@opengis/fastify-table 2.0.105 → 2.0.107

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/dist/config.d.ts.map +1 -1
  2. package/dist/script/adduser +15 -0
  3. package/dist/script/dump.js +176 -0
  4. package/dist/script/migrate.js +25 -0
  5. package/dist/server/migrations/users.sql +1 -1
  6. package/dist/server/plugins/auth/funcs/verifyPassword.d.ts.map +1 -1
  7. package/dist/server/plugins/auth/funcs/verifyPassword.js +3 -1
  8. package/dist/server/plugins/crud/funcs/dataInsert.js +1 -1
  9. package/dist/server/plugins/crud/funcs/dataUpdate.d.ts.map +1 -1
  10. package/dist/server/plugins/crud/funcs/dataUpdate.js +7 -4
  11. package/dist/server/plugins/file/providers/s3/client.d.ts +12 -4
  12. package/dist/server/plugins/file/providers/s3/client.d.ts.map +1 -1
  13. package/dist/server/plugins/file/providers/s3/client.js +21 -15
  14. package/dist/server/plugins/file/providers/s3/funcs/downloadFile.d.ts +1 -1
  15. package/dist/server/plugins/file/providers/s3/funcs/downloadFile.d.ts.map +1 -1
  16. package/dist/server/plugins/file/providers/s3/funcs/downloadFile.js +9 -4
  17. package/dist/server/plugins/file/providers/s3/funcs/fileExists.d.ts +1 -1
  18. package/dist/server/plugins/file/providers/s3/funcs/fileExists.d.ts.map +1 -1
  19. package/dist/server/plugins/file/providers/s3/funcs/fileExists.js +13 -10
  20. package/dist/server/plugins/file/providers/s3/funcs/uploadFile.d.ts +1 -1
  21. package/dist/server/plugins/file/providers/s3/funcs/uploadFile.d.ts.map +1 -1
  22. package/dist/server/plugins/file/providers/s3/funcs/uploadFile.js +4 -4
  23. package/dist/server/plugins/file/providers/s3/funcs/utils/getS3FilePath.d.ts +1 -1
  24. package/dist/server/plugins/file/providers/s3/funcs/utils/getS3FilePath.d.ts.map +1 -1
  25. package/dist/server/plugins/file/providers/s3/funcs/utils/getS3FilePath.js +1 -1
  26. package/dist/server/plugins/file/providers/s3/index.d.ts +1 -1
  27. package/dist/server/plugins/logger/getLogger.d.ts.map +1 -1
  28. package/dist/server/plugins/logger/getLogger.js +13 -10
  29. package/dist/server/plugins/logger/index.d.ts.map +1 -1
  30. package/dist/server/plugins/logger/index.js +7 -3
  31. package/dist/server/plugins/pg/funcs/getPG.d.ts.map +1 -1
  32. package/dist/server/plugins/pg/funcs/getPG.js +1 -0
  33. package/dist/server/plugins/pg/funcs/getPGAsync.js +1 -1
  34. package/dist/server/plugins/pg/funcs/init.d.ts +1 -1
  35. package/dist/server/plugins/pg/funcs/init.d.ts.map +1 -1
  36. package/dist/server/plugins/pg/funcs/init.js +20 -5
  37. package/dist/server/plugins/pg/funcs/pool.d.ts.map +1 -1
  38. package/dist/server/plugins/pg/funcs/pool.js +10 -16
  39. package/dist/server/plugins/pg/index.d.ts.map +1 -1
  40. package/dist/server/plugins/pg/index.js +3 -2
  41. package/dist/server/plugins/redis/funcs/getRedis.d.ts.map +1 -1
  42. package/dist/server/plugins/redis/funcs/getRedis.js +6 -4
  43. package/dist/server/plugins/redis/index.d.ts.map +1 -1
  44. package/dist/server/plugins/redis/index.js +4 -1
  45. package/dist/server/plugins/sqlite/index.d.ts.map +1 -1
  46. package/dist/server/plugins/sqlite/index.js +7 -3
  47. package/dist/server/plugins/table/funcs/getFilter.d.ts +1 -1
  48. package/dist/server/plugins/table/funcs/getFilter.d.ts.map +1 -1
  49. package/dist/server/plugins/table/funcs/getFilter.js +14 -1
  50. package/dist/server/plugins/table/funcs/getSelectMeta.d.ts +4 -2
  51. package/dist/server/plugins/table/funcs/getSelectMeta.d.ts.map +1 -1
  52. package/dist/server/plugins/table/funcs/getSelectMeta.js +21 -7
  53. package/dist/server/plugins/table/funcs/gisIRColumn.d.ts +2 -2
  54. package/dist/server/plugins/table/funcs/gisIRColumn.js +1 -1
  55. package/dist/server/plugins/util/funcs/unflattenObject.d.ts.map +1 -1
  56. package/dist/server/plugins/util/funcs/unflattenObject.js +3 -1
  57. package/dist/server/routes/access/controllers/access.group.d.ts +2 -2
  58. package/dist/server/routes/access/controllers/access.group.d.ts.map +1 -1
  59. package/dist/server/routes/access/controllers/access.group.js +0 -1
  60. package/dist/server/routes/access/controllers/access.group.post.d.ts +2 -2
  61. package/dist/server/routes/access/controllers/access.group.post.d.ts.map +1 -1
  62. package/dist/server/routes/access/controllers/access.group.post.js +0 -1
  63. package/dist/server/routes/auth/controllers/core/registration.d.ts +1 -4
  64. package/dist/server/routes/auth/controllers/core/registration.d.ts.map +1 -1
