@opengis/fastify-table 1.4.88 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.js +33 -0
- package/dist/dblist.js +5 -0
- package/dist/index.js +170 -0
- package/dist/redactionList.js +6 -0
- package/dist/server/helpers/core/badge.js +16 -0
- package/dist/server/helpers/core/buttonFilePreview.js +12 -0
- package/dist/server/helpers/core/buttonHelper.js +20 -0
- package/{server → dist/server}/helpers/core/token.js +16 -18
- package/dist/server/helpers/format/formatAuto.js +14 -0
- package/dist/server/helpers/format/formatDate.js +231 -0
- package/{server → dist/server}/helpers/format/formatDigit.js +21 -21
- package/dist/server/helpers/format/formatNum.js +331 -0
- package/{server → dist/server}/helpers/format/formatNumber.js +50 -55
- package/dist/server/helpers/format/formatRelative.js +180 -0
- package/{server → dist/server}/helpers/format/formatUnit.js +41 -40
- package/{server → dist/server}/helpers/format/num_format.js +40 -44
- package/{server → dist/server}/helpers/format/set.js +26 -27
- package/{server → dist/server}/helpers/funcs/_math.js +49 -50
- package/{server → dist/server}/helpers/funcs/contentList.js +52 -57
- package/{server → dist/server}/helpers/funcs/empty.js +21 -21
- package/dist/server/helpers/funcs/ifCond.js +109 -0
- package/dist/server/helpers/funcs/ifCondAnd.js +109 -0
- package/dist/server/helpers/funcs/ifCondOr.js +110 -0
- package/{server → dist/server}/helpers/funcs/inc.js +19 -20
- package/{server → dist/server}/helpers/funcs/json.js +3 -3
- package/dist/server/helpers/funcs/qrcode.js +65 -0
- package/{server → dist/server}/helpers/funcs/round.js +27 -29
- package/dist/server/helpers/funcs/select.js +39 -0
- package/dist/server/helpers/index.js +125 -0
- package/dist/server/helpers/list/buttonHelper.js +20 -0
- package/{server → dist/server}/helpers/list/descriptionList.js +39 -45
- package/dist/server/helpers/list/tableList.js +104 -0
- package/{server → dist/server}/helpers/list/utils/button.js +3 -3
- package/{server → dist/server}/helpers/list/utils/buttonDel.js +8 -9
- package/{server → dist/server}/helpers/list/utils/buttonEdit.js +8 -9
- package/{server → dist/server}/helpers/string/coalesce.js +33 -39
- package/{server → dist/server}/helpers/string/concat.js +25 -28
- package/{server → dist/server}/helpers/string/split.js +19 -20
- package/{server → dist/server}/helpers/string/str_replace.js +57 -62
- package/{server → dist/server}/helpers/string/substr.js +28 -32
- package/{server → dist/server}/helpers/string/translit.js +20 -23
- package/dist/server/helpers/string/utils/alphabet.js +76 -0
- package/{server → dist/server}/helpers/utils/button.js +3 -3
- package/{server → dist/server}/helpers/utils/buttonAdd.js +4 -4
- package/{server → dist/server}/helpers/utils/buttonDel.js +11 -15
- package/{server → dist/server}/helpers/utils/buttonDownload.js +3 -3
- package/dist/server/helpers/utils/buttonEdit.js +14 -0
- package/{server → dist/server}/helpers/utils/buttonPreview.js +3 -3
- package/{server → dist/server}/helpers/utils/mdToHTML.js +16 -17
- package/{server → dist/server}/helpers/utils/paddingNumber.js +5 -5
- package/dist/server/plugins/access/funcs/getAdminAccess.js +11 -0
- package/dist/server/plugins/cron/cronList.js +2 -0
- package/dist/server/plugins/cron/funcs/addCron.js +41 -0
- package/{server → dist/server}/plugins/cron/funcs/interval2ms.js +36 -40
- package/dist/server/plugins/cron/funcs/runCron.js +20 -0
- package/{server → dist/server}/plugins/cron/funcs/verifyUnique.js +19 -23
- package/dist/server/plugins/cron/index.js +75 -0
- package/dist/server/plugins/crud/funcs/dataDelete.js +87 -0
- package/dist/server/plugins/crud/funcs/dataInsert.js +134 -0
- package/dist/server/plugins/crud/funcs/dataUpdate.js +198 -0
- package/dist/server/plugins/crud/funcs/getAccess.js +82 -0
- package/dist/server/plugins/crud/funcs/getOpt.js +13 -0
- package/dist/server/plugins/crud/funcs/getToken.js +24 -0
- package/dist/server/plugins/crud/funcs/isFileExists.js +11 -0
- package/dist/server/plugins/crud/funcs/setOpt.js +19 -0
- package/dist/server/plugins/crud/funcs/setToken.js +41 -0
- package/dist/server/plugins/crud/funcs/utils/getFolder.js +13 -0
- package/dist/server/plugins/crud/funcs/utils/getInsertQuery.js +54 -0
- package/dist/server/plugins/crud/funcs/utils/logChanges.js +144 -0
- package/{server → dist/server}/plugins/crud/funcs/validateData.js +91 -83
- package/dist/server/plugins/extra/extraData.js +81 -0
- package/dist/server/plugins/extra/extraDataGet.js +52 -0
- package/dist/server/plugins/file/downloadFile.js +15 -0
- package/{server → dist/server}/plugins/file/getExport.js +18 -38
- package/dist/server/plugins/file/isFileExists.js +13 -0
- package/dist/server/plugins/file/providers/fs.js +86 -0
- package/dist/server/plugins/file/providers/index.js +28 -0
- package/dist/server/plugins/file/providers/mime/index.js +7 -0
- package/dist/server/plugins/file/providers/mime/mimes.js +1179 -0
- package/dist/server/plugins/file/providers/s3/client.js +26 -0
- package/dist/server/plugins/file/providers/s3/funcs/downloadFile.js +42 -0
- package/dist/server/plugins/file/providers/s3/funcs/fileExists.js +24 -0
- package/dist/server/plugins/file/providers/s3/funcs/uploadFile.js +35 -0
- package/dist/server/plugins/file/providers/s3/funcs/utils/getS3FilePath.js +18 -0
- package/{server → dist/server}/plugins/file/providers/s3/index.js +11 -12
- package/dist/server/plugins/file/providers/utils/getDataSize.js +19 -0
- package/dist/server/plugins/file/providers/utils/getValidData.js +30 -0
- package/dist/server/plugins/file/providers/utils/handlers/dataTypes.js +7 -0
- package/dist/server/plugins/file/providers/utils/handlers/index.js +50 -0
- package/dist/server/plugins/file/providers/utils/handlers/sizeHandlers.js +9 -0
- package/dist/server/plugins/file/providers/utils/streamToBuffer.js +7 -0
- package/{server → dist/server}/plugins/file/providers/utils/typeguards/isArray.js +2 -3
- package/{server → dist/server}/plugins/file/providers/utils/typeguards/isBuffer.js +2 -3
- package/dist/server/plugins/file/providers/utils/typeguards/isPath.js +3 -0
- package/dist/server/plugins/file/providers/utils/typeguards/isReadableStream.js +7 -0
- package/{server → dist/server}/plugins/file/providers/utils/typeguards/isText.js +2 -3
- package/dist/server/plugins/file/uploadFile.js +14 -0
- package/dist/server/plugins/file/uploadMultiPart.js +101 -0
- package/dist/server/plugins/file/utils/allowedExtensions.js +60 -0
- package/{server → dist/server}/plugins/file/utils/getFileType.js +12 -10
