || {})
             .filter(key => index?.tokens[key]?.public
                 || access.actions?.includes?.('edit')

package/server/routes/table/controllers/tableData.js

@@ -6,7 +6,7 @@ import getData from '../functions/getData.js';
 
 export default async function getTableData(req, reply, called) {
     const {
-        user = {}, params = {}, query = {}, pg = pgClients.client, contextQuery: contextQuery1, sufix = true,
+        user = {}, params = {}, headers = {}, query = {}, pg = pgClients.client, contextQuery: contextQuery1, sufix = true,
     } = req;
 
     const { id } = params || {};
@@ -28,7 +28,7 @@ export default async function getTableData(req, reply, called) {
         }
 
         const resp = await getData({
-            pg, params: { id, table: tokenData.table }, query, user, contextQuery: [contextQuery1, tokenData.query].filter(Boolean).join(' and '), sufix,
+            pg, params: { id, table: tokenData.table }, headers, query, user, contextQuery: [contextQuery1, tokenData.query].filter(Boolean).join(' and '), sufix,
         }, reply, called);
         if (resp?.addToken && tokenData.obj) { Object.assign(resp, { addToken: params.table }); }
         return resp;
@@ -50,7 +50,7 @@ export default async function getTableData(req, reply, called) {
     const contextQuery = [contextQuery1, interfaceQuery, context].filter(Boolean).join(' and ') || ' 2=2 ';
 
     const res = await getData({
-        pg, params, query, user, contextQuery, sufix,
+        pg, params, query, headers, user, contextQuery, sufix,
     }, reply, called);
 
     return res;

package/server/routes/table/functions/getData.js

@@ -19,7 +19,7 @@ const defaultLimit = 20;
 
 export default async function dataAPI(req, reply, called) {
   const {
-    pg = pgClients.client, params, query = {}, user = {}, contextQuery, sufix = true,
+    pg = pgClients.client, params, headers = {}, query = {}, user = {}, contextQuery, sufix = true,
   } = req;
 
   const time = Date.now();
@@ -186,9 +186,13 @@ export default async function dataAPI(req, reply, called) {
     throw new Error(err.toString());
   });
 
+  if (!rows.length && headers?.referer?.includes?.('/card/')) {
+    return reply.status(403).send('access restricted: empty rows');
+  }
+
   timeArr.push(Date.now());
 
-  if (uid && rows.length && editable) {
+  if (uid && rows.length && !config.security?.disableToken && (editable || actions.includes('edit') || actions.includes('del'))) {
     rows.forEach(row => {
       row.token = setToken({
         ids: [JSON.stringify({ id: row.id, table: tokenData?.table || hookData?.table || params.table, form: loadTable?.form })],
@@ -245,7 +249,7 @@ export default async function dataAPI(req, reply, called) {
   const tokens = {};
   if (template && objectId) {
     // tokens result
-    if (index?.tokens && typeof index?.tokens === 'object' && !Array.isArray(index?.tokens)) {
+    if (!config.security?.disableToken && index?.tokens && typeof index?.tokens === 'object' && !Array.isArray(index?.tokens)) {
       Object.keys(index.tokens || {})
         .filter(key => index?.tokens[key]?.public
           || actions?.includes?.('edit')
@@ -347,7 +351,7 @@ export default async function dataAPI(req, reply, called) {
   }
 
   // console.log({ add: loadTable.table, form: loadTable.form });
-  if (uid && actions.includes('add')) {
+  if (uid && !config.security?.disableToken && actions.includes('add')) {
     const addTokens = setToken({
       ids: [
         JSON.stringify({

package/utils.js

@@ -83,6 +83,9 @@ import json2yml from './server/plugins/yml/funcs/json2yml.js';
 import formatMdoc from './server/plugins/md/funcs/formatMdoc.js';
 import mdToHTML from './server/plugins/md/funcs/mdToHTML.js';
 
+import flattenObject from './server/plugins/util/funcs/flattenObject.js';
+import unflattenObject from './server/plugins/util/funcs/unflattenObject.js';
+
 export default null;
 export {
   config,
@@ -160,4 +163,7 @@ export {
 
   formatMdoc,
   mdToHTML,
+
+  flattenObject,
+  unflattenObject,
 };