@opengis/fastify-table 2.0.4 → 2.0.6

package/dist/server/migrations/users.sql

@@ -27,6 +27,7 @@ ALTER TABLE admin.users add column if not exists salt text;
 ALTER TABLE admin.users add column if not exists cdate timestamp without time zone DEFAULT date_trunc('seconds'::text, now());
 ALTER TABLE admin.users add column if not exists editor_id text;
 ALTER TABLE admin.users add column if not exists editor_date timestamp without time zone;
+ALTER TABLE admin.users add column if not exists twofa boolean not null DEFAULT true;
 
 ALTER TABLE admin.users add CONSTRAINT admin_user_uid_pkey PRIMARY KEY (uid);
 ALTER TABLE admin.users add CONSTRAINT admin_user_user_rnokpp UNIQUE (user_rnokpp);
@@ -46,6 +47,7 @@ COMMENT ON COLUMN admin.users.enabled IS 'On / Off';
 COMMENT ON COLUMN admin.users.last_activity_date IS 'Дата останньої активності';
 COMMENT ON COLUMN admin.users.user_type IS 'Тип користувача';
 COMMENT ON COLUMN admin.users.salt IS 'Сіль';
+COMMENT ON COLUMN admin.users.twofa IS 'Двофакторна авторизація';
 
 CREATE EXTENSION if not exists pgcrypto SCHEMA public VERSION "1.3";
 CREATE OR REPLACE FUNCTION admin.crypt(text, text) RETURNS text AS '$libdir/pgcrypto', 'pg_crypt' LANGUAGE c IMMUTABLE STRICT COST 1;

package/dist/server/plugins/auth/funcs/authorizeUser.js

@@ -1,6 +1,6 @@
 import config from "../../../../config.js";
 import logger from "../../logger/getLogger.js";
-import applyHook from "../../hook/funcs/applyHook.js";
+import { applyHook } from "../../hook/index.js";
 import logAuth from "./logAuth.js";
 /*
 session duration by default
@@ -15,9 +15,10 @@ const getIp = (req) => (req.headers?.["x-real-ip"] ||
     "")
     .split(":")
     .pop();
-export default async function authorizeUser(user, req, loginType = "login", expire) {
+export default async function authorizeUser(user, req, authType = "creds-user", expire) {
     if (!user?.uid)
         return "/logout";
+    Object.assign(user, { auth_type: authType });
     // fastify/passport
     await req.login(user);
     const st = (req.body?.keep || req.query?.keep) === "on"
@@ -29,21 +30,26 @@ export default async function authorizeUser(user, req, loginType = "login", expi
     }
     logger.file("auth", {
         level: "DEBUG",
-        name: loginType,
-        response: { uid: user?.uid, name: user.name },
+        name: authType,
+        response: {
+            uid: user?.uid,
+            name: [user.sur_name, user.user_name, user.name]
+                .filter(Boolean)
+                .join(" "),
+        },
     }, req);
     const ip = getIp(req);
-    if (loginType === "login") {
+    if (authType && authType.startsWith("creds")) {
         await logAuth({
             uid: user?.uid,
-            type: loginType,
+            type: authType,
             ip,
         });
     }
     const { href } = (await applyHook("afterAuth", {
         ip,
         user,
-        name: loginType,
+        name: authType,
         referer: req.headers?.referer,
     })) ||
         {};
@@ -52,7 +58,9 @@ export default async function authorizeUser(user, req, loginType = "login", expi
         return { message: "ok", status: "200" };
     }
     const redirectUrl = req.headers?.referer?.match?.(/[?&]redirect=([^&]+)/)?.[1] || "/";
-    if (config.auth?.["2factor"]) {
+    // by default, disable 2factor for id.gov.ua auth
+    const check = authType === "govid" ? config.auth?.["2factor"]?.govid : true;
+    if (config.auth?.["2factor"] && user?.twofa && check) {
         return ("/2factor?redirect=" +
             (href ||
                 config.auth?.redirectAfter ||