- package/dist/server/plugins/file/utils/getPath.js +30 -0
- package/dist/server/plugins/file/utils/isFileExists.js +15 -0
- package/dist/server/plugins/grpc/file2json.js +50 -0
- package/dist/server/plugins/grpc/grpc.js +103 -0
- package/dist/server/plugins/grpc/office2pdf.js +78 -0
- package/dist/server/plugins/grpc/utils/csv2xls.js +6 -0
- package/dist/server/plugins/grpc/utils/excel2Json.js +10 -0
- package/dist/server/plugins/grpc/utils/html2doc.js +17 -0
- package/dist/server/plugins/grpc/utils/html2img.js +17 -0
- package/dist/server/plugins/grpc/utils/html2pdf.js +19 -0
- package/{server → dist/server}/plugins/grpc/utils/htmlTemplate.js +3 -4
- package/dist/server/plugins/grpc/utils/json2xls.js +11 -0
- package/dist/server/plugins/grpc/utils/mergePdf.js +18 -0
- package/dist/server/plugins/hook/funcs/addHook.js +7 -0
- package/dist/server/plugins/hook/funcs/applyHook.js +25 -0
- package/dist/server/plugins/hook/funcs/applyHookSync.js +7 -0
- package/dist/server/plugins/hook/hookList.js +2 -0
- package/{server → dist/server}/plugins/hook/index.js +7 -8
- package/dist/server/plugins/logger/createFileStream.js +79 -0
- package/dist/server/plugins/logger/errorMessage.js +24 -0
- package/dist/server/plugins/logger/errorStatus.js +17 -0
- package/dist/server/plugins/logger/getHooks.js +17 -0
- package/dist/server/plugins/logger/getLogger.js +52 -0
- package/dist/server/plugins/logger/index.js +37 -0
- package/dist/server/plugins/logger/labels.js +10 -0
- package/dist/server/plugins/logger/serializers.js +22 -0
- package/{server → dist/server}/plugins/logger/timestampWithTimeZone.js +5 -5
- package/dist/server/plugins/md/funcs/formatMdoc.js +45 -0
- package/{server → dist/server}/plugins/md/funcs/mdToHTML.js +16 -17
- package/dist/server/plugins/metric/index.js +6 -0
- package/dist/server/plugins/metric/loggerSystem.js +127 -0
- package/dist/server/plugins/metric/systemMetricsFifthly.js +20 -0
- package/dist/server/plugins/migration/exec.migrations.js +59 -0
- package/dist/server/plugins/migration/exec.sql.js +61 -0
- package/{server → dist/server}/plugins/migration/index.js +5 -7
- package/dist/server/plugins/pg/funcs/autoIndex.js +102 -0
- package/{server → dist/server}/plugins/pg/funcs/getDBParams.js +16 -15
- package/dist/server/plugins/pg/funcs/getMeta.js +48 -0
- package/dist/server/plugins/pg/funcs/getPG.js +39 -0
- package/dist/server/plugins/pg/funcs/getPGAsync.js +45 -0
- package/dist/server/plugins/pg/funcs/init.js +157 -0
- package/dist/server/plugins/pg/index.js +47 -0
- package/dist/server/plugins/pg/pgClients.js +20 -0
- package/dist/server/plugins/policy/funcs/checkPolicy.js +173 -0
- package/dist/server/plugins/policy/funcs/checkXSS.js +44 -0
- package/dist/server/plugins/policy/index.js +11 -0
- package/dist/server/plugins/policy/sqlInjection.js +33 -0
- package/dist/server/plugins/policy/xssInjection.js +72 -0
- package/{server → dist/server}/plugins/redis/client.js +6 -8
- package/dist/server/plugins/redis/funcs/getRedis.js +23 -0
- package/{server → dist/server}/plugins/redis/funcs/redisClients.js +2 -3
- package/dist/server/plugins/redis/index.js +8 -0
- package/dist/server/plugins/sqlite/funcs/getSqlite.js +27 -0
- package/dist/server/plugins/sqlite/funcs/init.js +45 -0
- package/dist/server/plugins/sqlite/index.js +8 -0
- package/dist/server/plugins/sqlite/sqliteClients.js +24 -0
- package/dist/server/plugins/table/funcs/addMenu.js +12 -0
- package/dist/server/plugins/table/funcs/addTemplateDir.js +16 -0
- package/dist/server/plugins/table/funcs/customTokens.js +2 -0
- package/dist/server/plugins/table/funcs/getData.js +25 -0
- package/dist/server/plugins/table/funcs/getFilter.js +18 -0
- package/dist/server/plugins/table/funcs/getFilterSQL/index.js +201 -0
- package/dist/server/plugins/table/funcs/getFilterSQL/util/formatValue.js +131 -0
- package/dist/server/plugins/table/funcs/getFilterSQL/util/getCustomQuery.js +11 -0
- package/dist/server/plugins/table/funcs/getFilterSQL/util/getFilterQuery.js +84 -0
- package/dist/server/plugins/table/funcs/getFilterSQL/util/getOptimizedQuery.js +11 -0
- package/dist/server/plugins/table/funcs/getFilterSQL/util/getRangeQuery.js +161 -0
- package/dist/server/plugins/table/funcs/getFilterSQL/util/getTableSql.js +40 -0
- package/dist/server/plugins/table/funcs/getSelect.js +37 -0
- package/dist/server/plugins/table/funcs/getSelectMeta.js +77 -0
- package/dist/server/plugins/table/funcs/getTemplate.js +86 -0
- package/dist/server/plugins/table/funcs/getTemplatePath.js +60 -0
- package/dist/server/plugins/table/funcs/getTemplateSync.js +84 -0
- package/dist/server/plugins/table/funcs/getTemplates.js +15 -0
- package/dist/server/plugins/table/funcs/gisIRColumn.js +81 -0
- package/dist/server/plugins/table/funcs/loadTemplate.js +2 -0
- package/dist/server/plugins/table/funcs/loadTemplatePath.js +2 -0
- package/dist/server/plugins/table/funcs/menuDirs.js +2 -0
- package/dist/server/plugins/table/funcs/metaFormat/getSelectVal.js +75 -0
- package/dist/server/plugins/table/funcs/metaFormat/index.js +64 -0
- package/dist/server/plugins/table/funcs/userTemplateDir.js +2 -0
- package/dist/server/plugins/table/funcs/userTokens.js +2 -0
- package/dist/server/plugins/util/funcs/eventStream.js +28 -0
- package/{server → dist/server}/plugins/util/funcs/flattenObject.js +14 -12
- package/{server → dist/server}/plugins/util/funcs/unflattenObject.js +48 -46
- package/{server → dist/server}/plugins/yml/funcs/json2yml.js +3 -5
- package/{server → dist/server}/plugins/yml/funcs/yml2json.js +11 -14
- package/{server → dist/server}/routes/access/controllers/access.group.js +17 -23
- package/{server → dist/server}/routes/access/controllers/access.group.post.js +46 -53
- package/dist/server/routes/access/controllers/access.interface.js +36 -0
- package/{server/routes/access/index.mjs → dist/server/routes/access/index.js} +10 -12
- package/{server/routes/access/schema.mjs → dist/server/routes/access/schema.js} +65 -68
- package/dist/server/routes/cron/controllers/cronApi.js +16 -0
- package/dist/server/routes/cron/index.js +15 -0
- package/dist/server/routes/crud/controllers/deleteCrud.js +90 -0
- package/dist/server/routes/crud/controllers/insert.js +110 -0
- package/dist/server/routes/crud/controllers/table.js +144 -0
- package/dist/server/routes/crud/controllers/update.js +113 -0
- package/dist/server/routes/crud/index.js +22 -0
- package/dist/server/routes/dblist/controllers/readItems.js +25 -0
- package/dist/server/routes/dblist/controllers/setItem.js +20 -0
- package/dist/server/routes/dblist/index.js +17 -0
