@opengis/fastify-table 2.0.131 → 2.0.133
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/module/core/cls/constraint_type.json +14 -0
- package/dist/module/core/cls/constraint_type_table.json +18 -0
- package/dist/module/core/select/core.user_mentioned.sql +1 -1
- package/dist/server/plugins/crud/funcs/getAccess.js +1 -1
- package/dist/server/routes/crud/controllers/deleteCrud.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/deleteCrud.js +7 -1
- package/dist/server/routes/crud/controllers/insert.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/insert.js +7 -1
- package/dist/server/routes/crud/controllers/table.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/table.js +7 -1
- package/dist/server/routes/crud/controllers/update.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/update.js +7 -1
- package/dist/server/routes/file/controllers/export.js +4 -4
- package/dist/server/routes/table/controllers/card.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/card.js +1 -1
- package/dist/server/routes/table/controllers/cardData.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/cardData.js +6 -0
- package/dist/server/routes/table/controllers/getFormByTable.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/getFormByTable.js +7 -1
- package/dist/server/routes/table/functions/getData.d.ts.map +1 -1
- package/dist/server/routes/table/functions/getData.js +10 -4
- package/package.json +1 -1
- package/dist/server/plugins/hook/index.js +0 -39
- package/dist/server/routes/auth/controllers/2factor/generate.js +0 -38
- package/dist/server/routes/auth/controllers/2factor/toggle.js +0 -39
- package/dist/server/routes/logger/controllers/utils/checkUserAccess.js +0 -22
- package/dist/server/routes/logger/controllers/utils/getRootDir.js +0 -25
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
|
|
1
|
+
select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
|
|
2
2
|
where enabled order by coalesce(sur_name,'')||coalesce(' '||user_name,'')
|
|
@@ -31,7 +31,7 @@ where $1 in (a.route_id, a.alias, a.table_name) and $2 in (b.user_uid, d.user_ui
|
|
|
31
31
|
export default async function getAccess({ table, form, user = {}, method = 'GET' }, pg = pgClients.client) {
|
|
32
32
|
if (!table)
|
|
33
33
|
return null;
|
|
34
|
-
const hookData = await applyHook("getAccess", { table, user, pg });
|
|
34
|
+
const hookData = await applyHook("getAccess", { table, user, pg, method });
|
|
35
35
|
if (hookData)
|
|
36
36
|
return hookData;
|
|
37
37
|
const { uid, user_type: userType = "regular" } = user;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deleteCrud.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/deleteCrud.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAa5C,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"deleteCrud.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/deleteCrud.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAa5C,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBAsIrE"}
|
|
@@ -36,7 +36,13 @@ export default async function deleteCrud(req, reply) {
|
|
|
36
36
|
code: 403,
|
|
37
37
|
});
|
|
38
38
|
}
|
|
39
|
-
const { actions = [] } = (await getAccess({ table: del, id, user, method }, pg)) || {};
|
|
39
|
+
const { actions = [], message: accessMessage } = (await getAccess({ table: del, id, user, method }, pg)) || {};
|
|
40
|
+
if (accessMessage) {
|
|
41
|
+
return reply.status(403).send({
|
|
42
|
+
error: accessMessage,
|
|
43
|
+
code: 403,
|
|
44
|
+
});
|
|
45
|
+
}
|
|
40
46
|
if (!tokenData &&
|
|
41
47
|
!config?.local &&
|
|
42
48
|
!config.security?.disableToken &&
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAe5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAe5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBAqLjE"}
|
|
@@ -38,7 +38,13 @@ export default async function insert(req, reply) {
|
|
|
38
38
|
(config.security?.disableToken || config.local || config.auth?.disable
|
|
39
39
|
? req.params
|
|
40
40
|
: {});
|
|
41
|
-
const { actions = [] } = (await getAccess({ table: add, form, user, method }, pg)) || {};
|
|
41
|
+