package/dist/server/plugins/auth/funcs/loginFile.js

@@ -1,41 +1,46 @@
-import path from 'node:path';
-import { existsSync, readFileSync } from 'node:fs';
-import { createHash } from 'node:crypto';
-import config from '../../../../config.js';
-import users from './users.js';
-import authorizeUser from './authorizeUser.js';
+import path from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { createHash } from "node:crypto";
+import config from "../../../../config.js";
+import users from "./users.js";
+import authorizeUser from "./authorizeUser.js";
 export default async function loginFile(req, reply) {
-    const { username, password } = req.method === 'POST' ? req.body : req.query;
-    const filepath = path.join(process.cwd(), 'passwd');
+    const { username, password } = req.method === "POST" ? req.body : req.query;
+    const filepath = path.join(process.cwd(), "passwd");
     if (!users?.length) {
         const fileExists = existsSync(filepath);
         if (!fileExists) {
-            req.log.error(req, 'passwd file not exists');
-            return { error: 'login error', status: 500 };
+            req.log.error(req, "passwd file not exists");
+            return { error: "login error", status: 500 };
         }
         // parse file on start up
-        const data = readFileSync(filepath, 'utf8');
-        const separator = data.indexOf('\\r\\n') !== -1 ? '\r\n' : '\n';
+        const data = readFileSync(filepath, "utf8");
+        const separator = data.indexOf("\\r\\n") !== -1 ? "\r\n" : "\n";
         const rows = data.split(separator).map((row) => {
-            const [name, passwd, usertype = 'regular', uid] = row.split(':');
+            const [name, passwd, usertype = "regular", uid] = row.split(":");
             return { username: name, password: passwd, usertype, uid };
         });
         rows.forEach((row) => users.push(row));
     }
     // check user / password
     const user = users.find((el) => el.username === username);
-    const hashPasswd = createHash('sha1').update(`${password}${user?.salt || ''}`).digest('hex');
+    const hashPasswd = createHash("sha1")
+        .update(`${password}${user?.salt || ""}`)
+        .digest("hex");
     if (!user?.password || user.password !== hashPasswd) {
-        const txt = 'Invalid user or password';
-        return req.method === 'GET'
+        const txt = "Invalid user or password";
+        return req.method === "GET"
             ? reply.status(302).redirect(`/login?confirm=wrong_pass&message=${txt}`)
             : reply.status(400).send({ message: txt });
     }
     const resultUser = {
         uid: user?.uid || config?.auth?.uid || username,
         user_name: username,
-        user_type: user.usertype || 'regular',
+        user_type: user.usertype || "regular",
     };
-    const href = await authorizeUser(resultUser, req, 'loginFile');
-    reply.redirect(href);
+    const authType = "creds-" + (user.usertype === "admin" ? "admin" : "user");
+    const href = await authorizeUser(resultUser, req, authType); // creds-admin / creds-admin
+    return req.method === "GET"
+        ? reply.status(302).redirect(href)
+        : reply.status(200).send(href);
 }

package/dist/server/plugins/auth/funcs/loginUser.js

@@ -18,11 +18,11 @@ export default async function loginUser(req, reply) {
                 .redirect("/login?confirm=wrong_pass&message=empty redis")
             : reply.status(400).send({ message: "empty redis" });
     }
-    const { user, message = "invalid user" } = await verifyPassword({
+    const { user, message = "invalid user" } = (await verifyPassword({
         pg,
         username,
         password,
-    }) || {};
+    })) || {};
     if (!user) {
         return req.method === "GET"
             ? reply
@@ -38,7 +38,8 @@ export default async function loginUser(req, reply) {
             : reply.status(400).send({ message });
     }
     logger.metrics("user.login");
-    const href = await authorizeUser(user, req, "login");
+    const authType = "creds-" + (user.user_type === "admin" ? "admin" : "user");
+    const href = await authorizeUser(user, req, authType); // creds-admin / creds-admin
     return req.method === "GET"
         ? reply.status(302).redirect(href)
         : reply.status(200).send(href);

package/dist/server/plugins/auth/index.js

@@ -83,13 +83,18 @@ async function plugin(fastify) {
             !req.url.startsWith("/login")) {
             return reply.redirect(`${config?.auth?.redirect || "/login"}` + `?redirect=${req.url}`);
         }
+        // by default, disable 2factor for id.gov.ua auth
+        const check = passport.user?.auth_type === "govid"
+            ? config.auth?.["2factor"]?.govid
+            : true;
         if (passport.user?.uid &&
             passport.user?.twofa &&
             config.auth?.["2factor"] &&
             !isPublic &&
             (routeOptions?.method || "GET") === "GET" &&
             !secondFactorPassed &&
-            !ispasswd) {
+            !ispasswd &&
+            check) {
             const href = config.auth?.["2factorRedirect"] || "/2factor";
             if (!href.includes(req.url)) {
                 return reply.redirect(href);

