@opengis/fastify-table 2.1.7 → 2.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/log/migration/dist-technical-cls.json +1 -0
- package/dist/log/migration/dist-technical-cls.sql +2 -0
- package/dist/module/core/select/core.user_mentioned.sql +1 -1
- package/dist/server/routes/crud/controllers/deleteCrud.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/deleteCrud.js +4 -1
- package/dist/server/routes/crud/controllers/insert.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/insert.js +4 -1
- package/dist/server/routes/crud/controllers/table.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/table.js +5 -1
- package/dist/server/routes/crud/controllers/update.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/update.js +4 -1
- package/dist/server/routes/file/controllers/resize.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/resize.js +15 -0
- package/dist/server/routes/table/controllers/getFormByTable.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/getFormByTable.js +4 -1
- package/package.json +1 -1
- package/dist/module/core/cls/constraint_type.json +0 -14
- package/dist/module/core/cls/constraint_type_table.json +0 -18
- package/dist/server/plugins/auth/funcs/getUserPermissions.d.ts +0 -2
- package/dist/server/plugins/auth/funcs/getUserPermissions.d.ts.map +0 -1
- package/dist/server/plugins/auth/funcs/getUserPermissions.js +0 -24
- package/dist/server/plugins/auth/onRequest.d.ts +0 -4
- package/dist/server/plugins/auth/onRequest.d.ts.map +0 -1
- package/dist/server/plugins/auth/onRequest.js +0 -104
- package/dist/server/plugins/migration/index.d.ts +0 -3
- package/dist/server/plugins/migration/index.d.ts.map +0 -1
- package/dist/server/plugins/migration/index.js +0 -5
- package/dist/server/plugins/policy/funcs/checkAuth.d.ts +0 -4
- package/dist/server/plugins/policy/funcs/checkAuth.d.ts.map +0 -1
- package/dist/server/plugins/policy/funcs/checkAuth.js +0 -104
- package/dist/server/routes/access/controllers/access.resources.d.ts +0 -6
- package/dist/server/routes/access/controllers/access.resources.d.ts.map +0 -1
- package/dist/server/routes/access/controllers/access.resources.js +0 -14
- package/dist/server/routes/access/controllers/resources.d.ts +0 -11
- package/dist/server/routes/access/controllers/resources.d.ts.map +0 -1
- package/dist/server/routes/access/controllers/resources.js +0 -14
- package/dist/server/routes/access/functions/resources.d.ts +0 -6
- package/dist/server/routes/access/functions/resources.d.ts.map +0 -1
- package/dist/server/routes/access/functions/resources.js +0 -11
|
@@ -0,0 +1 @@
|
|
|
1
|
+
[{"name":"core.roles","module":"admin","type":"select","hash":"d5d31d7e7fe19912d4d45bacb3aab3d3","dbhash":"d5d31d7e7fe19912d4d45bacb3aab3d3","update":false},{"name":"core.routes","module":"admin","type":"select","hash":"431032fdbe25c2db997391f61c6e944f","dbhash":"431032fdbe25c2db997391f61c6e944f","update":false},{"name":"core.user_uid","module":"admin","type":"select","hash":"45f7d8a57ecbca5b433be7937be51d5c","dbhash":"45f7d8a57ecbca5b433be7937be51d5c","update":false},{"name":"data.product","module":"shop","type":"select","hash":"9f9f99a1fb323ed0a32823cff47e59c7","dbhash":"9f9f99a1fb323ed0a32823cff47e59c7","update":false},{"name":"shop.categories","module":"shop","type":"select","hash":"549584bc96bd5ab14f872d4ef8df3d82","dbhash":"549584bc96bd5ab14f872d4ef8df3d82","update":false},{"name":"shop.products","module":"shop","type":"select","hash":"099ec0587edd16f26a1d05395a21709e","dbhash":"099ec0587edd16f26a1d05395a21709e","update":false},{"name":"shop.types","module":"shop","type":"select","hash":"a110b4d5bbe74557a7272df65ab10c3e","dbhash":"a110b4d5bbe74557a7272df65ab10c3e","update":false},{"name":"shop.types_parent","module":"shop","type":"select","hash":"14