const { actions = [], message: accessMessage } = (await getAccess({ table: add, form, user, method }, pg)) || {};
|
|
42
|
+
if (accessMessage) {
|
|
43
|
+
return reply.status(403).send({
|
|
44
|
+
error: accessMessage,
|
|
45
|
+
code: 403,
|
|
46
|
+
});
|
|
47
|
+
}
|
|
42
48
|
if (!tokenData &&
|
|
43
49
|
!config.local &&
|
|
44
50
|
!config.security?.disableToken &&
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAc5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAc5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,gBA0OZ"}
|
|
@@ -41,13 +41,19 @@ export default async function tableAPI(req, reply, called) {
|
|
|
41
41
|
if (!table && !id) {
|
|
42
42
|
return reply.status(400).send("not enough params");
|
|
43
43
|
}
|
|
44
|
-
const { actions = [], query: accessQuery } = (await getAccess({
|
|
44
|
+
const { actions = [], query: accessQuery, message: accessMessage } = (await getAccess({
|
|
45
45
|
table: templateName,
|
|
46
46
|
form,
|
|
47
47
|
id,
|
|
48
48
|
user,
|
|
49
49
|
method,
|
|
50
50
|
}, pg)) || {};
|
|
51
|
+
if (accessMessage) {
|
|
52
|
+
return reply.status(403).send({
|
|
53
|
+
error: accessMessage,
|
|
54
|
+
code: 403,
|
|
55
|
+
});
|
|
56
|
+
}
|
|
51
57
|
if (!tokenData &&
|
|
52
58
|
!config?.local &&
|
|
53
59
|
!config.security?.disableToken &&
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAeA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAeA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAqMxD"}
|
|
@@ -40,13 +40,19 @@ export default async function update(req, reply) {
|
|
|
40
40
|
(config.security?.disableToken || config.local || config.auth?.disable
|
|
41
41
|
? params
|
|
42
42
|
: {});
|
|
43
|
-
const { actions = [] } = (await getAccess({
|
|
43
|
+
const { actions = [], message: accessMessage } = (await getAccess({
|
|
44
44
|
table: edit,
|
|
45
45
|
form,
|
|
46
46
|
id,
|
|
47
47
|
user,
|
|
48
48
|
method,
|
|
49
49
|
}, pg)) || {};
|
|
50
|
+
if (accessMessage) {
|
|
51
|
+
return reply.status(403).send({
|
|
52
|
+
error: accessMessage,
|
|
53
|
+
code: 403,
|
|
54
|
+
});
|
|
55
|
+
}
|
|
50
56
|
if (!tokenData &&
|
|
51
57
|
!config.local &&
|
|
52
58
|
!config.security?.disableToken &&
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
/* eslint-disable no-await-in-loop */
|
|
5
5
|
/* eslint-disable no-nested-ternary */
|
|
6
6
|
import path from "node:path";
|
|
7
|
-
import { createHash } from "node:crypto";
|
|
7
|
+
import { createHash, randomUUID } from "node:crypto";
|
|
8
8
|
import { existsSync } from "node:fs";
|
|
9
9
|
import { appendFile, mkdir, readFile, rm, writeFile } from "node:fs/promises";
|
|
10
10
|
import config from "../../../../config.js";
|
|
@@ -59,7 +59,7 @@ export default async function exportTable({ pg = pgClients.client, headers, user
|
|
|
59
59
|
date.getFullYear(),
|
|
60
60
|
date.getMonth(),
|
|
61
61
|
date.getDate(),
|
|
62
|
-
date.getHours(),
|
|
62
|
+
// date.getHours(),
|
|
63
63
|
].join("-");
|
|
64
64
|
const objInfo = createHash("md5")
|
|
65
65
|
.update([sufixName, sufixDate].join("-"))
|
|
@@ -179,8 +179,8 @@ export default async function exportTable({ pg = pgClients.client, headers, user
|
|
|
179
179
|
// export xlsx / csv / json
|
|
180
180
|
const source = loadTable?.title || loadTable?.ua || table || sourceName;
|
|
181
181
|
const interval = setInterval(async () => {
|
|
182
|
-
send("process query...");
|
|
183
|
-
},
|
|
182
|
+
send("process query..." + randomUUID().split('-')[0]);
|
|
183
|
+
}, 10000);
|
|
184
184
|
// start stream only if total exceed limit, but use while anyway
|
|
185
185
|
const res = {};
|
|
186
186
|
let offset = 0;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"card.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/card.ts"],"names":[],"mappings":"AAOA,wBAA8B,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"card.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/card.ts"],"names":[],"mappings":"AAOA,wBAA8B,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAoItD"}
|
|
@@ -18,7 +18,7 @@ export default async function card(req, reply) {
|
|
|
18
18
|
: hookData.message;