  65. package/dist/server/routes/auth/controllers/core/registration.js +28 -9
  66. package/dist/server/routes/auth/controllers/core/updateUserInfo.js +1 -1
  67. package/dist/server/routes/auth/controllers/jwt/authorize.js +5 -5
  68. package/dist/server/routes/auth/controllers/jwt/token.d.ts.map +1 -1
  69. package/dist/server/routes/auth/controllers/jwt/token.js +10 -12
  70. package/dist/server/routes/cron/controllers/cronApi.d.ts +1 -1
  71. package/dist/server/routes/cron/controllers/cronApi.d.ts.map +1 -1
  72. package/dist/server/routes/cron/controllers/cronApi.js +5 -3
  73. package/dist/server/routes/crud/controllers/insert.d.ts +1 -4
  74. package/dist/server/routes/crud/controllers/insert.d.ts.map +1 -1
  75. package/dist/server/routes/crud/controllers/insert.js +24 -16
  76. package/dist/server/routes/crud/controllers/table.d.ts.map +1 -1
  77. package/dist/server/routes/crud/controllers/table.js +13 -6
  78. package/dist/server/routes/crud/controllers/update.d.ts.map +1 -1
  79. package/dist/server/routes/crud/controllers/update.js +23 -15
  80. package/dist/server/routes/file/controllers/delete.d.ts +1 -15
  81. package/dist/server/routes/file/controllers/delete.d.ts.map +1 -1
  82. package/dist/server/routes/file/controllers/delete.js +13 -20
  83. package/dist/server/routes/file/controllers/download.d.ts +2 -2
  84. package/dist/server/routes/file/controllers/download.d.ts.map +1 -1
  85. package/dist/server/routes/file/controllers/download.js +39 -30
  86. package/dist/server/routes/file/controllers/files.d.ts +2 -1
  87. package/dist/server/routes/file/controllers/files.d.ts.map +1 -1
  88. package/dist/server/routes/file/controllers/files.js +15 -11
  89. package/dist/server/routes/file/controllers/resize.d.ts +1 -2
  90. package/dist/server/routes/file/controllers/resize.d.ts.map +1 -1
  91. package/dist/server/routes/file/controllers/resize.js +17 -6
  92. package/dist/server/routes/file/controllers/upload.d.ts.map +1 -1
  93. package/dist/server/routes/file/controllers/upload.js +17 -16
  94. package/dist/server/routes/file/controllers/uploadImage.d.ts +11 -13
  95. package/dist/server/routes/file/controllers/uploadImage.d.ts.map +1 -1
  96. package/dist/server/routes/file/controllers/uploadImage.js +13 -15
  97. package/dist/server/routes/logger/controllers/logger.file.js +1 -1
  98. package/dist/server/routes/menu/controllers/interfaces.d.ts +1 -7
  99. package/dist/server/routes/menu/controllers/interfaces.d.ts.map +1 -1
  100. package/dist/server/routes/table/controllers/card.d.ts +1 -1
  101. package/dist/server/routes/table/controllers/card.d.ts.map +1 -1
  102. package/dist/server/routes/table/controllers/card.js +15 -9
  103. package/dist/server/routes/table/controllers/filter.d.ts +1 -1
  104. package/dist/server/routes/table/controllers/filter.d.ts.map +1 -1
  105. package/dist/server/routes/table/controllers/filter.js +2 -2
  106. package/dist/server/routes/table/controllers/form.d.ts +1 -1
  107. package/dist/server/routes/table/controllers/form.d.ts.map +1 -1
  108. package/dist/server/routes/table/controllers/form.js +8 -5
  109. package/dist/server/routes/table/controllers/search.d.ts +1 -1
  110. package/dist/server/routes/table/controllers/search.d.ts.map +1 -1
  111. package/dist/server/routes/table/controllers/search.js +5 -6
  112. package/dist/server/routes/table/controllers/suggest.d.ts +1 -1
  113. package/dist/server/routes/table/controllers/suggest.d.ts.map +1 -1
  114. package/dist/server/routes/table/controllers/suggest.js +53 -24
  115. package/dist/server/routes/table/functions/getData.d.ts +1 -1
  116. package/dist/server/routes/table/functions/getData.d.ts.map +1 -1
  117. package/dist/server/routes/table/functions/getData.js +60 -34
  118. package/dist/server/routes/util/controllers/config.d.ts +2 -0
  119. package/dist/server/routes/util/controllers/config.d.ts.map +1 -0
  120. package/dist/server/routes/util/controllers/config.js +33 -0
  121. package/dist/server/routes/util/index.js +2 -2
  122. package/dist/server/types/core.d.ts +7 -0
  123. package/dist/server/types/core.d.ts.map +1 -1
  124. package/dist/utils.d.ts +1 -0
  125. package/dist/utils.d.ts.map +1 -1
  126. package/dist/utils.js +1 -0
  127. package/package.json +3 -3
package/dist/server/routes/auth/controllers/jwt/token.js CHANGED
@@ -14,19 +14,17 @@ export default async function oauthToken(req, reply) {
14
14
  const payload = req.method === "POST" ? body : query;
15
15
  const { grant_type, client_id, code, redirect_uri, code_verifier } = payload;
