@opengis/fastify-table 1.4.7 → 1.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@opengis/fastify-table",
3
- "version": "1.4.7",
3
+ "version": "1.4.8",
4
4
  "type": "module",
5
5
  "description": "core-plugins",
6
6
  "keywords": [
@@ -1,8 +1,14 @@
1
1
  import routeData from '../../../routes/table/controllers/tableData.js';
2
2
 
3
- export default async function getData({ id, table, pg, filter, state, limit, page, search, user, order, sql, contextQuery, sufix }, reply, called) {
3
+ export default async function getData({
4
+ id, table, pg, headers, filter, state, limit, page, search, user, order, sql, contextQuery, sufix,
5
+ }, reply, called) {
4
6
  const params = { table, id };
5
- const query = { filter, limit, page, search, sql, state, order };
6
- const result = await routeData({ pg, params, query, user, contextQuery, sufix }, reply, called);
7
+ const query = {
8
+ filter, limit, page, search, sql, state, order,
9
+ };
10
+ const result = await routeData({
11
+ pg, headers, params, query, user, contextQuery, sufix,
12
+ }, reply, called);
7
13
  return result;
8
14
  }
@@ -14,7 +14,7 @@ const components = {
14
14
 
15
15
  export default async function getCardData(req, reply) {
16
16
  const {
17
- pg, params = {}, user = {},
17
+ pg, headers, params = {}, user = {},
18
18
  } = req;
19
19
 
20
20
  const { table, id } = params;
@@ -36,15 +36,21 @@ export default async function getCardData(req, reply) {
36
36
 
37
37
  const index = template?.find(el => el[0] === 'index.yml')?.[1] || {};
38
38
 
39
- const { message, rows = [] } = index.table && index.query
39
+ const result = index.table && index.query
40
40
  ? await pg.query(
41
41
  `select * from ${index.table} where ${handlebarsSync.compile(index.query)({ uid, user })}`,
42
42
  )
43
43
  : await getData({
44
- pg, table, id, user,
44
+ pg, table, id, user, headers,
45
45
  }, reply);
46
46
 
47
- if (message) return message;
47
+ if (result?.message) return result?.message;
48
+
49
+ if (!result?.rows?.length) {
50
+ return reply.status(403).send('access restricted: empty rows');
51
+ }
52
+
53
+ const { rows = [] } = result;
48
54
 
49
55
  // conditions
50
56
  index.panels?.filter(el => el.items).forEach(el1 => {
@@ -6,7 +6,7 @@ import getData from '../functions/getData.js';
6
6
 
7
7
  export default async function getTableData(req, reply, called) {
8
8
  const {
9
- user = {}, params = {}, query = {}, pg = pgClients.client, contextQuery: contextQuery1, sufix = true,
9
+ user = {}, params = {}, headers = {}, query = {}, pg = pgClients.client, contextQuery: contextQuery1, sufix = true,
10
10
  } = req;
11
11
 
12
12
  const { id } = params || {};
@@ -28,7 +28,7 @@ export default async function getTableData(req, reply, called) {
28
28
  }
29
29
 
30
30
  const resp = await getData({
31
- pg, params: { id, table: tokenData.table }, query, user, contextQuery: [contextQuery1, tokenData.query].filter(Boolean).join(' and '), sufix,
31
+ pg, params: { id, table: tokenData.table }, headers, query, user, contextQuery: [contextQuery1, tokenData.query].filter(Boolean).join(' and '), sufix,
32
32
  }, reply, called);
33
33
  if (resp?.addToken && tokenData.obj) { Object.assign(resp, { addToken: params.table }); }
34
34
  return resp;
@@ -50,7 +50,7 @@ export default async function getTableData(req, reply, called) {
50
50
  const contextQuery = [contextQuery1, interfaceQuery, context].filter(Boolean).join(' and ') || ' 2=2 ';
51
51
 
52
52
  const res = await getData({
53
- pg, params, query, user, contextQuery, sufix,
53
+ pg, params, query, headers, user, contextQuery, sufix,
54
54
  }, reply, called);
55
55
 
56
56
  return res;
@@ -19,7 +19,7 @@ const defaultLimit = 20;
19
19
 
20
20
  export default async function dataAPI(req, reply, called) {
21
21
  const {
22
- pg = pgClients.client, params, query = {}, user = {}, contextQuery, sufix = true,
22
+ pg = pgClients.client, params, headers = {}, query = {}, user = {}, contextQuery, sufix = true,
23
23
  } = req;
24
24
 
25
25
  const time = Date.now();
@@ -186,6 +186,10 @@ export default async function dataAPI(req, reply, called) {
186
186
  throw new Error(err.toString());
187
187
  });
188
188
 
189
+ if (!rows.length && headers?.referer?.includes?.('/card/')) {
190
+ return reply.status(403).send('access restricted: empty rows');
191
+ }
192
+
189
193
  timeArr.push(Date.now());
190
194
 
191
195
  if (uid && rows.length && !config.security?.disableToken && (editable || actions.includes('edit') || actions.includes('del'))) {