|
|
19
19
|
return reply.status(hookData.status).send(response);
|
|
20
20
|
}
|
|
21
|
-
const { actions = [], scope, my, } = (await getAccess({
|
|
21
|
+
const { actions = [], scope, my, message: accessMessage, } = (await getAccess({
|
|
22
22
|
table: hookData?.table || params.table,
|
|
23
23
|
id: hookData?.id || params?.id,
|
|
24
24
|
user,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cardData.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/cardData.ts"],"names":[],"mappings":"AAuBA,wBAA8B,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"cardData.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/cardData.ts"],"names":[],"mappings":"AAuBA,wBAA8B,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBA8O7D"}
|
|
@@ -23,6 +23,12 @@ export default async function getCardData(req, reply) {
|
|
|
23
23
|
const time = Date.now();
|
|
24
24
|
const template = await getTemplate("card", table);
|
|
25
25
|
const access = (await getAccess({ table, id, user, method }, pg));
|
|
26
|
+
if (access?.message) {
|
|
27
|
+
return reply.status(403).send({
|
|
28
|
+
error: access.message,
|
|
29
|
+
code: 403,
|
|
30
|
+
});
|
|
31
|
+
}
|
|
26
32
|
if (!access?.actions?.length) {
|
|
27
33
|
return reply.status(403).send("access restricted");
|
|
28
34
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getFormByTable.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/getFormByTable.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAY5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAUzD,wBAA8B,OAAO,CACnC,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,KAAU,EACV,MAAM,GACP,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,EACD,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"getFormByTable.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/getFormByTable.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAY5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAUzD,wBAA8B,OAAO,CACnC,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,KAAU,EACV,MAAM,GACP,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,EACD,KAAK,EAAE,YAAY,gBA6KpB"}
|
|
@@ -36,7 +36,13 @@ export default async function getForm({ pg = pgClients.client, params, user = {}
|
|
|
36
36
|
if (!form) {
|
|
37
37
|
// return reply.status(404).send("form not found");
|
|
38
38
|
}
|
|
39
|
-
const { actions = [] } = (await getAccess({ table, id: edit, form, user, method }, pg)) || {};
|
|
39
|
+
const { actions = [], message: accessMessage } = (await getAccess({ table, id: edit, form, user, method }, pg)) || {};
|
|
40
|
+
if (accessMessage) {
|
|
41
|
+
return reply.status(403).send({
|
|
42
|
+
error: accessMessage,
|
|
43
|
+
code: 403,
|
|
44
|
+
});
|
|
45
|
+
}
|
|
40
46
|
const loadTemplate = await getTemplate("form", form || params.name);
|
|
41
47
|
if (!loadTemplate) {
|
|
42
48
|
return reply.status(404).send("form template not found");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getData.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/functions/getData.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AA4EzD,wBAA8B,OAAO,CACnC,EACE,EAAqB,EACrB,MAAM,EACN,KAAK,EACL,EAAE,EACF,OAAY,EACZ,KAAU,EACV,IAAS,EACT,YAAY,EACZ,KAAY,EACZ,UAAU,EACV,OAAO,EAAE,YAAY,EACrB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,EAAE,YAAY,GACtB,EAAE;IACD,EAAE,CAAC,EAAE,UAAU,CAAC;IAChB,MAAM,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,GAAG,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,EACD,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"getData.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/functions/getData.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AA4EzD,wBAA8B,OAAO,CACnC,EACE,EAAqB,EACrB,MAAM,EACN,KAAK,EACL,EAAE,EACF,OAAY,EACZ,KAAU,EACV,IAAS,EACT,YAAY,EACZ,KAAY,EACZ,UAAU,EACV,OAAO,EAAE,YAAY,EACrB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,EAAE,YAAY,GACtB,EAAE;IACD,EAAE,CAAC,EAAE,UAAU,CAAC;IAChB,MAAM,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,GAAG,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,EACD,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,GAAG,gBA60Bb"}
|