16
16
  if (grant_type !== "authorization_code") {
17
- return reply
18
- .code(400)
19
- .send({ message: "unsupported grant_type", code: 400 });
17
+ return reply.code(400).send({ error: "unsupported grant_type", code: 400 });
20
18
  }
21
19
  if (!client_id) {
22
20
  return reply
23
21
  .code(400)
24
- .send({ message: "not enough params: client_id", code: 400 });
22
+ .send({ error: "not enough params: client_id", code: 400 });
25
23
  }
26
24
  if (!code) {
27
25
  return reply
28
26
  .code(400)
29
- .send({ message: "not enough params: code", code: 400 });
27
+ .send({ error: "not enough params: code", code: 400 });
30
28
  }
31
29
  const q = `select owner_user_id, client_secret_hash, redirect_uris from oauth.clients where client_id=$1 and token_endpoint_auth_method=$2`;
32
30
  const { owner_user_id: userId, client_secret_hash: secret, redirect_uris = [], } = pg.pk?.["oauth.clients"]
@@ -41,31 +39,31 @@ export default async function oauthToken(req, reply) {
41
39
  if (storedIp !== ip) {
42
40
  return reply
43
41
  .code(403)
44
- .send({ message: "access restricted: wrong IP address", code: 403 });
42
+ .send({ error: "access restricted: wrong IP address", code: 403 });
45
43
  }
46
44
  if (!stored) {
47
45
  return reply
48
46
  .code(403)
49
- .send({ message: "access restricted: code expired", code: 403 });
47
+ .send({ error: "access restricted: code expired", code: 403 });
50
48
  }
51
49
  const isValid = await scryptVerify(stored, code);
52
50
  if (!isValid) {
53
51
  return reply
54
52
  .code(403)
55
- .send({ message: "access restricted: stored code mismatch", code: 403 });
53
+ .send({ error: "access restricted: stored code mismatch", code: 403 });
56
54
  }
57
55
  if (!isCodeValid) {
58
56
  return reply
59
57
  .code(403)
60
- .send({ message: "access restricted: invalid code", code: 403 });
58
+ .send({ error: "access restricted: invalid code", code: 403 });
61
59
  }
62
60
  if (!userId) {
63
- return reply.code(400).send({ message: "invalid client id", code: 400 });
61
+ return reply.code(400).send({ error: "invalid client id", code: 400 });
64
62
  }
65
63
  if (redirect_uri &&
66
64
  Array.isArray(redirect_uris) &&
67
65
  !redirect_uris.includes(redirect_uri)) {
68
- return reply.code(400).send({ message: "invalid redirect_uri", code: 400 });
66
+ return reply.code(400).send({ error: "invalid redirect_uri", code: 400 });
69
67
  }
70
68
  const user = pg.pk?.["admin.users"]
71
69
  ? await pg
@@ -75,7 +73,7 @@ export default async function oauthToken(req, reply) {
75
73
  .then((el) => el.rows[0])
76
74
  : null;
77
75
  if (!user) {
78
- return reply.code(404).send({ message: "user not found", code: 404 });
76
+ return reply.code(404).send({ error: "user not found", code: 404 });
79
77
  }
80
78
  const expire = expires_at ? expires_at - Date.now() : expireMsec;
81
79
  const href1 = await authorizeUser(user, req, "jwt", expire);
package/dist/server/routes/cron/controllers/cronApi.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- export default function cronApi(req: any): Promise<any>;
1
+ export default function cronApi(req: any, reply: any): Promise<any>;
2
2
  //# sourceMappingURL=cronApi.d.ts.map
package/dist/server/routes/cron/controllers/cronApi.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cronApi.d.ts","sourceRoot":"","sources":["../../../../../server/routes/cron/controllers/cronApi.ts"],"names":[],"mappings":"AAEA,wBAA8B,OAAO,CAAC,GAAG,EAAE,GAAG,gBAoB7C"}
1
+ {"version":3,"file":"cronApi.d.ts","sourceRoot":"","sources":["../../../../../server/routes/cron/controllers/cronApi.ts"],"names":[],"mappings":"AAEA,wBAA8B,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAsBzD"}
package/dist/server/routes/cron/controllers/cronApi.js CHANGED
@@ -1,15 +1,17 @@
1
1
  import cronList from "../../../plugins/cron/cronList.js";
2
- export default async function cronApi(req) {
2
+ export default async function cronApi(req, reply) {
3
3
  const { params = {}, user = {}, hostname } = req;
4
4
  if ((!user.uid || !user.user_type?.includes("admin")) &&
5
5
  !hostname?.includes("local")) {
6
- return { message: "access restricted", status: 403 };
6
+ return reply.status(403).send({ error: "access restricted", code: 403 });
7
7
  }
8
8
  if (params.name === "list") {
9
9
  return { data: Object.keys(cronList || {}) };
10
10
  }
11
11
  if (!cronList[params.name]) {
12
- return { message: `cron not found: ${params.name}`, status: 404 };
12
+ return reply