fa482423740f452139ce622f961740","dbhash":"14fa482423740f452139ce622f961740","update":false},{"name":"core.user_mentioned","module":"core","type":"select","hash":"6687f073de73a3ec4b6e0811d9310e7e","dbhash":"5a35e8ca97ce4fde93030521104ca5d3","update":true},{"name":"users.user_type","module":"admin","type":"cls","hash":"065fe92f48196a961a35f48ddd6ba9bd","dbhash":"065fe92f48196a961a35f48ddd6ba9bd","update":false},{"name":"yes_no","module":"admin","type":"cls","hash":"50c527053426248c20b0a2f112ff9046","dbhash":"50c527053426248c20b0a2f112ff9046","update":false},{"name":"currency","module":"shop","type":"cls","hash":"99ee673ab4ac2c222c0272bb7ef8079e","dbhash":"99ee673ab4ac2c222c0272bb7ef8079e","update":false},{"name":"delivery_method","module":"shop","type":"cls","hash":"953a6e6de0e83d7468393bd02e179b05","dbhash":"953a6e6de0e83d7468393bd02e179b05","update":false},{"name":"order_items.order_type","module":"shop","type":"cls","hash":"d99d36a3563ec77131b0800044df5fd0","dbhash":"d99d36a3563ec77131b0800044df5fd0","update":false},{"name":"order_status","module":"shop","type":"cls","hash":"65049e14b7d1faa6c2b0e837ff41f37d","dbhash":"65049e14b7d1faa6c2b0e837ff41f37d","update":false},{"name":"constraint_action","module":"core","type":"cls","hash":"1b7129eae9eb42106ed6e646223c806a","dbhash":"1b7129eae9eb42106ed6e646223c806a","update":false},{"name":"constraint_matchtype","module":"core","type":"cls","hash":"446ad903e69a391748a8a27bae2dc5cd","dbhash":"446ad903e69a391748a8a27bae2dc5cd","update":false},{"name":"constraint_type_full","module":"core","type":"cls","hash":"9e1cc580273f7e73fbc08ee553ad8f64","dbhash":"9e1cc580273f7e73fbc08ee553ad8f64","update":false},{"name":"core.user_type","module":"core","type":"cls","hash":"728bc9e0bcc88de83ec56d8dc7e7efff","dbhash":"728bc9e0bcc88de83ec56d8dc7e7efff","update":false}]
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
insert into admin.cls(name,type,data,module,hash) values('core.user_mentioned','sql','select uid, coalesce(sur_name,'''')||coalesce('' ''||user_name,'''') as text, email from admin.users
|
|
2
|
+
where enabled order by coalesce(sur_name,'''')||coalesce('' ''||user_name,'''')', 'core','6687f073de73a3ec4b6e0811d9310e7e')
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
|
|
1
|
+
select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
|
|
2
2
|
where enabled order by coalesce(sur_name,'')||coalesce(' '||user_name,'')
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deleteCrud.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/deleteCrud.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAc5C,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"deleteCrud.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/deleteCrud.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAc5C,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBAmJrE"}
|
|
@@ -58,7 +58,10 @@ export default async function deleteCrud(req, reply) {
|
|
|
58
58
|
code: 403,
|
|
59
59
|
});
|
|
60
60
|
}
|
|
61
|
-
if (!actions.includes("del") &&
|
|
61
|
+
if (!actions.includes("del") &&
|
|
62
|
+
!config.security?.disableToken &&
|
|
63
|
+
!config?.local &&
|
|
64
|
+
!tokenData) {
|
|
62
65
|
return reply.status(403).send({
|
|
63
66
|
error: "access restricted: actions",
|
|
64
67
|
code: 403,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBA2NjE"}
|
|
@@ -57,7 +57,10 @@ export default async function insert(req, reply) {
|
|
|
57
57
|
!config.auth?.disable) {
|
|
58
58
|
return reply.status(400).send({ error: "invalid token", code: 400 });
|
|
59
59
|
}
|
|
60
|
-
if (!actions.includes("add") &&
|
|
60
|
+
if (!actions.includes("add") &&
|
|
61
|
+
!config.security?.disableToken &&
|
|
62
|
+
!config.local &&
|
|
63
|
+
!tokenData) {
|
|
61
64
|
return reply
|
|
62
65