package/dist/server/plugins/crud/funcs/getAccess.js

@@ -1,7 +1,7 @@
-import pgClients from '../../pg/pgClients.js';
-import getTemplate from '../../table/funcs/getTemplate.js';
-import applyHook from '../../hook/funcs/applyHook.js';
-const allActions = ['view', 'edit', 'add', 'del'];
+import pgClients from "../../pg/pgClients.js";
+import getTemplate from "../../table/funcs/getTemplate.js";
+import { applyHook } from "../../hook/index.js";
+const allActions = ["view", "edit", "add", "del"];
 const q = `select a.route_id as id, d.actions as user_roles, d.actions as role_actions, coalesce(b.actions, array['view']) as interface_actions, b.scope, c.role_id
 from admin.routes a 
 left join admin.role_access b on 
@@ -30,47 +30,48 @@ where $1 in (a.route_id, a.alias, a.table_name) and $2 in (b.user_uid, d.user_ui
 export default async function getAccess({ table, form, user = {} }, pg = pgClients.client) {
     if (!table)
         return null;
-    const hookData = await applyHook('getAccess', { table, user, pg });
+    const hookData = await applyHook("getAccess", { table, user, pg });
     if (hookData)
         return hookData;
-    const { uid, user_type: userType = 'regular' } = user;
-    if (userType === 'superadmin') {
-        return { actions: allActions, query: '1=1' };
+    const { uid, user_type: userType = "regular" } = user;
+    if (userType === "superadmin") {
+        return { actions: allActions, query: "1=1" };
     }
-    const body = await getTemplate('table', table);
+    const body = await getTemplate("table", table);
     const tableActions = !body && form
         ? allActions // if db table and form => full access (token)
-        : ['view'].concat(body?.actions || body?.action_default || []);
-    if (userType === 'admin') {
+        : ["view"].concat(body?.actions || body?.action_default || []);
+    if (userType === "admin") {
         if (!(body?.actions || body?.action_default) && (body?.form || form)) {
-            return { actions: allActions, query: '1=1' };
+            return { actions: allActions, query: "1=1" };
         }
-        return { actions: tableActions, query: '1=1' };
+        return { actions: tableActions, query: "1=1" };
     }
-    if (body?.public || body?.access === 'public') {
-        return { actions: tableActions, query: '1=1' };
+    if (body?.public || body?.access === "public") {
+        return { actions: tableActions, query: "1=1" };
     }
-    if (body?.access === 'user' && uid) {
-        return { actions: tableActions, query: '1=1' };
+    if (body?.access === "user" && uid) {
+        return { actions: tableActions, query: "1=1" };
     }
     if (!uid) {
-        return { actions: [], query: '1=1' };
+        return { actions: [], query: "1=1" };
     }
-    const userAccess = pg?.pk?.['admin.routes']
-        && pg.pk?.['admin.role_access']
-        && pg.pk?.['admin.roles']
-        && pg.pk?.['admin.user_roles']
-        ? await pg.query(q, [table, uid])
-            .then((el) => ({
+    const userAccess = pg?.pk?.["admin.routes"] &&
+        pg.pk?.["admin.role_access"] &&
+        pg.pk?.["admin.roles"] &&
+        pg.pk?.["admin.user_roles"]
+        ? await pg.query(q, [table, uid]).then((el) => ({
             ...(el.rows[0] || {}),
             roles: el.rows?.map?.((row) => row.role_id) || [],
             actions: el.rows?.map?.((row) => row.actions).flat() || [],
-            interface_actions: el.rows?.map?.((row) => row.interface_actions).flat() || []
+            interface_actions: el.rows?.map?.((row) => row.interface_actions).flat() || [],
         }))
         : {};
-    const query = userAccess?.scope === 'my' ? `uid='${uid}'` : '1=1';
+    const query = userAccess?.scope === "my" ? `uid='${uid}'` : "1=1";
     const actions = userAccess?.interface_actions
-        ?.filter((el) => userAccess?.role_actions?.length ? userAccess?.role_actions.includes(el) : true)
+        ?.filter((el) => userAccess?.role_actions?.length
+        ? userAccess?.role_actions.includes(el)
+        : true)
         ?.filter((el) => tableActions.includes(el))
         ?.filter?.((el, idx, arr) => arr.indexOf(el) === idx);
     return {

package/dist/server/plugins/hook/index.js

@@ -1,7 +1,39 @@
-// import addHook from './funcs/addHook.js';
-// import applyHook from './funcs/applyHook.js';
-async function plugin() {
-    //   fastify.decorate('addHook', addHook);
-    //   fastify.decorate('applyHook', applyHook);
+import config from "../../../config.js";
+export const hookList = {};
+export async function applyHook(name, data) {
+    if (config.trace)
+        console.log("applyHook", name);
+    if (!hookList[name]?.length)
+        return null;
+    const result = {};
+    await Promise.all(hookList[name].map(async (hook) => {
+        const hookData = await hook({ ...data, config });
+        if (hookData) {
+            if (config.trace)
+                console.log("applyHook", name, hookData);
+            Object.assign(result, hookData);
+        }
+    })).catch((err) => {
+        console.error("applyHook", name, err.toString());
+    });
+    if (Object.keys(result).length) {
+        return result;
+    }
+    return null;
+}
+export function addHook(name, fn) {
+    if (!hookList[name]) {
+        hookList[name] = [];
+    }
+    if (config.trace)
+        console.log("addHook", name);
+    hookList[name].push(fn);
+}
+export function applyHookSync(name, data) {
+    if (!hookList[name]?.length)
+        return null;
+    if (config.trace)
+        console.log("applyHookSync", name);
+    const hookData = hookList[name].map((hook) => hook(data))[0];
+    return hookData;
 }
-export default plugin;

package/dist/server/plugins/logger/errorMessage.js

@@ -1,5 +1,5 @@
 import config from "../../../config.js";
-import applyHookSync from "../hook/funcs/applyHookSync.js";
+import { applyHookSync } from "../hook/index.js";
 import errorStatus from "./errorStatus.js";
 const defaultMessage = {
     602: "Порушення цілісності бази даних",

package/dist/server/plugins/logger/errorStatus.js

@@ -1,15 +1,15 @@
-import applyHookSync from '../hook/funcs/applyHookSync.js';
+import { applyHookSync } from "../hook/index.js";
 function errorStatus(error) {
-    const hook = applyHookSync('errorStatus', error);
+    const hook = applyHookSync("errorStatus", error);
     if (hook)
         return hook;
-    if (error.routine === 'exec_stmt_raise' && error.file === 'pl_exec.c') {
+    if (error.routine === "exec_stmt_raise" && error.file === "pl_exec.c") {
         return 601;
     }
-    if (error.routine === 'ExecConstraints') {
+    if (error.routine === "ExecConstraints") {
         return 602;
     }
-    if (error.type === 'DatabaseError') {
+    if (error.type === "DatabaseError") {
         return 600;
     }
     return 500;