13
+ .status(404)
14
+ .send({ error: `cron not found: ${params.name}`, code: 404 });
13
15
  }
14
16
  const result = await cronList[params.name]?.(req);
15
17
  return result;
package/dist/server/routes/crud/controllers/insert.d.ts CHANGED
@@ -1,6 +1,3 @@
1
1
  import { type FastifyReply } from "fastify";
2
- export default function insert(req: any, reply: FastifyReply): Promise<{
3
- message: string;
4
- status: number;
5
- }>;
2
+ export default function insert(req: any, reply: FastifyReply): Promise<never>;
6
3
  //# sourceMappingURL=insert.d.ts.map
package/dist/server/routes/crud/controllers/insert.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY;;;GAsKjE"}
1
+ {"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBA4KjE"}
package/dist/server/routes/crud/controllers/insert.js CHANGED
@@ -2,7 +2,7 @@ import { applyHook, getAccess, getTemplate, checkXSS, checkSQL, dataInsert, getT
2
2
  export default async function insert(req, reply) {
3
3
  const { pg = pgClients.client, user = {}, params = {}, body = {}, headers = {}, } = req || {};
4
4
  if (!user) {
5
- return reply.status(403).send("access restricted");
5
+ return reply.status(403).send({ error: "access restricted", code: 403 });
6
6
  }
7
7
  const hookData = (await applyHook("preInsert", {
8
8
  pg,
@@ -11,7 +11,10 @@ export default async function insert(req, reply) {
11
11
  body,
12
12
  }));
13
13
  if (hookData?.message && hookData?.status) {
14
- return { message: hookData?.message, status: hookData?.status };
14
+ const response = hookData.status >= 400
15
+ ? { error: hookData.message, code: hookData.status }
16
+ : hookData.message;
17
+ return reply.status(hookData.status).send(response);
15
18
  }
16
19
  const { referer } = headers;
17
20
  const tokenData = await getToken({
@@ -30,18 +33,20 @@ export default async function insert(req, reply) {
30
33
  !config.local &&
31
34
  !config.security?.disableToken &&
32
35
  !config.auth?.disable) {
33
- return reply.status(400).send("invalid token");
36
+ return reply.status(400).send({ error: "invalid token", code: 400 });
34
37
  }
35
38
  if (!actions.includes("add") && !config.local && !tokenData) {
36
- return reply.status(403).send("access restricted: actions");
39
+ return reply
40
+ .status(403)
41
+ .send({ error: "access restricted: actions", code: 403 });
37
42
  }
38
43
  if (!add) {
39
- return reply.status(400).send("table is required");
44
+ return reply.status(400).send({ error: "table is required", code: 400 });
40
45
  }
41
46
  const loadTemplate = await getTemplate("table", add);
42
47
  const { table } = loadTemplate || hookData || tokenData || req.params || {};
43
48
  if (!table) {
44
- return reply.status(404).send("table not found");
49
+ return reply.status(404).send({ error: "table not found", code: 404 });
45
50
  }
46
51
  const formData = form || loadTemplate?.form
47
52
  ? (await getTemplate("form", form || loadTemplate?.form)) || {}
@@ -56,9 +61,10 @@ export default async function insert(req, reply) {
56
61
  uid: user?.uid,
57
62
  msg: xssCheck.error,
58
63
  });
59
- return reply
60
- .status(409)
61
- .send("Дані містять заборонені символи. Приберіть їх та спробуйте ще раз");
64
+ return reply.status(409).send({
65
+ error: "Дані містять заборонені символи. Приберіть їх та спробуйте ще раз",
66
+ code: 409,
67
+ });
62
68
  }
63
69
  const fieldCheck = validateData({ body, schema });
64
70
  if (fieldCheck.error) {
@@ -68,9 +74,10 @@ export default async function insert(req, reply) {
68
74
  uid: user?.uid,
69
75
  ...fieldCheck,
70
76
  });
71
- return reply
72
- .status(409)
73
- .send("Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз");
77
+ return reply.status(409).send({
78
+ error: "Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз",
79
+ code: 409,
80
+ });
74
81
  }
75
82
  const sqlCheck = checkSQL({ body, schema });
76
83
  if (sqlCheck.error) {
@@ -80,9 +87,10 @@ export default async function insert(req, reply) {
80
87
  uid: user?.uid,
81
88
  ...sqlCheck,
82
89
  });
83
- return reply
84
- .status(409)
85
- .send("Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз");
90
+ return reply.status(409).send({
91
+ error: "Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз",
92
+ code: 409,
93
+ });
86
94
  }
87
95
  if (![add, table].includes("admin.users")) {
88
96
  Object.assign(body, { uid: user?.uid, editor_id: user?.uid });
@@ -104,7 +112,7 @@ export default async function insert(req, reply) {
104
112
  referer,
105
113