|
@@ -128,15 +128,21 @@ export default async function dataAPI({ pg = pgClients.client, params, table, id
|
|
|
128
128
|
return reply.status(404).send("template not found");
|
|
129
129
|
}
|
|
130
130
|
const objectId = tokenData?.id || hookData?.id || params?.id || id;
|
|
131
|
-
const { actions = [], query: accessQuery } = actionsParam
|
|
132
|
-
? { actions: actionsParam, query: accessQueryParam || "1=1" }
|
|
131
|
+
const { actions = [], query: accessQuery, message: accessMessage } = actionsParam
|
|
132
|
+
? { actions: actionsParam, query: accessQueryParam || "1=1", message: undefined }
|
|
133
133
|
: (await getAccess({
|
|
134
134
|
table: templateName,
|
|
135
135
|
id: objectId,
|
|
136
136
|
user,
|
|
137
137
|
method,
|
|
138
|
-
}, pg));
|
|
139
|
-
|
|
138
|
+
}, pg)) || {};
|
|
139
|
+
if (accessMessage) {
|
|
140
|
+
return reply.status(403).send({
|
|
141
|
+
error: accessMessage,
|
|
142
|
+
code: 403,
|
|
143
|
+
});
|
|
144
|
+
}
|
|
145
|
+
// const body = loadTable || hookData || tokenData;
|
|
140
146
|
const { table: table1, columns = [], sql, cardSql, form, meta, sqlColumns, public: ispublic, editable = false, } = loadTable || hookData || tokenData || params || { table };
|
|
141
147
|
if (!ispublic && !user?.uid && !called) {
|
|
142
148
|
return reply.status(401).send({ error: "unauthorized", code: 401 });
|
package/package.json
CHANGED
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
import config from "../../../config.js";
|
|
2
|
-
export const hookList = {};
|
|
3
|
-
export async function applyHook(name, data) {
|
|
4
|
-
if (config.trace)
|
|
5
|
-
console.log("applyHook", name);
|
|
6
|
-
if (!hookList[name]?.length)
|
|
7
|
-
return null;
|
|
8
|
-
const result = {};
|
|
9
|
-
await Promise.all(hookList[name].map(async (hook) => {
|
|
10
|
-
const hookData = await hook({ ...data, config });
|
|
11
|
-
if (hookData) {
|
|
12
|
-
if (config.trace)
|
|
13
|
-
console.log("applyHook", name, hookData);
|
|
14
|
-
Object.assign(result, hookData);
|
|
15
|
-
}
|
|
16
|
-
})).catch((err) => {
|
|
17
|
-
console.error("applyHook", name, err.toString());
|
|
18
|
-
});
|
|
19
|
-
if (Object.keys(result).length) {
|
|
20
|
-
return result;
|
|
21
|
-
}
|
|
22
|
-
return null;
|
|
23
|
-
}
|
|
24
|
-
export function addHook(name, fn) {
|
|
25
|
-
if (!hookList[name]) {
|
|
26
|
-
hookList[name] = [];
|
|
27
|
-
}
|
|
28
|
-
if (config.trace)
|
|
29
|
-
console.log("addHook", name);
|
|
30
|
-
hookList[name].push(fn);
|
|
31
|
-
}
|
|
32
|
-
export function applyHookSync(name, data) {
|
|
33
|
-
if (!hookList[name]?.length)
|
|
34
|
-
return null;
|
|
35
|
-
if (config.trace)
|
|
36
|
-
console.log("applyHookSync", name);
|
|
37
|
-
const hookData = hookList[name].map((hook) => hook(data))[0];
|
|
38
|
-
return hookData;
|
|
39
|
-
}
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
import config from "../../../../../config.js";
|
|
2
|
-
import pgClients from "../../../../plugins/pg/pgClients.js";
|
|
3
|
-
import { generate } from "./providers/totp.js";
|
|
4
|
-
/**
|
|
5
|
-
* Генерація secret для двохфакторної авторизації користувача
|
|
6
|
-
*
|
|
7
|
-
* @method GET
|
|
8
|
-
* @summary Генерація user secret для двохфакторної авторизації
|
|
9
|
-
* @priority 3
|
|
10
|
-
* @alias generate
|
|
11
|
-
* @type api
|
|
12
|
-
* @tag auth
|
|
13
|
-
* @requires 2fa
|
|
14
|
-
* @errors 500
|
|
15
|
-
* @returns {Number} status Номер помилки
|
|
16
|
-
* @returns {String|Object} error Опис помилки
|
|
17
|
-
* @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
|
|
18
|
-
*/
|
|
19
|
-
export default async function generateFunction({ pg = pgClients.client, user = {} }, reply) {
|
|
20
|
-
if (!user?.uid) {
|
|
21
|
-
return reply.status(401).send("unauthorized");
|
|
22
|
-
}
|
|
23
|
-
const { uid } = user;
|
|
24
|
-
if (!config?.auth?.["2factor"]) {
|
|
25
|
-
return reply.status(400).send("2fa not enabled");
|
|
26
|
-
}
|
|
27
|
-
if (!config.pg) {
|
|
28
|
-
return reply.status(400).send("empty pg");
|
|
29
|
-
}
|
|
30
|
-
if (!uid) {
|
|
31
|
-
return reply.status(401).send("access restricted: unauthorized");