package/dist/server/plugins/table/funcs/getFilterSQL/util/formatValue.js

@@ -1,4 +1,4 @@
-import applyHookSync from "../../../../hook/funcs/applyHookSync.js";
+import { applyHookSync } from "../../../../hook/index.js";
 import getRangeQuery from "./getRangeQuery.js";
 export default function formatValue({ pg, table, filter = {}, name, value, dataTypeID, uid = 1, optimize, }) {
     const { extra, sql, select, strict, options /* default: defaultValue, */ } = filter;

package/dist/server/routes/auth/controllers/2factor/recovery.js

@@ -43,7 +43,7 @@ export default async function recoveryFunction(req, reply) {
         // return reply.status(400).send('not enough params');
         const customPt = await getTemplate("pt", template);
         const pt = customPt ||
-            (await readFile(path.join(dirname, `../templates/pt/${template}.html`), "utf8"));
+            (await readFile(path.join(dirname, `../../../../../templates/pt/${template}.html`), "utf8"));
         const recoveryCodes = await pg
             .query(`select social_auth_obj->'codesArray' as "recoveryCodes" from admin.users_social_auth 
       where uid = $1 and social_auth_type = $2`, [uid, "TOTP"])

package/dist/server/routes/auth/controllers/2factor/verify.js

@@ -55,7 +55,7 @@ export default async function verifyFunction(req, reply) {
                 ?.then((el) => el.rows?.[0] || {});
             const customPt = await getTemplate("pt", template);
             const pt = customPt ||
-                (await readFile(path.join(dirname, `../templates/pt/${template}.html`), "utf8"));
+                (await readFile(path.join(dirname, `../../../../../templates/pt/${template}.html`), "utf8"));
             const html = await handlebars.compile(pt)({
                 recoveryCodes,
                 domain: `${req.protocol || "https"}://${req.hostname}`,

package/dist/server/routes/auth/controllers/core/getUserInfo.js

@@ -1,5 +1,5 @@
 import config from "../../../../../config.js";
-import applyHook from "../../../../plugins/hook/funcs/applyHook.js";
+import { applyHook } from "../../../../../utils.js";
 import getRedis from "../../../../plugins/redis/funcs/getRedis.js";
 const rclient2 = getRedis({ db: 2 });
 export default async function getUserInfo(req) {