- package/dist/server/routes/dblist/utils/formatData.js +8 -0
- package/dist/server/routes/file/controllers/delete.js +99 -0
- package/dist/server/routes/file/controllers/download.js +56 -0
- package/dist/server/routes/file/controllers/export.js +294 -0
- package/dist/server/routes/file/controllers/files.js +57 -0
- package/dist/server/routes/file/controllers/resize.js +86 -0
- package/dist/server/routes/file/controllers/resizeAll.js +140 -0
- package/dist/server/routes/file/controllers/upload.js +56 -0
- package/dist/server/routes/file/controllers/uploadImage.js +45 -0
- package/dist/server/routes/file/controllers/utils/formatResult.js +13 -0
- package/dist/server/routes/file/controllers/utils/jsonToCsv.js +40 -0
- package/dist/server/routes/file/controllers/utils/jsonToXls.js +37 -0
- package/dist/server/routes/file/index.js +22 -0
- package/dist/server/routes/file/schema.js +14 -0
- package/dist/server/routes/grpc/controllers/file2geojson.js +54 -0
- package/dist/server/routes/grpc/controllers/filePreview.js +87 -0
- package/dist/server/routes/grpc/index.js +9 -0
- package/dist/server/routes/logger/controllers/logger.file.js +81 -0
- package/dist/server/routes/logger/controllers/logger.test.api.js +42 -0
- package/dist/server/routes/logger/controllers/utils/checkUserAccess.js +22 -0
- package/dist/server/routes/logger/controllers/utils/getRootDir.js +25 -0
- package/dist/server/routes/logger/index.js +18 -0
- package/dist/server/routes/menu/controllers/getMenu.js +98 -0
- package/dist/server/routes/menu/controllers/interfaces.js +18 -0
- package/dist/server/routes/menu/index.js +7 -0
- package/dist/server/routes/properties/controllers/properties.get.js +23 -0
- package/dist/server/routes/properties/controllers/properties.post.js +68 -0
- package/dist/server/routes/properties/index.js +21 -0
- package/dist/server/routes/table/controllers/card.js +79 -0
- package/dist/server/routes/table/controllers/cardData.js +161 -0
- package/dist/server/routes/table/controllers/cardTabData.js +49 -0
- package/dist/server/routes/table/controllers/dataInfo.js +57 -0
- package/dist/server/routes/table/controllers/filter.js +181 -0
- package/dist/server/routes/table/controllers/form.js +41 -0
- package/{server → dist/server}/routes/table/controllers/getFormByTable.js +105 -125
- package/dist/server/routes/table/controllers/search.js +80 -0
- package/dist/server/routes/table/controllers/suggest.js +242 -0
- package/dist/server/routes/table/controllers/tableData.js +88 -0
- package/dist/server/routes/table/controllers/tableInfo.js +112 -0
- package/dist/server/routes/table/controllers/tokenInfo.js +10 -0
- package/dist/server/routes/table/controllers/utils/conditions.js +30 -0
- package/dist/server/routes/table/controllers/utils/formatSchema.js +35 -0
- package/dist/server/routes/table/controllers/utils/locales.js +2 -0
- package/dist/server/routes/table/functions/getData.js +584 -0
- package/dist/server/routes/table/index.js +44 -0
- package/dist/server/routes/table/schema.js +117 -0
- package/dist/server/routes/templates/controllers/getTemplate.js +65 -0
- package/dist/server/routes/templates/index.js +7 -0
- package/{server → dist/server}/routes/templates/schema.js +11 -12
- package/dist/server/routes/util/controllers/code.generator.js +75 -0
- package/dist/server/routes/util/controllers/next.id.js +4 -0
- package/dist/server/routes/util/controllers/status.monitor.js +6 -0
- package/dist/server/routes/util/controllers/user.tokens.js +32 -0
- package/dist/server/routes/util/index.js +13 -0
- package/dist/server/routes/widget/controllers/file.edit.js +48 -0
- package/dist/server/routes/widget/controllers/widget.del.js +84 -0
- package/dist/server/routes/widget/controllers/widget.get.js +164 -0
- package/dist/server/routes/widget/controllers/widget.set.js +117 -0
- package/dist/server/routes/widget/hook/onWidgetSet.js +10 -0
- package/dist/server/routes/widget/index.js +42 -0
- package/dist/server/types/core.js +12 -0
- package/dist/utils.js +93 -0
- package/package.json +24 -17
- package/config.js +0 -37
- package/dblist.js +0 -5
- package/index.js +0 -193
- package/redactionList.js +0 -7
- package/server/helpers/core/badge.js +0 -14
- package/server/helpers/core/buttonFilePreview.js +0 -12
- package/server/helpers/core/buttonHelper.js +0 -22
- package/server/helpers/format/formatAuto.js +0 -13
- package/server/helpers/format/formatDate.js +0 -258
- package/server/helpers/format/formatNum.js +0 -365
- package/server/helpers/format/formatRelative.js +0 -106
- package/server/helpers/funcs/ifCond.js +0 -109
- package/server/helpers/funcs/ifCondAnd.js +0 -114
- package/server/helpers/funcs/ifCondOr.js +0 -115
- package/server/helpers/funcs/qrcode.js +0 -68
- package/server/helpers/funcs/select.js +0 -46
- package/server/helpers/index.js +0 -137
- package/server/helpers/list/buttonHelper.js +0 -22
- package/server/helpers/list/tableList.js +0 -87
- package/server/helpers/string/utils/alphabet.js +0 -76
- package/server/helpers/utils/buttonEdit.js +0 -17
- package/server/migrations/0.sql +0 -84
- package/server/migrations/cls.sql +0 -40
- package/server/migrations/context.sql +0 -135
- package/server/migrations/crm.sql +0 -155
- package/server/migrations/log.sql +0 -87
- package/server/migrations/properties.sql +0 -115
- package/server/migrations/roles.sql +0 -191
- package/server/migrations/template.sql +0 -44
- package/server/migrations/users.sql +0 -176
- package/server/plugins/access/funcs/getAdminAccess.js +0 -14
- package/server/plugins/access/index.mjs +0 -6
- package/server/plugins/cron/cronList.js +0 -1
- package/server/plugins/cron/funcs/addCron.js +0 -52
- package/server/plugins/cron/funcs/runCron.js +0 -24
- package/server/plugins/cron/index.js +0 -77
- package/server/plugins/crud/funcs/dataDelete.js +0 -86
- package/server/plugins/crud/funcs/dataInsert.js +0 -131
- package/server/plugins/crud/funcs/dataUpdate.js +0 -179
- package/server/plugins/crud/funcs/getAccess.js +0 -94
- package/server/plugins/crud/funcs/getOpt.js +0 -14
- package/server/plugins/crud/funcs/getToken.js +0 -33
- package/server/plugins/crud/funcs/isFileExists.js +0 -13
- package/server/plugins/crud/funcs/setOpt.js +0 -21
- package/server/plugins/crud/funcs/setToken.js +0 -43
- package/server/plugins/crud/funcs/utils/getFolder.js +0 -11
- package/server/plugins/crud/funcs/utils/getInsertQuery.js +0 -44
- package/server/plugins/crud/funcs/utils/logChanges.js +0 -121
- package/server/plugins/crud/index.js +0 -23
- package/server/plugins/extra/extraData.js +0 -79