|
|
32
|
-
}
|
|
33
|
-
const res = await generate({ pg, uid });
|
|
34
|
-
if (res?.enabled) {
|
|
35
|
-
return reply.status(400).send("already created 2fa");
|
|
36
|
-
}
|
|
37
|
-
return reply.status(200).send(res);
|
|
38
|
-
}
|
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
import config from '../../../../../config.js';
|
|
2
|
-
import pgClients from '../../../../plugins/pg/pgClients.js';
|
|
3
|
-
import { toggle } from './providers/totp.js';
|
|
4
|
-
/**
|
|
5
|
-
* Включення/виключення двохфакторної авторизації для користувача
|
|
6
|
-
*
|
|
7
|
-
* @method GET
|
|
8
|
-
* @summary Включення/виключення двохфакторної авторизації
|
|
9
|
-
* @priority 2
|
|
10
|
-
* @alias toggle
|
|
11
|
-
* @type api
|
|
12
|
-
* @tag auth
|
|
13
|
-
* @requires 2fa
|
|
14
|
-
* @errors 500
|
|
15
|
-
* @returns {Number} status Номер помилки
|
|
16
|
-
* @returns {String|Object} error Опис помилки
|
|
17
|
-
* @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
|
|
18
|
-
*/
|
|
19
|
-
export default async function toggleFunction(req, reply) {
|
|
20
|
-
const { pg = pgClients.client, session = {}, query = {}, } = req;
|
|
21
|
-
const { uid } = session?.passport?.user || {};
|
|
22
|
-
const { code, enable } = query;
|
|
23
|
-
if (!config.pg) {
|
|
24
|
-
return reply.status(400).send('empty pg');
|
|
25
|
-
}
|
|
26
|
-
if (!uid) {
|
|
27
|
-
return reply.status(401).send('access restricted: unauthorized');
|
|
28
|
-
}
|
|
29
|
-
if (!code) {
|
|
30
|
-
return reply.status(400).send('param "code" is required');
|
|
31
|
-
}
|
|
32
|
-
if (!Object.hasOwn(query, 'enable')) {
|
|
33
|
-
return reply.status(400).send('param "enable" is required');
|
|
34
|
-
}
|
|
35
|
-
const data = await toggle({
|
|
36
|
-
pg, code, enable: enable === 'true', uid,
|
|
37
|
-
});
|
|
38
|
-
return reply.status(200).send(data);
|
|
39
|
-
}
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
import config from "../../../../../config.js";
|
|
2
|
-
const { accessToken = "0NWcGQxKRP8AsRxD" } = config.auth || {};
|
|
3
|
-
/**
|
|
4
|
-
*
|
|
5
|
-
* @summary check user access to logger interface - per admin user type or user group
|
|
6
|
-
* @returns {Object} message, status
|
|
7
|
-
*/
|
|
8
|
-
export default function checkUserAccess({ user = {}, token, }) {
|
|
9
|
-
if (token && token === accessToken) {
|
|
10
|
-
return { message: "access granted", status: 200 };
|
|
11
|
-
}
|
|
12
|
-
// console.log(user);
|
|
13
|
-
if (!user.user_type?.includes?.("admin") &&
|
|
14
|
-
!config?.local &&
|
|
15
|
-
!config.auth?.disable) {
|
|
16
|
-
return { message: "access restricted", status: 403 };
|
|
17
|
-
}
|
|
18
|
-
/* if (!['admin', 'superadmin']?.includes(user.user_type) && count === '0') {
|
|
19
|
-
return { message: 'access restricted', status: 403 };
|
|
20
|
-
} */
|
|
21
|
-
return { message: "access granted", status: 200 };
|
|
22
|
-
}
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
/* eslint-disable no-console */
|
|
2
|
-
import fs from "node:fs";
|
|
3
|
-
import path from "node:path";
|
|
4
|
-
import config from "../../../../../config.js";
|
|
5
|
-
// import { existsSync } from 'fs';
|
|
6
|
-
let logDir = null;
|
|
7
|
-
export default function getRootDir() {
|
|
8
|
-
// absolute / relative path
|
|
9
|
-
if (logDir)
|
|
10
|
-
return logDir;
|
|
11
|
-
const file = ["config.json", "/data/local/config.json"].find((el) => fs.existsSync(el) ? el : null);
|
|
12
|
-
const root = file === "config.json" ? process.cwd() : "/data/local";
|
|
13
|
-
logDir = config.logDir || path.join(root, config.log?.dir || "log");
|
|
14
|
-
console.log({ logDir });
|
|
15
|
-
return logDir;
|
|
16
|
-
// windows debug support
|
|
17
|
-
/* const customLogDir = process.cwd().includes(':') ? 'c:/data/local' : '/data/local';
|
|
18
|
-
// docker default path
|
|
19
|
-
if (existsSync(customLogDir)) {
|
|
20
|
-
return path.join(customLogDir, config.folder || '', 'log');
|
|
21
|
-
}
|
|
22
|
-
|
|
23
|
-
// non-docker default path
|
|
24
|
-
return path.join(config.root || '/data/local', config.folder || '', 'log'); */
|
|
25
|
-
}
|