  });
106
114
  if (!res) {
107
- return reply.status(400).send("nothing added");
115
+ return reply.status(400).send({ error: "nothing added", code: 400 });
108
116
  }
109
117
  // admin.custom_column
110
118
  await applyHook("afterInsert", {
package/dist/server/routes/crud/controllers/table.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAe5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,gBA0NZ"}
1
+ {"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAe5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,gBAkOZ"}
package/dist/server/routes/crud/controllers/table.js CHANGED
@@ -22,14 +22,15 @@ export default async function tableAPI(req, reply, called) {
22
22
  if (!loadTable &&
23
23
  !pg.pk?.[tokenData?.table] &&
24
24
  !(pg.pk?.[templateName] && called)) {
25
- return reply.status(404).send("not found");
25
+ return reply.status(404).send({ error: "not found", code: 404 });
26
26
  }
27
27
  const { table: table1 = params.table, form: form1, obj, } = hookData || loadTable || tokenData || {};
28
28
  const table = loadTable?.table || table1;
29
29
  const form = loadTable?.form || form1;
30
30
  const id = hookData?.id || tokenData?.id || params.id;
31
- if (tokenData && !id)
32
- return { message: {} };
31
+ if (tokenData && !id) {
32
+ return reply.status(403).send({ error: "invalid token", code: 403 });
33
+ }
33
34
  if (!table && !id) {
34
35
  return reply.status(400).send("not enough params");
35
36
  }
@@ -46,14 +47,18 @@ export default async function tableAPI(req, reply, called) {
46
47
  return reply.status(400).send("invalid token");
47
48
  }
48
49
  if (!actions.includes("edit") && !config?.local && !tokenData && !called) {
49
- return reply.status(403).send("access restricted: actions");
50
+ return reply
51
+ .status(403)
52
+ .send({ error: "access restricted: actions", code: 403 });
50
53
  }
51
54
  const { pk, columns: dbColumns = [] } = await getMeta({
52
55
  pg,
53
56
  table,
54
57
  });
55
58
  if (!pk) {
56
- return reply.status(404).send(`table not found: ${table}`);
59
+ return reply
60
+ .status(404)
61
+ .send({ error: `table not found: ${table}`, code: 404 });
57
62
  }
58
63
  // const cols = columns.map((el) => el.name || el).join(',');
59
64
  const formData = (await getTemplate("form", form)) || {};
@@ -107,7 +112,9 @@ export default async function tableAPI(req, reply, called) {
107
112
  .query(q.replace(/{{uid}}/, user?.uid), [id])
108
113
  .then((el) => el.rows[0]);
109
114
  if (!data) {
110
- return reply.status(404).send(`object not found: ${id}`);
115
+ return reply
116
+ .status(404)
117
+ .send({ error: `object not found: ${id}`, code: 404 });
111
118
  }
112
119
  Object.keys(schema)
113
120
  .filter((key) => schema[key]?.type === "DataTable")
package/dist/server/routes/crud/controllers/update.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAeA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAsLxD"}
1
+ {"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAeA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBA4LxD"}
package/dist/server/routes/crud/controllers/update.js CHANGED
@@ -4,7 +4,7 @@ import insert from "./insert.js";
4
4
  export default async function update(req, reply) {
5
5
  const { pg = pgClients.client, user, params = {}, body = {}, headers = {}, unittest, } = req;
6
6
  if (!user) {
7
- return reply.status(403).send("access restricted");
7
+ return reply.status(403).send({ error: "access restricted", code: 403 });
8
8
  }
9
9
  const hookData = (await applyHook("preUpdate", {
10
10
  pg,
@@ -13,7 +13,10 @@ export default async function update(req, reply) {
13
13
  user,
14
14
  }));
15
15
  if (hookData?.message && hookData?.status) {
16
- return { message: hookData?.message, status: hookData?.status };
16
+ const response = hookData.status >= 400
17
+ ? { error: hookData.message, code: hookData.status }
18
+ : hookData.message;
19
+ return reply.status(hookData.status).send(response);
17
20
  }
18
21
  const { referer } = headers;
19
22
  const tokenData = await getToken({
@@ -37,19 +40,21 @@ export default async function update(req, reply) {
37
40
  !config.local &&
38
41
  !config.security?.disableToken &&
39
42
  !config.auth?.disable) {
40
- return reply.status(400).send("invalid token");
43
+ return reply.status(400).send({ error: "invalid token", code: 400 });
41
44
  }
42
45
  if (!actions.includes("edit") && !config.local && !tokenData) {
43
- return reply.status(403).send("access restricted: actions");
46
+ return reply