- package/server/plugins/extra/extraDataGet.js +0 -56
- package/server/plugins/file/downloadFile.js +0 -18
- package/server/plugins/file/isFileExists.js +0 -17
- package/server/plugins/file/providers/fs.js +0 -100
- package/server/plugins/file/providers/index.d.ts +0 -49
- package/server/plugins/file/providers/index.js +0 -36
- package/server/plugins/file/providers/mime/index.js +0 -12
- package/server/plugins/file/providers/mime/mimes.js +0 -1180
- package/server/plugins/file/providers/s3/client.js +0 -41
- package/server/plugins/file/providers/s3/funcs/downloadFile.js +0 -50
- package/server/plugins/file/providers/s3/funcs/fileExists.js +0 -32
- package/server/plugins/file/providers/s3/funcs/uploadFile.js +0 -46
- package/server/plugins/file/providers/s3/funcs/utils/getS3FilePath.js +0 -23
- package/server/plugins/file/providers/utils/getDataSize.js +0 -20
- package/server/plugins/file/providers/utils/getValidData.js +0 -32
- package/server/plugins/file/providers/utils/handlers/dataTypes.js +0 -8
- package/server/plugins/file/providers/utils/handlers/index.js +0 -53
- package/server/plugins/file/providers/utils/handlers/sizeHandlers.js +0 -11
- package/server/plugins/file/providers/utils/streamToBuffer.js +0 -8
- package/server/plugins/file/providers/utils/typeguards/isPath.js +0 -5
- package/server/plugins/file/providers/utils/typeguards/isReadableStream.js +0 -8
- package/server/plugins/file/uploadFile.js +0 -19
- package/server/plugins/file/uploadMultiPart.js +0 -131
- package/server/plugins/file/utils/allowedExtensions.js +0 -25
- package/server/plugins/file/utils/getPath.js +0 -25
- package/server/plugins/file/utils/isFileExists.js +0 -16
- package/server/plugins/grpc/file2json.js +0 -54
- package/server/plugins/grpc/grpc.js +0 -125
- package/server/plugins/grpc/office2pdf.js +0 -91
- package/server/plugins/grpc/utils/csv2xls.js +0 -8
- package/server/plugins/grpc/utils/excel2Json.js +0 -8
- package/server/plugins/grpc/utils/html2doc.js +0 -19
- package/server/plugins/grpc/utils/html2img.js +0 -18
- package/server/plugins/grpc/utils/html2pdf.js +0 -23
- package/server/plugins/grpc/utils/json2xls.js +0 -13
- package/server/plugins/grpc/utils/mergePdf.js +0 -20
- package/server/plugins/hook/funcs/addHook.js +0 -8
- package/server/plugins/hook/funcs/applyHook.js +0 -25
- package/server/plugins/hook/funcs/applyHookSync.js +0 -9
- package/server/plugins/hook/hookList.js +0 -1
- package/server/plugins/logger/createFileStream.js +0 -88
- package/server/plugins/logger/errorMessage.js +0 -25
- package/server/plugins/logger/errorStatus.js +0 -19
- package/server/plugins/logger/getHooks.js +0 -21
- package/server/plugins/logger/getLogger.js +0 -58
- package/server/plugins/logger/index.js +0 -33
- package/server/plugins/logger/labels.js +0 -11
- package/server/plugins/logger/serializers.js +0 -25
- package/server/plugins/md/funcs/formatMdoc.js +0 -40
- package/server/plugins/metric/index.js +0 -8
- package/server/plugins/metric/loggerSystem.js +0 -131
- package/server/plugins/metric/systemMetricsFifthly.js +0 -24
- package/server/plugins/migration/exec.migrations.js +0 -63
- package/server/plugins/migration/exec.sql.js +0 -67
- package/server/plugins/pg/funcs/autoIndex.js +0 -103
- package/server/plugins/pg/funcs/getMeta.js +0 -49
- package/server/plugins/pg/funcs/getPG.js +0 -42
- package/server/plugins/pg/funcs/getPGAsync.js +0 -62
- package/server/plugins/pg/funcs/init.js +0 -117
- package/server/plugins/pg/index.js +0 -54
- package/server/plugins/pg/pgClients.js +0 -22
- package/server/plugins/policy/funcs/checkPolicy.js +0 -127
- package/server/plugins/policy/funcs/checkXSS.js +0 -37
- package/server/plugins/policy/index.js +0 -11
- package/server/plugins/policy/sqlInjection.js +0 -34
- package/server/plugins/policy/xssInjection.js +0 -73
- package/server/plugins/redis/funcs/getRedis.js +0 -25
- package/server/plugins/redis/index.js +0 -17
- package/server/plugins/sqlite/funcs/getSqlite.js +0 -39
- package/server/plugins/sqlite/funcs/init.js +0 -53
- package/server/plugins/sqlite/index.js +0 -11
- package/server/plugins/sqlite/sqliteClients.js +0 -26
- package/server/plugins/table/funcs/addMenu.js +0 -16
- package/server/plugins/table/funcs/addTemplateDir.js +0 -19
- package/server/plugins/table/funcs/customTokens.js +0 -1
- package/server/plugins/table/funcs/getData.js +0 -14
- package/server/plugins/table/funcs/getFilter.js +0 -14
- package/server/plugins/table/funcs/getFilterSQL/index.js +0 -163
- package/server/plugins/table/funcs/getFilterSQL/util/formatValue.js +0 -136
- package/server/plugins/table/funcs/getFilterSQL/util/getCustomQuery.js +0 -13
- package/server/plugins/table/funcs/getFilterSQL/util/getFilterQuery.js +0 -75
- package/server/plugins/table/funcs/getFilterSQL/util/getOptimizedQuery.js +0 -12
- package/server/plugins/table/funcs/getFilterSQL/util/getRangeQuery.js +0 -156
- package/server/plugins/table/funcs/getFilterSQL/util/getTableSql.js +0 -34
- package/server/plugins/table/funcs/getSelect.js +0 -31
- package/server/plugins/table/funcs/getSelectMeta.js +0 -74
- package/server/plugins/table/funcs/getTemplate.js +0 -88
- package/server/plugins/table/funcs/getTemplatePath.js +0 -60
- package/server/plugins/table/funcs/getTemplateSync.js +0 -87
- package/server/plugins/table/funcs/getTemplates.js +0 -19
- package/server/plugins/table/funcs/gisIRColumn.js +0 -82
- package/server/plugins/table/funcs/loadTemplate.js +0 -1
- package/server/plugins/table/funcs/loadTemplatePath.js +0 -1
- package/server/plugins/table/funcs/menuDirs.js +0 -1
- package/server/plugins/table/funcs/metaFormat/getSelectVal.js +0 -61
- package/server/plugins/table/funcs/metaFormat/index.js +0 -49
- package/server/plugins/table/funcs/userTemplateDir.js +0 -1
- package/server/plugins/table/funcs/userTokens.js +0 -1
- package/server/plugins/table/index.js +0 -13
- package/server/plugins/util/funcs/eventStream.js +0 -29
- package/server/plugins/util/index.js +0 -7
- package/server/routes/access/controllers/access.interface.js +0 -37
- package/server/routes/cron/controllers/cronApi.js +0 -22
- package/server/routes/cron/index.js +0 -19
- package/server/routes/crud/controllers/deleteCrud.js +0 -84
- package/server/routes/crud/controllers/insert.js +0 -103
- package/server/routes/crud/controllers/table.js +0 -116
- package/server/routes/crud/controllers/update.js +0 -108
- package/server/routes/crud/index.js +0 -26
- package/server/routes/dblist/controllers/readItems.js +0 -28
- package/server/routes/dblist/controllers/setItem.js +0 -25
- package/server/routes/dblist/index.mjs +0 -19