package/dist/server/routes/auth/controllers/euSign/authByData.js

@@ -1,29 +1,29 @@
-import { Agent } from 'undici';
-import config from '../../../../../config.js';
-import applyHook from '../../../../plugins/hook/funcs/applyHook.js';
-import logger from '../../../../plugins/logger/getLogger.js';
-import pgClients from '../../../../plugins/pg/pgClients.js';
-import checkReferer from '../../../../plugins/auth/funcs/checkReferer.js';
-import getQuery from '../../../../plugins/auth/funcs/getQuery.js';
-import logAuth from '../../../../plugins/auth/funcs/logAuth.js';
-import authorizeUser from '../../../../plugins/auth/funcs/authorizeUser.js';
+import { Agent } from "undici";
+import config from "../../../../../config.js";
+import { applyHook } from "../../../../../utils.js";
+import logger from "../../../../plugins/logger/getLogger.js";
+import pgClients from "../../../../plugins/pg/pgClients.js";
+import checkReferer from "../../../../plugins/auth/funcs/checkReferer.js";
+import getQuery from "../../../../plugins/auth/funcs/getQuery.js";
+import logAuth from "../../../../plugins/auth/funcs/logAuth.js";
+import authorizeUser from "../../../../plugins/auth/funcs/authorizeUser.js";
 function fetchWithoutSSL(url, options) {
     const httpsAgent = new Agent({
         connect: {
-            rejectUnauthorized: false
-        }
+            rejectUnauthorized: false,
+        },
     });
     return fetch(url, {
-        ...options || {},
-        dispatcher: httpsAgent
+        ...(options || {}),
+        dispatcher: httpsAgent,
     });
 }
-const getIp = (req) => (req.headers?.['x-real-ip']
-    || req.headers?.['x-forwarded-for']
-    || req.ip
-    || req.connection?.remoteAddress
-    || '')
-    .split(':')
+const getIp = (req) => (req.headers?.["x-real-ip"] ||
+    req.headers?.["x-forwarded-for"] ||
+    req.ip ||
+    req.connection?.remoteAddress ||
+    "")
+    .split(":")
     .pop();
 export default async function authByData(req, reply) {
     const { pg = pgClients.client, query = {}, headers = {} } = req;
@@ -33,22 +33,22 @@ export default async function authByData(req, reply) {
     const ip = getIp(req);
     const { data: code, type } = query; // token
     const { security } = config;
-    const authType = type
-        || (referer?.includes('softpro.ua') ? 'google' : null)
-        || (referer?.includes('nsdi.gov.ua') ? 'govid' : null)
-        || (referer?.includes('admin.nsdi.gki.com.ua') ? 'govid' : null); // fix admin auth
+    const authType = type ||
+        (referer?.includes("softpro.ua") ? "google" : null) ||
+        (referer?.includes("nsdi.gov.ua") ? "govid" : null) ||
+        (referer?.includes("admin.nsdi.gki.com.ua") ? "govid" : null); // fix admin auth
     const hostOauth = {
-        google: security?.social_auth_host_local || 'https://id.softpro.ua',
-        govid: security?.id_gov_ua_host_local || 'https://nsdi.gov.ua',
-    }[authType || ''];
+        google: security?.social_auth_host_local || "https://id.softpro.ua",
+        govid: security?.id_gov_ua_host_local || "https://nsdi.gov.ua",
+    }[authType || ""];
     if (!hostOauth) {
-        logger.file('auth/by_data/warn', {
-            error: 'invalid oauth params',
+        logger.file("auth/by_data/warn", {
+            error: "invalid oauth params",
             referer,
             authType,
             hostOauth,
         });
-        return reply.status(400).send('Невалідний парметр тип авторизації');
+        return reply.status(400).send("Невалідний парметр тип авторизації");
     }
     // referer + token check
     const invalidReferer = await checkReferer({
@@ -57,39 +57,48 @@ export default async function authByData(req, reply) {
         hostOauth,
     });
     if (!code || invalidReferer) {
-        logger.file('auth/by_data/warn', {
-            error: 'invalid request', referer, code,
+        logger.file("auth/by_data/warn", {
+            error: "invalid request",
+            referer,
+            code,
         });
-        return reply.status(403).send('Параметри data / code / state мають невірний формат, або Ви перейшли за прямим посиланням.');
+        return reply
+            .status(403)
+            .send("Параметри data / code / state мають невірний формат, або Ви перейшли за прямим посиланням.");
     }
-    const url = authType === 'govid'
+    const url = authType === "govid"
         ? `${hostOauth}/api-user/auth_data?token=${code}`
         : `${hostOauth}/oauth/token?code=${code}`;
     try {
         const response = await fetchWithoutSSL(url);
         const body = await response.text();
-        console.log(`${authType} login: ${code} ${config.debug ? body : ''}`);
-        if (response.status !== 200 || !body?.startsWith?.('{')) {
+        console.log(`${authType} login: ${code} ${config.debug ? body : ""}`);
+        if (response.status !== 200 || !body?.startsWith?.("{")) {
             return reply.status(response.status).send(body);
         }
         const data = JSON.parse(body);
-        const hookData = await applyHook('onAuthByData', { req, pg, data, authType });
+        const hookData = (await applyHook("onAuthByData", {
+            req,
+            pg,
+            data,
+            authType,
+        }));
         if (hookData?.href) {
             return reply.redirect(hookData.href);
         }
         // get user / create new user
         const _user = config.pg && !hookData?.user
             ? await getQuery({ pg, data })
-            : (hookData?.user || {});
+            : hookData?.user || {};
         await logAuth({
             uid: _user?.uid,
-            type: 'byData',
+            type: "byData",
             data,
             ip,
         }, pg);
-        console.log('register user sql');
+        console.log("register user sql");
         timeList.push(Date.now());
-        logger.file('auth/by_data', {
+        logger.file("auth/by_data", {
             msec: Date.now() - d1,
             time: {
                 total: timeList[5] - timeList[0],
@@ -104,12 +113,17 @@ export default async function authByData(req, reply) {
             ip,
         });
         // console.log(user)
-        const href = await authorizeUser(_user, req, authType);
+        const href = await authorizeUser(_user, req, authType); // govid / google(social)
         // console.log(href)
         return reply.redirect(href);
     }
     catch (err) {
-        logger.file('auth/by_data/error', { error: err.toString(), stack: err.stack });
-        return reply.status(500).send(`Помилка авторизації через ${authType === 'govid' ? 'id.gov.ua' : 'google'}. Зверніться до Адміністратора!`);
+        logger.file("auth/by_data/error", {
+            error: err.toString(),
+            stack: err.stack,
+        });
+        return reply
+            .status(500)
+            .send(`Помилка авторизації через ${authType === "govid" ? "id.gov.ua" : "google"}. Зверніться до Адміністратора!`);
     }
 }