47
+ .status(403)
48
+ .send({ error: "access restricted: actions", code: 403 });
44
49
  }
45
50
  if (!edit) {
46
- return reply.status(400).send("table is required");
51
+ return reply.status(400).send({ error: "table is required", code: 400 });
47
52
  }
48
53
  if (!id && tokenData?.table) {
49
54
  return insert(req, reply);
50
55
  }
51
56
  if (!id) {
52
- return reply.status(400).send("id is required");
57
+ return reply.status(400).send({ error: "id is required", code: 400 });
53
58
  }
54
59
  const loadTemplate = await getTemplate("table", edit);
55
60
  const { table } = loadTemplate || hookData || tokenData || params || {};
@@ -69,9 +74,10 @@ export default async function update(req, reply) {
69
74
  const xssCheck = checkXSS({ body, schema });
70
75
  if (xssCheck.error && formData?.xssCheck !== false) {
71
76
  logger.file("injection/xss", { msg: xssCheck.error, table }, req);
72
- return reply
73
- .status(409)
74
- .send("Дані містять заборонені символи. Приберіть їх та спробуйте ще раз");
77
+ return reply.status(409).send({
78
+ error: "Дані містять заборонені символи. Приберіть їх та спробуйте ще раз",
79
+ code: 409,
80
+ });
75
81
  }
76
82
  const fieldCheck = validateData({ body, schema });
77
83
  if (fieldCheck.error) {
@@ -81,9 +87,10 @@ export default async function update(req, reply) {
81
87
  uid: user?.uid,
82
88
  ...fieldCheck,
83
89
  });
84
- return reply
85
- .status(409)
86
- .send("Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз");
90
+ return reply.status(409).send({
91
+ error: "Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз",
92
+ code: 409,
93
+ });
87
94
  }
88
95
  const sqlCheck = checkSQL({ body, schema });
89
96
  if (sqlCheck.error) {
@@ -93,9 +100,10 @@ export default async function update(req, reply) {
93
100
  uid: user?.uid,
94
101
  ...sqlCheck,
95
102
  });
96
- return reply
97
- .status(409)
98
- .send("Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз");
103
+ return reply.status(409).send({
104
+ error: "Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз",
105
+ code: 409,
106
+ });
99
107
  }
100
108
  if (tokenData?.obj) {
101
109
  const objData = tokenData.obj?.split("#").reduce((p, el) => ({
package/dist/server/routes/file/controllers/delete.d.ts CHANGED
@@ -16,19 +16,5 @@
16
16
  * @returns {Object} headers Заголовки HTTP
17
17
  * @returns {String} message Повідомлення про успішне виконання або об'єкт з параметрами
18
18
  */
19
- export default function deleteFileAPI(req: any): Promise<{
20
- message: string;
21
- status: number;
22
- } | {
23
- message: {
24
- id: any;
25
- filepath: any;
26
- };
27
- status: number;
28
- error?: undefined;
29
- } | {
30
- error: any;
31
- status: number;
32
- message?: undefined;
33
- }>;
19
+ export default function deleteFileAPI(req: any, reply: any): Promise<any>;
34
20
  //# sourceMappingURL=delete.d.ts.map
package/dist/server/routes/file/controllers/delete.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"delete.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/delete.ts"],"names":[],"mappings":"AAIA;;;;;;;;;;;;;;;;;GAiBG;AAEH,wBAA8B,aAAa,CAAC,GAAG,EAAE,GAAG;;;;;;;;;;;;;;GAyFnD"}
1
+ {"version":3,"file":"delete.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/delete.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;GAiBG;AAEH,wBAA8B,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAoF/D"}
package/dist/server/routes/file/controllers/delete.js CHANGED
@@ -1,5 +1,4 @@
1
1
  import { config, dataUpdate, logger, pgClients } from "../../../../utils.js";
2
- const resp = { message: "File not found", status: 404 };
3
2
  /**
4
3
  * Апі використовується для видалення файлів за допомогою fs або s3
5
4
  *
@@ -18,15 +17,15 @@ const resp = { message: "File not found", status: 404 };
18
17
  * @returns {Object} headers Заголовки HTTP
19
18
  * @returns {String} message Повідомлення про успішне виконання або об'єкт з параметрами
20
19
  */
21
- export default async function deleteFileAPI(req) {
20
+ export default async function deleteFileAPI(req, reply) {
22
21
  const { pg = pgClients.client, params = {}, user = {} } = req;
22
+ const { uid, user_rnokpp: rnokpp } = user;
23
23
  if (!params["*"]) {
24
- return resp;
24
+ return reply.status(404).send({ error: "File not found", code: 404 });
25
25
  }
26
26
  const filename = params["*"].startsWith("/") || /^[0-9]+$/.test(params["*"])
27
27
  ? params["*"]
28
28
  : `/${params["*"]}`;
29
- const { uid, user_rnokpp: rnokpp } = user;