- package/server/routes/dblist/utils/formatData.js +0 -7
- package/server/routes/file/controllers/delete.js +0 -108
- package/server/routes/file/controllers/download.js +0 -66
- package/server/routes/file/controllers/export.js +0 -290
- package/server/routes/file/controllers/files.js +0 -72
- package/server/routes/file/controllers/resize.js +0 -96
- package/server/routes/file/controllers/resizeAll.js +0 -165
- package/server/routes/file/controllers/upload.js +0 -55
- package/server/routes/file/controllers/uploadImage.js +0 -47
- package/server/routes/file/controllers/utils/formatResult.js +0 -17
- package/server/routes/file/controllers/utils/jsonToCsv.js +0 -36
- package/server/routes/file/controllers/utils/jsonToXls.js +0 -42
- package/server/routes/file/index.mjs +0 -26
- package/server/routes/file/schema.js +0 -16
- package/server/routes/grpc/controllers/file2geojson.js +0 -60
- package/server/routes/grpc/controllers/filePreview.js +0 -89
- package/server/routes/grpc/index.mjs +0 -12
- package/server/routes/logger/controllers/logger.file.js +0 -97
- package/server/routes/logger/controllers/logger.test.api.js +0 -48
- package/server/routes/logger/controllers/utils/checkUserAccess.js +0 -24
- package/server/routes/logger/controllers/utils/getRootDir.js +0 -27
- package/server/routes/logger/index.js +0 -22
- package/server/routes/menu/controllers/getMenu.js +0 -98
- package/server/routes/menu/controllers/interfaces.js +0 -21
- package/server/routes/menu/index.mjs +0 -8
- package/server/routes/menu/schema.js +0 -0
- package/server/routes/properties/controllers/properties.get.js +0 -33
- package/server/routes/properties/controllers/properties.post.js +0 -76
- package/server/routes/properties/index.js +0 -25
- package/server/routes/table/controllers/card.js +0 -77
- package/server/routes/table/controllers/cardData.js +0 -155
- package/server/routes/table/controllers/cardTabData.js +0 -57
- package/server/routes/table/controllers/dataInfo.js +0 -56
- package/server/routes/table/controllers/filter.js +0 -154
- package/server/routes/table/controllers/form.js +0 -42
- package/server/routes/table/controllers/search.js +0 -74
- package/server/routes/table/controllers/suggest.js +0 -246
- package/server/routes/table/controllers/tableData.js +0 -62
- package/server/routes/table/controllers/tableInfo.js +0 -110
- package/server/routes/table/controllers/tokenInfo.js +0 -12
- package/server/routes/table/controllers/utils/conditions.js +0 -21
- package/server/routes/table/controllers/utils/formatSchema.js +0 -23
- package/server/routes/table/controllers/utils/locales.js +0 -1
- package/server/routes/table/functions/getData.js +0 -436
- package/server/routes/table/index.js +0 -57
- package/server/routes/table/schema.js +0 -127
- package/server/routes/templates/controllers/getTemplate.js +0 -51
- package/server/routes/templates/index.mjs +0 -10
- package/server/routes/util/controllers/code.generator.js +0 -94
- package/server/routes/util/controllers/next.id.js +0 -4
- package/server/routes/util/controllers/status.monitor.js +0 -8
- package/server/routes/util/controllers/user.tokens.js +0 -45
- package/server/routes/util/index.js +0 -14
- package/server/routes/widget/controllers/file.edit.js +0 -55
- package/server/routes/widget/controllers/widget.del.js +0 -99
- package/server/routes/widget/controllers/widget.get.js +0 -156
- package/server/routes/widget/controllers/widget.set.js +0 -108
- package/server/routes/widget/hook/onWidgetSet.js +0 -13
- package/server/routes/widget/index.mjs +0 -38
- package/utils.js +0 -112
- /package/{server → dist/server}/plugins/grpc/utils/convertp.proto +0 -0
- /package/{server → dist/server}/plugins/grpc/utils/office2pdf.proto +0 -0
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
import { createHash } from "node:crypto";
|
|
2
|
+
import config from "../../../../config.js";
|
|
3
|
+
import getRedis from "../../redis/funcs/getRedis.js";
|
|
4
|
+
import logger from "../../logger/getLogger.js";
|
|
5
|
+
const rclient = getRedis({ db: 0 });
|
|
6
|
+
async function init(client) {
|
|
7
|
+
if (!client?.options?.database) {
|
|
8
|
+
return;
|
|
9
|
+
}
|
|
10
|
+
const { pgType, pk } = await client
|
|
11
|
+
.query(`SELECT
|
|
12
|
+
(
|
|
13
|
+
SELECT
|
|
14
|
+
json_object_agg(
|
|
15
|
+
conrelid:: regclass,
|
|
16
|
+
(
|
|
17
|
+
SELECT
|
|
18
|
+
attname
|
|
19
|
+
FROM
|
|
20
|
+
pg_attribute
|
|
21
|
+
WHERE
|
|
22
|
+
attrelid = c.conrelid
|
|
23
|
+
AND attnum = c.conkey [1]
|
|
24
|
+
)
|
|
25
|
+
)
|
|
26
|
+
FROM
|
|
27
|
+
pg_constraint c
|
|
28
|
+
WHERE
|
|
29
|
+
contype = 'p'
|
|
30
|
+
AND connamespace:: regnamespace:: text NOT IN ('sde')
|
|
31
|
+
) AS pk,
|
|
32
|
+
(
|
|
33
|
+
SELECT
|
|
34
|
+
json_object_agg(t.oid:: text, pg_catalog.format_type(t.oid, NULL))
|
|
35
|
+
FROM
|
|
36
|
+
pg_catalog.pg_type t
|
|
37
|
+
) AS "pgType"`)
|
|
38
|
+
.then((d) => d.rows[0]);
|
|
39
|
+
const tlist = await client
|
|
40
|
+
.query(`SELECT
|
|
41
|
+
array_agg(
|
|
42
|
+
(
|
|
43
|
+
SELECT
|
|
44
|
+
nspname
|
|
45
|
+
FROM
|
|
46
|
+
pg_namespace
|
|
47
|
+
WHERE
|
|
48
|
+
oid = relnamespace
|
|
49
|
+
) || '.' || relname
|
|
50
|
+
) tlist
|
|
51
|
+
FROM
|
|
52
|
+
pg_class
|
|
53
|
+
WHERE
|
|
54
|
+
relkind IN ('r', 'v')`)
|
|
55
|
+
.then((d) => d.rows[0].tlist);
|
|
56
|
+
const { rows = [] } = await client.query(`SELECT
|
|
57
|
+
(
|
|
58
|
+
SELECT
|
|
59
|
+
nspname
|
|
60
|
+
FROM
|
|
61
|
+
pg_namespace
|
|
62
|
+
WHERE
|
|
63
|
+
oid = relnamespace
|
|
64
|
+
) || '.' || relname AS tname,
|
|
65
|
+
relkind
|
|
66
|
+
FROM
|
|
67
|
+
pg_class
|
|
68
|
+
WHERE
|
|
69
|
+
relkind IN ('r', 'v')`);
|
|
70
|
+
const relkinds = rows.reduce((acc, curr) => Object.assign(acc, { [curr.tname]: curr.relkind }), {});
|
|
71
|
+
async function query(q, args = [], isstream = false) {
|
|
72
|
+
try {
|
|
73
|
+
if (isstream) {
|
|
74
|
+
await client.query("set statement_timeout to 100000000");
|
|
75
|
+
}
|
|
76
|
+
const data = await client.query(q, args);
|
|
77
|
+
await client.query("set statement_timeout to 0");
|
|
78
|
+
return data;
|
|
79
|
+
}
|
|
80
|
+
catch (err) {
|
|
81
|
+
await client.query("set statement_timeout to 0");
|
|
82
|
+
if (err.message === "canceling statement due to statement timeout") {
|
|
83
|
+
logger.file("timeout/query", { q, stack: err.stack });
|
|
84
|
+
return { rows: [], timeout: true };
|
|
85
|
+
}
|
|
86
|
+
throw new Error(err);
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
async function querySafe(q, param) {
|
|
90
|
+