package/dist/server/routes/auth/controllers/jwt/authorize.js

@@ -1,56 +1,69 @@
-import pgClients from '../../../../plugins/pg/pgClients.js';
-import dataInsert from '../../../../plugins/crud/funcs/dataInsert.js';
-import { sign, scryptHash } from '../../../../plugins/auth/funcs/jwt.js';
-import authorizeUser from '../../../../plugins/auth/funcs/authorizeUser.js';
-const getIp = (req) => (req.headers?.['x-real-ip']
-    || req.headers?.['x-forwarded-for']
-    || req.ip
-    || req.connection?.remoteAddress
-    || '')
-    .split(':')
+import pgClients from "../../../../plugins/pg/pgClients.js";
+import dataInsert from "../../../../plugins/crud/funcs/dataInsert.js";
+import { sign, scryptHash } from "../../../../plugins/auth/funcs/jwt.js";
+import authorizeUser from "../../../../plugins/auth/funcs/authorizeUser.js";
+const getIp = (req) => (req.headers?.["x-real-ip"] ||
+    req.headers?.["x-forwarded-for"] ||
+    req.ip ||
+    req.connection?.remoteAddress ||
+    "")
+    .split(":")
     .pop();
 const expireMsec = 1000 * 60 * 60;
 // ? Request example: http://localhost:3000/oauth/authorize?response_type=code&client_id=2835134164020233999&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth%2Ftoken%3Fclient_id%3D2835134164020233999%26noredirect%3D1%26grant_type%3Dauthorization_code
 // ? add &noredirect=1 to retrieve code via GET request or simply send POST requests
 export default async function authorize(req, reply) {
     const { pg = pgClients.client, query, body } = req;
-    const payload = req.method === 'POST' ? body : query;
+    const payload = req.method === "POST" ? body : query;
     const { response_type, client_id, redirect_uri, scope } = payload;
     if (response_type !== "code") {
-        return reply.code(400).send({ message: "unsupported response_type", code: 400 });
+        return reply
+            .code(400)
+            .send({ message: "unsupported response_type", code: 400 });
     }
     if (!client_id) {
-        return reply.code(400).send({ message: "not enough query params: client_id", code: 400 });
+        return reply
+            .code(400)
+            .send({ message: "not enough query params: client_id", code: 400 });
     }
-    const q = `select owner_user_id, client_secret_hash, redirect_uris from oauth.clients where client_id=$1 and token_endpoint_auth_method=$2 and ${scope ? '$1=any(scopes)' : '1=1'}`;
-    const { owner_user_id: userId, client_secret_hash: secret, redirect_uris = [] } = pg.pk?.['oauth.clients']
-        ? await pg.query(q, [client_id, 'private_key_jwt']).then((el) => el.rows?.[0] || {})
+    const q = `select owner_user_id, client_secret_hash, redirect_uris from oauth.clients where client_id=$1 and token_endpoint_auth_method=$2 and ${scope ? "$1=any(scopes)" : "1=1"}`;
+    const { owner_user_id: userId, client_secret_hash: secret, redirect_uris = [], } = pg.pk?.["oauth.clients"]
+        ? await pg
+            .query(q, [client_id, "private_key_jwt"])
+            .then((el) => el.rows?.[0] || {})
         : {};
     if (!userId) {
         return reply.code(400).send({ message: "invalid client id", code: 400 });
     }
-    if (redirect_uri && Array.isArray(redirect_uris) && !redirect_uris.includes(redirect_uri)) {
+    if (redirect_uri &&
+        Array.isArray(redirect_uris) &&
+        !redirect_uris.includes(redirect_uri)) {
         return reply.code(400).send({ message: "invalid redirect_uri", code: 400 });
     }
-    const user = pg.pk?.['admin.users'] ? await pg.query('select * from admin.users where uid=$1 and enabled limit 1', [userId]).then((el) => el.rows[0]) : null;
+    const user = pg.pk?.["admin.users"]
+        ? await pg
+            .query("select * from admin.users where uid=$1 and enabled limit 1", [
+            userId,
+        ])
+            .then((el) => el.rows[0])
+        : null;
     if (!user) {
         return reply.code(404).send({ message: "user not found", code: 404 });
     }
-    Object.assign(user, { auth_type: 'jwt' });
-    const href1 = await authorizeUser(user, req, 'jwt', expireMsec);
+    const href1 = await authorizeUser(user, req, "jwt", expireMsec);
     // Generate authorization code
     const code = sign(userId, secret, expireMsec);
     const tokenHash = await scryptHash(code);
     const ip = getIp(req);
     // disable access via old tokens
-    if (pg.pk?.['oauth.tokens']) {
-        await pg.query('update oauth.tokens set revoked_at = now(), revocation_reason=\'refresh\' where client_id=$1', [client_id]);
+    if (pg.pk?.["oauth.tokens"]) {
+        await pg.query("update oauth.tokens set revoked_at = now(), revocation_reason='refresh' where client_id=$1", [client_id]);
     }
     await dataInsert({
         pg,
-        table: 'oauth.tokens',
+        table: "oauth.tokens",
         data: {
-            token_type: 'access',
+            token_type: "access",
             token_hash: tokenHash,
             token_hint: code.slice(-6),
             // jti: undefined,
@@ -67,11 +80,13 @@ export default async function authorize(req, reply) {
         },
         uid: userId,
     });
-    const backUrl = redirect_uri ? `${redirect_uri}?code=${code}` : '';
-    const href = redirect_uri && !redirect_uri.includes('?')
+    const backUrl = redirect_uri ? `${redirect_uri}?code=${code}` : "";
+    const href = redirect_uri && !redirect_uri.includes("?")
         ? backUrl
-        : (backUrl?.replace?.(/\?code=/, '&code=') || href1);
-    if (req.method === 'POST' || payload.noredirect || process.env.NODE_ENV === 'test') {
+        : backUrl?.replace?.(/\?code=/, "&code=") || href1;
+    if (req.method === "POST" ||
+        payload.noredirect ||
+        process.env.NODE_ENV === "test") {
         return reply.code(200).send(code);
     }
     return reply.redirect(href);