|
.status(403)
|
|
63
66
|
.send({ error: "access restricted: actions", code: 403 });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,gBAoQZ"}
|
|
@@ -69,7 +69,11 @@ export default async function tableAPI(req, reply, called) {
|
|
|
69
69
|
!called) {
|
|
70
70
|
return reply.status(400).send("invalid token");
|
|
71
71
|
}
|
|
72
|
-
if (!actions.includes("edit") &&
|
|
72
|
+
if (!actions.includes("edit") &&
|
|
73
|
+
!config?.local &&
|
|
74
|
+
!config.security?.disableToken &&
|
|
75
|
+
!tokenData &&
|
|
76
|
+
!called) {
|
|
73
77
|
return reply
|
|
74
78
|
.status(403)
|
|
75
79
|
.send({ error: "access restricted: actions", code: 403 });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAgBA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAgBA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAqNxD"}
|
|
@@ -68,7 +68,10 @@ export default async function update(req, reply) {
|
|
|
68
68
|
!config.auth?.disable) {
|
|
69
69
|
return reply.status(400).send({ error: "invalid token", code: 400 });
|
|
70
70
|
}
|
|
71
|
-
if (!actions.includes("edit") &&
|
|
71
|
+
if (!actions.includes("edit") &&
|
|
72
|
+
!config.local &&
|
|
73
|
+
!config.security?.disableToken &&
|
|
74
|
+
!tokenData) {
|
|
72
75
|
return reply
|
|
73
76
|
.status(403)
|
|
74
77
|
.send({ error: "access restricted: actions", code: 403 });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resize.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/resize.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAoC5C;;GAEG;AAEH,wBAA8B,MAAM,CAClC,EACE,KAAK,GACN,EAAE;IACD,KAAK,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAC1B,IAAI,EAAE,MAAM,CAAC;QACb,CAAC,CAAC,EAAE,MAAM,CAAC;QACX,CAAC,CAAC,EAAE,MAAM,CAAC;QACX,OAAO,CAAC,EAAE,GAAG,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,GAAG,CAAC;KACf,CAAC;CACH,EACD,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"resize.d.ts","sourceRoot":"","sources":["../../../../../server/routes/file/controllers/resize.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAoC5C;;GAEG;AAEH,wBAA8B,MAAM,CAClC,EACE,KAAK,GACN,EAAE;IACD,KAAK,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAC1B,IAAI,EAAE,MAAM,CAAC;QACb,CAAC,CAAC,EAAE,MAAM,CAAC;QACX,CAAC,CAAC,EAAE,MAAM,CAAC;QACX,OAAO,CAAC,EAAE,GAAG,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,GAAG,CAAC;KACf,CAAC;CACH,EACD,KAAK,EAAE,YAAY,kBAwJpB"}
|
|
@@ -36,6 +36,21 @@ export default async function resize({ query, }, reply) {
|
|
|
36
36
|
.status(400)
|
|
37
37
|
.send({ error: "invalid query params: filepath", code: 400 });
|
|
38
38
|
}
|
|
39
|
+
// svg не підтримується
|
|
40
|
+
if (mimeType === "image/svg+xml") {
|
|
41
|
+
const fileData = await downloadFile(filepath, { buffer: true });
|
|
42
|
+
if (!fileData?.length) {
|
|
43
|
+
return reply
|
|
44
|
+
.status(404)
|
|
45
|
+
.send({ error: `Файл не знайдено - ${filepath}`, code: 400 });
|
|
46
|
+
}
|
|
47
|
+
return reply
|
|
48
|
+
.headers({
|
|
49
|
+
"Content-Type": "image/svg+xml",
|
|
50
|
+
"Cache-control": "max-age=604800",
|
|
51
|
+
})
|
|
52
|
+
.send(fileData);
|
|
53
|
+
}
|
|
39
54
|
const resizePath1 = size
|
|
40
55
|
? filepath.replace(basename, `${size}_resized_${basename}`)
|
|
41
56
|
: filepath.replace(basename, `${w || defaultWidth}_${h || (w ? "" : defaultHeight)}_resized_${basename}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getFormByTable.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/getFormByTable.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAY5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAUzD,wBAA8B,OAAO,CACnC,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,KAAU,EACV,MAAM,GACP,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,EACD,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"getFormByTable.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/getFormByTable.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAY5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAUzD,wBAA8B,OAAO,CACnC,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,KAAU,EACV,MAAM,GACP,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,EACD,KAAK,EAAE,YAAY,gBAmLpB"}