const args = Array.isArray(param) ? param : param?.args || [];
|
|
91
|
+
const data = await query(q, args, true);
|
|
92
|
+
return data;
|
|
93
|
+
}
|
|
94
|
+
async function one(q, param) {
|
|
95
|
+
const data = await query(q, Array.isArray(param) ? param : param?.args || []);
|
|
96
|
+
const result = ((Array.isArray(data) ? data.pop() : data)?.rows || [])[0] || {};
|
|
97
|
+
return result;
|
|
98
|
+
}
|
|
99
|
+
async function queryNotice(q, args, cb = () => { }) {
|
|
100
|
+
const clientCb = await client.connect();
|
|
101
|
+
clientCb.on("notice", (e) => {
|
|
102
|
+
cb(e.message);
|
|
103
|
+
});
|
|
104
|
+
let result;
|
|
105
|
+
try {
|
|
106
|
+
result = await clientCb.query(q, args);
|
|
107
|
+
clientCb.release();
|
|
108
|
+
}
|
|
109
|
+
catch (err) {
|
|
110
|
+
clientCb.release();
|
|
111
|
+
cb(err.toString(), 1);
|
|
112
|
+
throw err;
|
|
113
|
+
}
|
|
114
|
+
// client.end();
|
|
115
|
+
return result;
|
|
116
|
+
}
|
|
117
|
+
async function queryCache(q, param) {
|
|
118
|
+
const { table, args = [], time = 15 } = param || {};
|
|
119
|
+
const seconds = typeof time !== "number" || time < 0 ? 0 : time * 60;
|
|
120
|
+
if (seconds === 0 || config.disableCache) {
|
|
121
|
+
const data = await query(q, args || []);
|
|
122
|
+
return data;
|
|
123
|
+
}
|
|
124
|
+
// CRUD table state
|
|
125
|
+
const keyCacheTable = `pg:${table}:crud`;
|
|
126
|
+
const crudInc = table && config.redis ? (await rclient.get(keyCacheTable)) || 0 : 0;
|
|
127
|
+
//
|
|
128
|
+
const hash = createHash("sha1")
|
|
129
|
+
.update([q, JSON.stringify(args)].join())
|
|
130
|
+
.digest("base64");
|
|
131
|
+
const keyCache = `pg:${hash}:${crudInc}`;
|
|
132
|
+
const cacheData = config.redis ? await rclient.get(keyCache) : null;
|
|
133
|
+
if (cacheData && !config.local) {
|
|
134
|
+
// console.log('from cache', table, query);
|
|
135
|
+
return JSON.parse(cacheData);
|
|
136
|
+
}
|
|
137
|
+
const data = await query(q, args || []);
|
|
138
|
+
if (seconds > 0 && config.redis) {
|
|
139
|
+
rclient.set(keyCache, JSON.stringify(data), "EX", seconds);
|
|
140
|
+
}
|
|
141
|
+
// console.log('no cache', table, crudInc, query);
|
|
142
|
+
return data;
|
|
143
|
+
}
|
|
144
|
+
Object.assign(client, {
|
|
145
|
+
one,
|
|
146
|
+
pgType,
|
|
147
|
+
pk,
|
|
148
|
+
tlist,
|
|
149
|
+
relkinds,
|
|
150
|
+
queryCache,
|
|
151
|
+
queryNotice,
|
|
152
|
+
querySafe,
|
|
153
|
+
});
|
|
154
|
+
console.log("pg connected", client.options?.database);
|
|
155
|
+
}
|
|
156
|
+
// export default client;
|
|
157
|
+
export default init;
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import pgClients from "./pgClients.js";
|
|
2
|
+
import getPGAsync from "./funcs/getPGAsync.js";
|
|
3
|
+
import logger from "../logger/getLogger.js";
|
|
4
|
+
function close() {
|
|
5
|
+
Object.keys(pgClients).forEach((el) => {
|
|
6
|
+
pgClients[el].end();
|
|
7
|
+
});
|
|
8
|
+
}
|
|
9
|
+
async function getHeadersPG(req, config) {
|
|
10
|
+
if (!req.headers?.token)
|
|
11
|
+
return null;
|
|
12
|
+
const validToken = (req.ip === "193.239.152.181" ||
|
|
13
|
+
req.ip === "127.0.0.1" ||
|
|
14
|
+
req.ip.startsWith("192.168.") ||
|
|
15
|
+
config.debug) &&
|
|
16
|
+
req.headers?.token &&
|
|
17
|
+
config.auth?.tokens?.includes?.(req.headers.token);
|
|
18
|
+
if (validToken && typeof req.headers?.db === "string") {
|
|
19
|
+
const pg = pgClients[req.headers.db] || (await getPGAsync(req.headers.db));
|
|
20
|
+
return pg;
|
|
21
|
+
}
|
|
22
|
+
return null;
|
|
23
|
+
}
|
|
24
|
+
async function plugin(fastify, config) {
|
|
25
|
+
const client = await getPGAsync({ ...(config.pg || {}), name: "client" });
|
|
26
|
+
fastify.addHook("onRequest", async (req) => {
|
|
27
|
+
const headersPG = await getHeadersPG(req, config);
|
|
28
|
+
req.pg = headersPG || req.pg || client || pgClients.client;
|
|
29
|
+
if (headersPG) {
|
|
30
|
+
req.user = { uid: req.headers?.uid };
|
|
31
|
+
req.folder = config.folder;
|
|
32
|
+
req.root = config.root;
|
|
33
|
+
}
|
|
34
|
+
});
|
|
35
|
+
fastify.addHook("onError", async (req, reply, err) => {
|
|
36
|
+
if (err.message === "canceling statement due to statement timeout") {
|
|
37
|
+
logger.file("timeout/request", {
|
|
38
|
+
method: req.method,
|
|
39
|
+
url: req.url,
|
|
40
|
+
referer: req.headers?.referer,
|
|
41
|
+
stack: err.stack,
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
fastify.addHook("onClose", close);
|
|
46
|
+
}
|
|
47
|
+
export default plugin;
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import pg from "pg";
|
|
2
|
+
import config from "../../../config.js";
|
|
3
|
+
import init from "./funcs/init.js";
|
|
4
|
+
const pgClients = {};
|
|
5
|
+
if (config.pg) {
|
|
6
|
+
const client = new pg.Pool({
|
|
7
|
+
host: config.pg?.host || "127.0.0.1",
|
|
8
|
+
port: config.pg?.port || 5432,
|
|
9
|
+
database: config.pg?.database || "postgres",
|
|
10
|
+
user: config.pg?.user || "postgres",
|
|
11
|
+
password: config.pg?.password || "postgres",
|
|
12
|
+
statement_timeout: config.pg?.statement_timeout || 10000,
|
|
13
|
+
});
|
|
14
|
+
client.init = async () => {
|
|
15
|
+
await init(client);
|
|
16
|
+
};
|
|
17
|
+
client.init();
|
|
18
|
+
pgClients.client = client;
|
|
19
|
+
}
|
|
20
|
+
export default pgClients;
|
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
import { config, logger } from "../../../../utils.js";
|
|
2
|
+
import block from "../sqlInjection.js";
|
|
3
|
+
const { skipCheckPolicyRoutes = [] } = config;
|
|
4
|
+
const skipCheckPolicy = (path) => skipCheckPolicyRoutes.find((el) => path.includes(el));
|
|
5
|
+
export default function checkPolicy(req, reply) {
|
|
6
|
+
const { originalUrl: path, hostname, query, params, headers, method, routeOptions, unittest, } = req;
|
|
7
|
+
if (config.local || unittest || config.env === "test") {
|
|
8
|
+
return null;
|
|
9
|
+
}
|
|
10
|
+
const body = JSON.stringify(req?.body || {}).substring(30);
|
|
11
|
+
const isAdmin = process.env.NODE_ENV === "admin" ||
|
|
12
|
+
hostname.split(":").shift() === config.adminDomain ||
|
|
13
|
+
config.admin ||
|
|
14
|
+
hostname.startsWith("admin");
|
|
15
|
+
const user = req.user || req.session?.passport?.user;
|
|
16
|
+
const isUser = config?.debug || !!user;
|
|
17
|
+
const isServer = process.argv[2];
|
|
18
|
+
const { policy = [] } = (routeOptions?.config ||
|
|
19
|
+
{});
|
|
20
|
+
/*= == 0.Check superadmin access === */
|
|
21
|
+
if (policy.includes("admin") &&
|
|
22
|
+
user?.user_type !== "admin" &&
|
|
23
|
+
!config.auth?.disable) {
|
|
24
|
+