30
29
  if (!filename) {
31
30
  logger.file("file", {
32
31
  level: "INFO",
@@ -36,7 +35,7 @@ export default async function deleteFileAPI(req) {
36
35
  uid,
37
36
  rnokpp,
38
37
  });
39
- return resp;
38
+ return reply.status(404).send({ error: "File not found", code: 404 });
40
39
  }
41
40
  if (filename.includes("..")) {
42
41
  logger.file("file", {
@@ -47,7 +46,7 @@ export default async function deleteFileAPI(req) {
47
46
  uid,
48
47
  rnokpp,
49
48
  });
50
- return resp;
49
+ return reply.status(404).send({ error: "File not found", code: 404 });
51
50
  }
52
51
  try {
53
52
  const result = await pg
@@ -64,36 +63,30 @@ export default async function deleteFileAPI(req) {
64
63
  logger.file("file", {
65
64
  level: "INFO",
66
65
  type: "delete",
67
- message: resp.message,
66
+ message: "file not found",
68
67
  file: params["*"],
69
68
  uid,
70
69
  rnokpp,
71
70
  });
72
- return resp;
71
+ return reply.status(404).send({ error: "File not found", code: 404 });
73
72
  }
74
73
  const message = { id: res.file_id, filepath: res.file_path };
75
- logger.file("file", {
76
- level: "INFO",
77
- type: "delete",
74
+ logger.file("file/delete", {
78
75
  message,
79
76
  file: params["*"],
80
77
  uid,
81
78
  rnokpp,
82
79
  });
83
- return { message, status: 200 };
80
+ return message;
84
81
  }
85
82
  catch (err) {
86
- logger.file("file", {
87
- level: "ERROR",
88
- type: "delete",
89
- message: err.toString(),
83
+ logger.file("file/delete", {
84
+ error: err.toString(),
90
85
  file: params["*"],
91
86
  uid,
92
87
  rnokpp,
93
88
  });
94
- return {
95
- error: config?.local ? err.toString() : "Помилка видалення файлу",
96
- status: 500,
97
- };
89
+ const error = config.local ? err.toString() : "Помилка видалення файлу";
90
+ return reply.status(500).send({ error, code: 500 });
98
91
  }
99
92
  }
package/dist/server/routes/file/controllers/download.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import type { FastifyReply } from "fastify";
1
2
  /**
2
3
  * Апі використовується для скачування файлів за допомогою fs або s3
3
4
  *
@@ -15,6 +16,5 @@
15
16
  * @returns {Object} headers Заголовки HTTP
16
17
  * @returns {String} pipe Шлях до файла для скачування або відображення
17
18
  */
18
- declare function download({ params }: any, reply: any): Promise<any>;
19
- export default download;
19
+ export default function download({ params, user }: any, reply: FastifyReply): Promise<any>;
20
20
  //# sourceMappingURL=download.d.ts.map
package/dist/server/routes/file/controllers/download.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"download.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/download.ts"],"names":[],"mappings":"AASA;;;;;;;;;;;;;;;;GAgBG;AAEH,iBAAe,QAAQ,CAAC,EACtB,MAAM,EACP,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAkCjB;AAED,eAAe,QAAQ,CAAC"}
1
+ {"version":3,"file":"download.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/download.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C;;;;;;;;;;;;;;;;GAgBG;AAEH,wBAA8B,QAAQ,CACpC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,GAAG,EACrB,KAAK,EAAE,YAAY,gBAgDpB"}
package/dist/server/routes/file/controllers/download.js CHANGED
@@ -1,6 +1,9 @@
1
- import path from 'node:path';
2
- import providers from '../../../plugins/file/providers/index.js';
3
- import getMimeType from '../../../plugins/file/providers/mime/index.js';
1
+ import path from "node:path";
2
+ import providers from "../../../plugins/file/providers/index.js";
3
+ import getMimeType from "../../../plugins/file/providers/mime/index.js";
4
+ import logger from "../../../plugins/logger/getLogger.js";
5
+ import applyHook from "../../../plugins/hook/applyHook.js";
6
+ const { downloadFile } = providers();
4
7
  /* const allowedPublicDirs = [
5
8
  'upload', 'page', 'site', 'maps', 'tmp', 'uploads', 'site_slider', 'module', 'product', 'image', 'geo_works_file',
6
9
  ]; */
@@ -21,36 +24,42 @@ import getMimeType from '../../../plugins/file/providers/mime/index.js';
21
24
  * @returns {Object} headers Заголовки HTTP
22
25
  * @returns {String} pipe Шлях до файла для скачування або відображення
23
26
  */
24
- async function download({ params }, reply) {
25
- if (!params?.['*'])
26
- return { message: 'not enough params', status: 400 };
27
- const filename = params['*'].startsWith('/') ? params['*'].slice(1) : params['*'];
28
- if (!filename)
29
- return { message: "required param 'filename'", status: 400 };
30
- if (filename?.includes?.('..'))