package/dist/server/routes/auth/controllers/jwt/token.js

@@ -1,67 +1,92 @@
 import { verify, scryptVerify } from "../../../../plugins/auth/funcs/jwt.js";
-import pgClients from '../../../../plugins/pg/pgClients.js';
-import authorizeUser from '../../../../plugins/auth/funcs/authorizeUser.js';
+import pgClients from "../../../../plugins/pg/pgClients.js";
+import authorizeUser from "../../../../plugins/auth/funcs/authorizeUser.js";
 const expireMsec = 1000 * 60 * 60;
-const getIp = (req) => (req.headers?.['x-real-ip']
-    || req.headers?.['x-forwarded-for']
-    || req.ip
-    || req.connection?.remoteAddress
-    || '')
-    .split(':')
+const getIp = (req) => (req.headers?.["x-real-ip"] ||
+    req.headers?.["x-forwarded-for"] ||
+    req.ip ||
+    req.connection?.remoteAddress ||
+    "")
+    .split(":")
     .pop();
 export default async function oauthToken(req, reply) {
     const { pg = pgClients.client, query, body } = req;
-    const payload = req.method === 'POST' ? body : query;
+    const payload = req.method === "POST" ? body : query;
     const { grant_type, client_id, code, redirect_uri, code_verifier } = payload;
     if (grant_type !== "authorization_code") {
-        return reply.code(400).send({ message: "unsupported grant_type", code: 400 });
+        return reply
+            .code(400)
+            .send({ message: "unsupported grant_type", code: 400 });
     }
     if (!client_id) {
-        return reply.code(400).send({ message: "not enough params: client_id", code: 400 });
+        return reply
+            .code(400)
+            .send({ message: "not enough params: client_id", code: 400 });
     }
     if (!code) {
-        return reply.code(400).send({ message: "not enough params: code", code: 400 });
+        return reply
+            .code(400)
+            .send({ message: "not enough params: code", code: 400 });
     }
     const q = `select owner_user_id, client_secret_hash, redirect_uris from oauth.clients where client_id=$1 and token_endpoint_auth_method=$2`;
-    const { owner_user_id: userId, client_secret_hash: secret, redirect_uris = [] } = pg.pk?.['oauth.clients']
-        ? await pg.query(q, [client_id, 'private_key_jwt']).then((el) => el.rows?.[0] || {})
+    const { owner_user_id: userId, client_secret_hash: secret, redirect_uris = [], } = pg.pk?.["oauth.clients"]
+        ? await pg
+            .query(q, [client_id, "private_key_jwt"])
+            .then((el) => el.rows?.[0] || {})
         : {};
     const isCodeValid = verify(code, secret);
-    const q1 = 'select token_hash, expires_at, ip from oauth.tokens where client_id=$1 and revoked_at is null and expires_at > now()';
-    const { token_hash: stored, expires_at, ip: storedIp } = await pg.query(q1, [client_id]).then((el) => el.rows?.[0] || {});
+    const q1 = "select token_hash, expires_at, ip from oauth.tokens where client_id=$1 and revoked_at is null and expires_at > now()";
+    const { token_hash: stored, expires_at, ip: storedIp, } = await pg.query(q1, [client_id]).then((el) => el.rows?.[0] || {});
     const ip = getIp(req);
     if (storedIp !== ip) {
-        return reply.code(403).send({ message: "access restricted: wrong IP address", code: 403 });
+        return reply
+            .code(403)
+            .send({ message: "access restricted: wrong IP address", code: 403 });
     }
     if (!stored) {
-        return reply.code(403).send({ message: "access restricted: code expired", code: 403 });
+        return reply
+            .code(403)
+            .send({ message: "access restricted: code expired", code: 403 });
     }
     const isValid = await scryptVerify(stored, code);
     if (!isValid) {
-        return reply.code(403).send({ message: "access restricted: stored code mismatch", code: 403 });
+        return reply
+            .code(403)
+            .send({ message: "access restricted: stored code mismatch", code: 403 });
     }
     if (!isCodeValid) {
-        return reply.code(403).send({ message: "access restricted: invalid code", code: 403 });
+        return reply
+            .code(403)
+            .send({ message: "access restricted: invalid code", code: 403 });
     }
     if (!userId) {
         return reply.code(400).send({ message: "invalid client id", code: 400 });
     }
-    if (redirect_uri && Array.isArray(redirect_uris) && !redirect_uris.includes(redirect_uri)) {
+    if (redirect_uri &&
+        Array.isArray(redirect_uris) &&
+        !redirect_uris.includes(redirect_uri)) {
         return reply.code(400).send({ message: "invalid redirect_uri", code: 400 });
     }
-    const user = pg.pk?.['admin.users'] ? await pg.query('select * from admin.users where uid=$1 and enabled limit 1', [userId]).then((el) => el.rows[0]) : null;
+    const user = pg.pk?.["admin.users"]
+        ? await pg
+            .query("select * from admin.users where uid=$1 and enabled limit 1", [
+            userId,
+        ])
+            .then((el) => el.rows[0])
+        : null;
     if (!user) {
         return reply.code(404).send({ message: "user not found", code: 404 });
     }
-    Object.assign(user, { auth_type: 'jwt' });
     const expire = expires_at ? expires_at - Date.now() : expireMsec;
-    const href1 = await authorizeUser(user, req, 'jwt', expire);
-    const backUrl = redirect_uri ? `${redirect_uri}?code=${code}` : '';
-    const href = redirect_uri && !redirect_uri.includes('?')
+    const href1 = await authorizeUser(user, req, "jwt", expire);
+    const backUrl = redirect_uri ? `${redirect_uri}?code=${code}` : "";
+    const href = redirect_uri && !redirect_uri.includes("?")
         ? backUrl
-        : (backUrl?.replace?.(/\?code=/, '&code=') || href1);
-    if (req.method === 'POST' || payload.noredirect || process.env.NODE_ENV === 'test') {
-        return reply.code(200).send('auth success');
+        : backUrl?.replace?.(/\?code=/, "&code=") || href1;
+    if (req.method === "POST" ||
+        payload.noredirect ||
+        process.env.NODE_ENV === "test") {
+        return reply.code(200).send("auth success");
     }
     return reply.redirect(href);
 }