logger.file("policy/access", {
|
|
25
|
+
path,
|
|
26
|
+
method,
|
|
27
|
+
params,
|
|
28
|
+
query,
|
|
29
|
+
body,
|
|
30
|
+
message: "access restricted: not admin",
|
|
31
|
+
uid: user?.uid,
|
|
32
|
+
});
|
|
33
|
+
return reply.status(403).send("access restricted: 0");
|
|
34
|
+
}
|
|
35
|
+
/*= == 1.File injection === */
|
|
36
|
+
if (JSON.stringify(params || {})?.includes("../") ||
|
|
37
|
+
JSON.stringify(query || {})?.includes("../") ||
|
|
38
|
+
path?.includes("../")) {
|
|
39
|
+
logger.file("injection/file", {
|
|
40
|
+
path,
|
|
41
|
+
method,
|
|
42
|
+
params,
|
|
43
|
+
query,
|
|
44
|
+
body,
|
|
45
|
+
message: "access restricted: 1",
|
|
46
|
+
uid: user?.uid,
|
|
47
|
+
});
|
|
48
|
+
return reply.status(403).send("access restricted: 1");
|
|
49
|
+
}
|
|
50
|
+
/* === 1.1 File === */
|
|
51
|
+
const allowExtPublic = [".png", ".jpg", ".svg"];
|
|
52
|
+
const ext = path.toLowerCase().substr(-4);
|
|
53
|
+
if (path.includes("files/") && allowExtPublic.includes(ext))
|
|
54
|
+
return null;
|
|
55
|
+
/* === 2.SQL Injection policy: no-sql === */
|
|
56
|
+
if (!policy.includes("no-sql")) {
|
|
57
|
+
// skip polyline param - data filter (geometry bounds)
|
|
58
|
+
const stopWords = block.filter((el) => path.replace(query.polyline, "").includes(el));
|
|
59
|
+
if (stopWords?.length) {
|
|
60
|
+
logger.file("injection/sql", {
|
|
61
|
+
path,
|
|
62
|
+
method,
|
|
63
|
+
params,
|
|
64
|
+
query,
|
|
65
|
+
body,
|
|
66
|
+
stopWords,
|
|
67
|
+
message: "access restricted: 2",
|
|
68
|
+
uid: user?.uid,
|
|
69
|
+
});
|
|
70
|
+
return reply.status(403).send("access restricted: 2");
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
/* policy: skip if not API */
|
|
74
|
+
const isApi = ["/files/", "/api/", "/api-user/", "/logger", "/file/"].filter((el) => path.includes(el)).length;
|
|
75
|
+
if (!isApi) {
|
|
76
|
+
return null;
|
|
77
|
+
}
|
|
78
|
+
const validToken = (req.ip === "193.239.152.181" ||
|
|
79
|
+
req.ip === "127.0.0.1" ||
|
|
80
|
+
req.ip?.startsWith?.("192.168.") ||
|
|
81
|
+
config.debug) &&
|
|
82
|
+
req.headers?.token &&
|
|
83
|
+
config.auth?.tokens?.includes?.(headers.token);
|
|
84
|
+
if (validToken && !req?.user?.uid) {
|
|
85
|
+
req.user = {
|
|
86
|
+
uid: req.headers?.uid?.toString?.(),
|
|
87
|
+
user_type: req.ip === "193.239.152.181" || config.debug ? "admin" : "regular",
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
/* === policy: public === */
|
|
91
|
+
if (policy.includes("public") ||
|
|
92
|
+
skipCheckPolicy(path) ||
|
|
93
|
+
!config.pg ||
|
|
94
|
+
config.auth?.disable ||
|
|
95
|
+
config.local ||
|
|
96
|
+
config.debug) {
|
|
97
|
+
return null;
|
|
98
|
+
}
|
|
99
|
+
/* === 0. policy: unauthorized access from admin URL === */
|
|
100
|
+
if (!validToken && !user?.uid && isAdmin && !policy.includes("public")) {
|
|
101
|
+
logger.file("policy/unauthorized", {
|
|
102
|
+
path,
|
|
103
|
+
method,
|
|
104
|
+
params,
|
|
105
|
+
query,
|
|
106
|
+
body,
|
|
107
|
+
token: headers?.token,
|
|
108
|
+
userId: headers?.uid,
|
|
109
|
+
ip: req.ip,
|
|
110
|
+
headers,
|
|
111
|
+
message: "unauthorized",
|
|
112
|
+
});
|
|
113
|
+
return reply.status(401).send("unauthorized");
|
|
114
|
+
}
|
|
115
|
+
/* === 3. policy: user === */
|
|
116
|
+
if (!validToken &&
|
|
117
|
+
!user &&
|
|
118
|
+
policy.includes("user") &&
|
|
119
|
+
!skipCheckPolicy(path)) {
|
|
120
|
+
logger.file("policy/user", {
|
|
121
|
+
path,
|
|
122
|
+
method,
|
|
123
|
+
params,
|
|
124
|
+
query,
|
|
125
|
+
body,
|
|
126
|
+
message: "access restricted: 3",
|
|
127
|
+
});
|
|
128
|
+
return reply.status(403).send("access restricted: 3");
|
|
129
|
+
}
|
|
130
|
+
/* === 4. policy: referer === */
|
|
131
|
+
if (!validToken &&
|
|
132
|
+
!headers?.referer?.includes?.(hostname) &&
|
|
133
|
+
policy.includes("referer")) {
|
|
134
|
+
logger.file("policy/referer", {
|
|
135
|
+
path,
|
|
136
|
+
method,
|
|
137
|
+
params,
|
|
138
|
+
query,
|
|
139
|
+
body,
|
|
140
|
+
message: "access restricted: 4",
|
|
141
|
+
uid: user?.uid,
|
|
142
|
+
});
|
|
143
|
+
return reply.status(403).send("access restricted: 4");
|
|
144
|
+
}
|
|
145
|
+
/* === 5. policy: site auth === */
|
|
146
|
+
if (!validToken && !policy.includes("site") && !isAdmin) {
|
|
147
|
+
logger.file("policy/site", {
|
|
148
|
+
path,
|
|
149
|
+
method,
|
|
150
|
+
params,
|
|
151
|
+
query,
|
|
152
|
+
body,
|
|
153
|
+
message: "access restricted: 5",
|
|
154
|
+
uid: user?.uid,
|
|
155
|
+
});
|
|
156
|
+
return reply.status(403).send("access restricted: 5");
|
|
157
|
+
}
|
|
158
|
+
/* === 6. base policy: block non-public api w/ out authorization === */
|
|
159
|
+
if (!validToken && isAdmin && !config.debug && user?.uid && isServer) {
|
|
160
|
+
logger.file("policy/api", {
|
|
161
|
+
path,
|
|
162
|
+
method,
|
|
163
|
+
params,
|
|
164
|
+
query,
|
|
165
|
+
body,
|
|
166
|
+
message: "access restricted: 6",
|
|
167
|
+
uid: user?.uid,
|
|
168
|
+
});
|
|
169
|
+
return reply.status(403).send("access restricted: 6");
|
|
170
|
+
}
|
|
171
|
+
// console.log(headers);
|
|
172
|
+
return null;
|
|
173
|
+
}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
import config from "../../../../config.js";
|
|
2
|
+
import xssInjection from "../xssInjection.js";
|
|
3
|
+
function checkXSS({ body, schema = {} }) {
|
|
4
|
+
const data = typeof body === "string" ? body : JSON.stringify(body);
|
|
5
|
+
const stopWords = xssInjection.filter((el) => data?.toLowerCase?.()?.includes?.(el));
|
|
6
|
+
// check sql injection
|
|
7
|
+
const stopSpecialSymbols = data.match(/\p{S}OR\p{S}|\p{P}OR\p{P}| OR |\+OR\+/giu);
|
|
8
|
+
if (stopSpecialSymbols?.length) {
|
|
9
|
+
stopSpecialSymbols?.forEach((el) => stopWords.push(el));
|
|
10
|
+
}
|
|
11
|
+
// escape arrows on non-rich text editor inputs
|
|
12
|
+
const skipScreening = config.skipScreening || [
|
|
13
|
+
"Summernote",
|
|
14
|
+
"Tiny",
|
|
15
|
+
"Ace",
|
|
16
|
+
"Texteditor",
|
|
17
|
+
];
|
|
18
|
+
Object.keys(body)
|
|
19
|
+
.filter((key) => ["<", ">"].find((el) => body[key]?.includes?.(el)) &&
|
|
20
|
+
!skipScreening.includes(schema?.[key]?.type))
|
|
21
|
+
?.forEach((key) => {
|
|
22
|
+
Object.assign(body, {
|
|
23
|
+
[key]: body[key].replace(/</g, "<").replace(/>/g, ">"),
|
|
24
|
+
});
|
|
25
|
+
});
|
|
26
|
+
if (!stopWords.length)
|
|
27
|
+
return { body };
|
|
28
|
+
const disabledCheckFields = Object.keys(schema || {})?.filter((el) => schema?.[el]?.xssCheck === false); // exclude specific columns
|
|
29
|
+