31
- return { message: 'wrong params', status: 400 };
32
- /* const { security } = getSettings();
33
- const { enabled: externalAccess } = await pg.one('select enabled from admin.data_api where account_name = $1 and api_key = $2', { args: [account, key] });
34
- if ((sid === 35 && !isUser && !externalAccess)
35
- || (sid === 1
36
- && !allowedPublicDirs.some((dir) => filename?.includes?.(`${dir}/`))
37
- && !security?.public_dirs?.split(',')?.some((dir) => filename?.includes?.(`${dir}/`)))
38
- ) {
39
- return { error: 'Немає доступу', status: 403 };
40
- } */
41
- const filepath = filename.startsWith('files/')
27
+ export default async function download({ params, user }, reply) {
28
+ if (!params?.["*"]) {
29
+ return reply.status(400).send({ error: "not enough params", code: 400 });
30
+ }
31
+ const filename = params["*"].startsWith("/")
32
+ ? params["*"].slice(1)
33
+ : params["*"];
34
+ if (!filename) {
35
+ return reply
36
+ .status(400)
37
+ .send({ error: "required param 'filename'", code: 400 });
38
+ }
39
+ if (filename.includes?.("../")) {
40
+ return reply.status(403).send({ error: "wrong params", code: 403 });
41
+ }
42
+ const filepath = filename.startsWith("files/")
42
43
  ? filename
43
- : path.join('files', filename);
44
- // download
45
- const fp = providers({});
46
- const fileStream = await fp.downloadFile(filepath);
47
- if (!fileStream)
48
- return { error: `Файл не знайдено - ${filename}`, status: 404 };
44
+ : path.join("files", filename);
45
+ const hookData = await applyHook("preDownload", {
46
+ user,
47
+ relpath: filepath,
48
+ reply,
49
+ });
50
+ if (hookData)
51
+ return hookData;
52
+ const fileStream = await downloadFile(filepath);
53
+ if (!fileStream) {
54
+ return reply
55
+ .status(404)
56
+ .send({ error: `Файл не знайдено - ${filename}`, code: 404 });
57
+ }
49
58
  const headers = {
50
- 'Content-Disposition': `attachment; filename=${path.basename(filename)}`,
51
- 'Content-Type': getMimeType(filepath),
59
+ "Content-Disposition": `attachment; filename=${path.basename(filename)}`,
60
+ "Content-Type": getMimeType(filepath),
52
61
  };
62
+ logger.file("file/download", { filepath: params["*"], uid: user?.uid });
53
63
  reply.headers(headers);
54
64
  return fileStream;
55
65
  }
56
- export default download;
package/dist/server/routes/file/controllers/files.d.ts CHANGED
@@ -17,9 +17,10 @@ import type { FastifyReply } from "fastify";
17
17
  * @returns {Object} headers Заголовки HTTP
18
18
  * @returns {String} pipe Шлях до файла для скачування або відображення
19
19
  */
20
- export default function getFile({ params }: {
20
+ export default function getFile({ params, user }: {
21
21
  params: {
22
22
  "*": string;
23
23
  };
24
+ user?: Record<string, any>;
24
25
  }, reply: FastifyReply): Promise<any>;
25
26
  //# sourceMappingURL=files.d.ts.map
package/dist/server/routes/file/controllers/files.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"files.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/files.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAU5C;;;;;;;;;;;;;;;;;GAiBG;AAEH,wBAA8B,OAAO,CACnC,EAAE,MAAM,EAAE,EAAE;IAAE,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,EACvC,KAAK,EAAE,YAAY,gBAgDpB"}
1
+ {"version":3,"file":"files.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/files.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAW5C;;;;;;;;;;;;;;;;;GAiBG;AAEH,wBAA8B,OAAO,CACnC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;IAAE,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAAE,EACzE,KAAK,EAAE,YAAY,gBAqDpB"}