package/dist/server/routes/menu/controllers/getMenu.js

@@ -5,7 +5,7 @@ import { join } from "node:path";
 import { existsSync, readdirSync, readFileSync } from "node:fs";
 import config from "../../../../config.js";
 import pgClients from "../../../plugins/pg/pgClients.js";
-import applyHook from "../../../plugins/hook/funcs/applyHook.js";
+import { applyHook } from "../../../../utils.js";
 import menuDirs from "../../../plugins/table/funcs/menuDirs.js";
 const menuCache = [];
 // check module dir

package/dist/server/routes/table/controllers/filter.js

@@ -4,7 +4,7 @@ import autoIndex from "../../../plugins/pg/funcs/autoIndex.js";
 import getSelect from "../../../plugins/table/funcs/getSelect.js";
 import getSelectVal from "../../../plugins/table/funcs/metaFormat/getSelectVal.js";
 import pgClients from "../../../plugins/pg/pgClients.js";
-import applyHook from "../../../plugins/hook/funcs/applyHook.js";
+import { applyHook } from "../../../../utils.js";
 import getTemplate from "../../../plugins/table/funcs/getTemplate.js";
 export default async function filterAPI(req, reply, iscalled) {
     const time = Date.now();

package/dist/server/routes/table/functions/getData.js

@@ -4,7 +4,7 @@ import getFilterSQL from "../../../plugins/table/funcs/getFilterSQL/index.js";
 import getAccess from "../../../plugins/crud/funcs/getAccess.js";
 import setToken from "../../../plugins/crud/funcs/setToken.js";
 import gisIRColumn from "../../../plugins/table/funcs/gisIRColumn.js";
-import applyHook from "../../../plugins/hook/funcs/applyHook.js";
+import { applyHook } from "../../../../utils.js";
 import getSelect from "../../../plugins/table/funcs/getSelect.js";
 import setOpt from "../../../plugins/crud/funcs/setOpt.js";
 import getOpt from "../../../plugins/crud/funcs/getOpt.js";

package/dist/server/routes/widget/controllers/widget.set.js

@@ -2,7 +2,7 @@ import path from "node:path";
 import getMeta from "../../../plugins/pg/funcs/getMeta.js";
 import dataInsert from "../../../plugins/crud/funcs/dataInsert.js";
 import dataUpdate from "../../../plugins/crud/funcs/dataUpdate.js";
-import applyHook from "../../../plugins/hook/funcs/applyHook.js";
+import { applyHook } from "../../../../utils.js";
 import uploadMultiPart from "../../../plugins/file/uploadMultiPart.js";
 const tableList = {
     comment: "crm.communications",

package/dist/server/routes/widget/index.js

@@ -1,4 +1,4 @@
-import addHook from "../../plugins/hook/funcs/addHook.js";
+import { addHook } from "../../../utils.js";
 import widgetDel from "./controllers/widget.del.js";
 import widgetSet from "./controllers/widget.set.js";
 import widgetGet from "./controllers/widget.get.js";

package/dist/utils.js

@@ -52,9 +52,7 @@ export { default as validateData } from "./server/plugins/crud/funcs/validateDat
 // policy
 export { default as checkXSS } from "./server/plugins/policy/funcs/checkXSS.js";
 // hook
-export { default as applyHook } from "./server/plugins/hook/funcs/applyHook.js";
-export { default as applyHookSync } from "./server/plugins/hook/funcs/applyHookSync.js";
-export { default as addHook } from "./server/plugins/hook/funcs/addHook.js";
+export * from "./server/plugins/hook/index.js";
 export { default as execMigrations } from "./server/plugins/migration/exec.migrations.js";
 export { default as execSql } from "./server/plugins/migration/exec.sql.js";
 // cron

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "2.0.4",
+  "version": "2.0.6",
   "type": "module",
   "description": "core-plugins",
   "keywords": [

package/dist/server/plugins/hook/funcs/addHook.js

@@ -1,7 +0,0 @@
-import hookList from "../hookList.js";
-export default function addHook(name, fn) {
-    if (!hookList[name]) {
-        hookList[name] = [];
-    }
-    hookList[name].push(fn);
-}

package/dist/server/plugins/hook/funcs/applyHook.js

@@ -1,25 +0,0 @@
-/* eslint-disable no-console */
-import config from "../../../../config.js";
-import hookList from "../hookList.js";
-export default async function applyHook(name, data) {
-    const { trace } = config;
-    if (trace)
-        console.log("applyHook", name);
-    if (!hookList[name]?.length)
-        return null;
-    const result = {};
-    await Promise.all(hookList[name].map(async (hook) => {
-        const hookData = await hook({ ...data, config });
-        if (hookData) {
-            if (trace)
-                console.log("applyHook", name, hookData);
-            Object.assign(result, hookData);
-        }
-    })).catch((err) => {
-        console.error("applyHook", name, err.toString());
-    });
-    if (Object.keys(result).length) {
-        return result;
-    }
-    return null;
-}

package/dist/server/plugins/hook/funcs/applyHookSync.js

@@ -1,7 +0,0 @@
-import hookList from "../hookList.js";
-export default function applyHookSync(name, data) {
-    if (!hookList[name]?.length)
-        return null;
-    const hookData = hookList[name].map((hook) => hook(data))[0];
-    return hookData;
-}

package/dist/server/plugins/hook/hookList.js

@@ -1,2 +0,0 @@
-const hookList = {};
-export default hookList;