const field = Object.keys(body)?.find((key) => body[key]?.toLowerCase &&
|
|
30
|
+
!disabledCheckFields.includes(key) &&
|
|
31
|
+
(skipScreening.includes(schema?.[key]?.type)
|
|
32
|
+
? stopWords.find((el) => !["href=", "src="].includes(el))
|
|
33
|
+
: true) &&
|
|
34
|
+
body[key].toLowerCase().includes(stopWords[0]));
|
|
35
|
+
if (field) {
|
|
36
|
+
console.error(stopWords[0], field, body[field]);
|
|
37
|
+
return {
|
|
38
|
+
error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`,
|
|
39
|
+
body,
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
return { body };
|
|
43
|
+
}
|
|
44
|
+
export default checkXSS;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import checkPolicy from './funcs/checkPolicy.js';
|
|
2
|
+
async function plugin(fastify) {
|
|
3
|
+
fastify.addHook('preParsing', async (request, reply) => {
|
|
4
|
+
const resp = checkPolicy(request, reply);
|
|
5
|
+
if (resp) {
|
|
6
|
+
return resp;
|
|
7
|
+
}
|
|
8
|
+
return null;
|
|
9
|
+
});
|
|
10
|
+
}
|
|
11
|
+
export default plugin;
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/* eslint-disable no-script-url */
|
|
2
|
+
const sqlInjection = [
|
|
3
|
+
'()',
|
|
4
|
+
'^',
|
|
5
|
+
'*',
|
|
6
|
+
'like ',
|
|
7
|
+
'@variable',
|
|
8
|
+
'@@variable',
|
|
9
|
+
'group by ',
|
|
10
|
+
'union ',
|
|
11
|
+
'select ',
|
|
12
|
+
'having ',
|
|
13
|
+
'as injectx',
|
|
14
|
+
'where ',
|
|
15
|
+
'rlike ',
|
|
16
|
+
'if(',
|
|
17
|
+
'sleep(',
|
|
18
|
+
'waitfor delay',
|
|
19
|
+
'benchmark(',
|
|
20
|
+
'pg_sleep(',
|
|
21
|
+
"'\\\"",
|
|
22
|
+
'randomblob(',
|
|
23
|
+
'order by ',
|
|
24
|
+
'union all ',
|
|
25
|
+
'+or',
|
|
26
|
+
'or ',
|
|
27
|
+
'and ',
|
|
28
|
+
"'' ",
|
|
29
|
+
'""" ',
|
|
30
|
+
'<script',
|
|
31
|
+
'javascript:',
|
|
32
|
+
];
|
|
33
|
+
export default sqlInjection;
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
/* eslint-disable no-script-url */
|
|
2
|
+
const xssInjection = [
|
|
3
|
+
'onkeypress=',
|
|
4
|
+
'onkeyup=',
|
|
5
|
+
'ondblclick=',
|
|
6
|
+
'onerror=',
|
|
7
|
+
'onmouseover=',
|
|
8
|
+
'<meta',
|
|
9
|
+
'<script',
|
|
10
|
+
'vascript:',
|
|
11
|
+
'onkeydown=',
|
|
12
|
+
'onmousedown=',
|
|
13
|
+
'onmouseenter=',
|
|
14
|
+
'onmouseleave=',
|
|
15
|
+
'onmousemove=',
|
|
16
|
+
'onmouseout=',
|
|
17
|
+
'onmouseup=',
|
|
18
|
+
'onmousewheel=',
|
|
19
|
+
'onpaste=',
|
|
20
|
+
'onscroll=',
|
|
21
|
+
'onwheel=',
|
|
22
|
+
'javascript:',
|
|
23
|
+
'\\x',
|
|
24
|
+
'eval(',
|
|
25
|
+
'onmouseover=',
|
|
26
|
+
'action=',
|
|
27
|
+
'xlink:',
|
|
28
|
+
'allowscriptaccess',
|
|
29
|
+
'href=',
|
|
30
|
+
'behavior:',
|
|
31
|
+
'onreadystatechange=',
|
|
32
|
+
'onstart=',
|
|
33
|
+
'offline=',
|
|
34
|
+
'onabort=',
|
|
35
|
+
'onafterprint=',
|
|
36
|
+
'onbeforeonload=',
|
|
37
|
+
'onbeforeprint=',
|
|
38
|
+
'onblur=',
|
|
39
|
+
'oncanplay=',
|
|
40
|
+
'oncanplaythrough=',
|
|
41
|
+
'onchange=',
|
|
42
|
+
'onclick=',
|
|
43
|
+
'oncontextmenu=',
|
|
44
|
+
'ondblclick=',
|
|
45
|
+
'ondrag=',
|
|
46
|
+
'ondragend=',
|
|
47
|
+
'ondragenter=',
|
|
48
|
+
'ondragleave=',
|
|
49
|
+
'ondragover=',
|
|
50
|
+
'ondragstart=',
|
|
51
|
+
'ondrop=',
|
|
52
|
+
'ondurationchange=',
|
|
53
|
+
'onemptied=',
|
|
54
|
+
'onended=',
|
|
55
|
+
'onerror=',
|
|
56
|
+
'onfocus=',
|
|
57
|
+
'onformchange=',
|
|
58
|
+
'onforminput=',
|
|
59
|
+
'onhaschange=',
|
|
60
|
+
'oninput=',
|
|
61
|
+
'oninvalid=',
|
|
62
|
+
'onkeydown=',
|
|
63
|
+
'onkeypress=',
|
|
64
|
+
'onkeyup=',
|
|
65
|
+
'onload=',
|
|
66
|
+
'onloadeddata=',
|
|
67
|
+
'onloadedmetadata=',
|
|
68
|
+
'onloadstart=',
|
|
69
|
+
'alert(',
|
|
70
|
+
'script:',
|
|
71
|
+
];
|
|
72
|
+
export default xssInjection;
|
|
@@ -1,8 +1,6 @@
|
|
|
1
|
-
import redisClients from './funcs/redisClients.js';
|
|
2
|
-
import getRedis from './funcs/getRedis.js';
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
export default redisClients[0];
|
|
1
|
+
import redisClients from './funcs/redisClients.js';
|
|
2
|
+
import getRedis from './funcs/getRedis.js';
|
|
3
|
+
if (!redisClients[0]) {
|
|
4
|
+
getRedis({ db: 0 });
|
|
5
|
+
}
|
|
6
|
+
export default redisClients[0];
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/* eslint-disable no-console */
|
|
2
|
+
import { Redis } from "ioredis";
|
|
3
|
+
// import Redis from 'ioredis';
|
|
4
|
+
import config from "../../../../config.js";
|
|
5
|
+
import redisClients from "./redisClients.js";
|
|
6
|
+
function getRedis({ db } = { db: 0 }) {
|
|
7
|
+
if (!config.redis)
|
|
8
|
+
return null;
|
|
9
|
+
if (redisClients[db])
|
|
10
|
+
return redisClients[db];
|
|
11
|
+
const redisConfig = {
|
|
12
|
+
db,
|
|
13
|
+
keyPrefix: `${config.db}:`,
|
|
14
|
+
host: config.redis?.host || "127.0.0.1",
|
|
15
|
+
port: config.redis?.port || 6379, // Redis port
|
|
16
|
+
family: 4, // 4 (IPv4) or 6 (IPv6)
|
|
17
|
+
closeClient: true,
|
|
18
|
+
};
|
|
19
|
+
redisClients[db] = new Redis(redisConfig);
|
|
20
|
+
console.log("redis connected", db);
|
|
21
|
+
return redisClients[db];
|
|
22
|
+
}
|
|
23
|
+
export default getRedis;
|
|
@@ -1,3 +1,2 @@
|
|
|
1
|
-
const redisClients = {};
|
|
2
|
-
|
|
3
|
-
export default redisClients;
|
|
1
|
+
const redisClients = {};
|
|
2
|
+
export default redisClients;
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import path from "node:path";
|
|
2
|
+
const { name: execName } = path.parse(process.argv0);
|
|
3
|
+
// import Database from 'better-sqlite3'; // error with bun
|
|
4
|
+
const { default: Database } = execName === "bun"
|
|
5
|
+
? // @ts-expect-error bun internal module
|
|
6
|
+
{ default: (await import("bun:sqlite")).Database }
|
|
7
|
+
: await import("better-sqlite3");
|
|
8
|
+
import config from "../../../../config.js";
|
|
9
|
+
import sqliteClients from "../sqliteClients.js";
|
|
10
|
+
import init from "./init.js";
|
|
11
|
+
function getSqliteAsync({ name, readonly = false, fileMustExist = false, statement_timeout: timeout = 10000, } = {}) {
|
|
12
|
+
if (!config.sqlite)
|
|
13
|
+
return null;
|
|
14
|
+
if (sqliteClients.client?.tlist) {
|
|
15
|
+
return sqliteClients.client;
|
|
16
|
+
}
|
|
17
|
+
const dbConfig = {
|
|
18
|
+
readonly,
|
|
19
|
+
fileMustExist,
|
|
20
|
+
timeout,
|
|
21
|
+
verbose: config.trace ? console.log : undefined,
|
|
22
|
+
};
|
|
23
|
+
sqliteClients.client = new Database(name || ":memory:", execName === "bun" ? undefined : dbConfig);
|
|
24
|
+
init(sqliteClients.client);
|
|
25
|
+
return sqliteClients.client;
|
|
26
|
+
}
|
|
27
|
+
export default getSqliteAsync;
|