|
|
@@ -80,10 +80,13 @@ export default async function getForm({ pg = pgClients.client, params, user = {}
|
|
|
80
80
|
: actions.includes("add");
|
|
81
81
|
if (!isAllowedByTemplate &&
|
|
82
82
|
!config.local &&
|
|
83
|
+
!config.security?.disableToken &&
|
|
83
84
|
process.env.NODE_ENV !== "test" &&
|
|
84
85
|
!(tokenData?.form || hookData?.form) &&
|
|
85
86
|
form) {
|
|
86
|
-
return reply
|
|
87
|
+
return reply
|
|
88
|
+
.status(403)
|
|
89
|
+
.send({ error: "access restricted: actions", code: 403 });
|
|
87
90
|
}
|
|
88
91
|
const token = setToken({
|
|
89
92
|
ids: [JSON.stringify({ id, table, form })],
|
package/package.json
CHANGED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"getUserPermissions.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/auth/funcs/getUserPermissions.ts"],"names":[],"mappings":"AAUA,wBAA8B,kBAAkB,CAC9C,GAAG,CAAC,EAAE,MAAM,EACZ,EAAE,MAAmB,gBAoBtB"}
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import pgClients from "../../pg/pgClients.js";
|
|
2
|
-
const q = `select resource_id as name,
|
|
3
|
-
array_intersect(coalesce(a.actions, array['read']), coalesce(c.actions, array['create', 'read','update','delete'])) as actions,
|
|
4
|
-
b.name as role
|
|
5
|
-
from admin.role_access a
|
|
6
|
-
left join admin.roles b on a.role_id=b.role_id and b.enabled
|
|
7
|
-
left join admin.user_roles c on a.role_id=c.role_id
|
|
8
|
-
where resource_id is not null and $1 in (a.user_uid, c.user_uid)`;
|
|
9
|
-
export default async function getUserPermissions(uid, pg = pgClients.client) {
|
|
10
|
-
if (!uid)
|
|
11
|
-
return [];
|
|
12
|
-
// ? in case pg.pk not set yet
|
|
13
|
-
const pks = await pg
|
|
14
|
-
.query(`SELECT json_object_agg(conrelid::regclass, (SELECT attname FROM pg_attribute WHERE attrelid = c.conrelid AND attnum = c.conkey[1]) )
|
|
15
|
-
FROM pg_constraint c WHERE contype = 'p' AND connamespace::regnamespace::text = 'admin'`)
|
|
16
|
-
.then((el) => el.rows?.[0]?.json_object_agg || {});
|
|
17
|
-
const permissions = pks["admin.role_access"] &&
|
|
18
|
-
pks["admin.user_roles"] &&
|
|
19
|
-
pks["admin.users"] &&
|
|
20
|
-
uid
|
|
21
|
-
? await pg.query(q, [uid]).then((el) => el.rows || [])
|
|
22
|
-
: [];
|
|
23
|
-
return permissions;
|
|
24
|
-
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"onRequest.d.ts","sourceRoot":"","sources":["../../../../server/plugins/auth/onRequest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAMvC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAItD,wBAA8B,SAAS,CACrC,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,iBA+HpB"}
|
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
import { existsSync } from "node:fs";
|
|
2
|
-
import config from "../../../config.js";
|
|
3
|
-
const { prefix = "/api" } = config;
|
|
4
|
-
export default async function onRequest(req, reply) {
|
|
5
|
-
const { hostname, headers, routeOptions } = req;
|
|
6
|
-
const { config: routeConfig, method, handler, url } = routeOptions || {};
|
|
7
|
-
const { policy } = routeConfig || {};
|
|
8
|
-
const isApi = method && url && typeof handler === "function" && url !== "*";
|
|
9
|
-
// handle non-api at vite/vike
|
|
10
|
-
if (!isApi) {
|
|
11
|
-
return null;
|
|
12
|
-
}
|
|
13
|
-
// proxy from old apps to editor, bi etc.
|
|
14
|
-
const validToken = (req.ip === "193.239.152.181" ||
|
|
15
|
-
req.ip === "127.0.0.1" ||
|
|
16
|
-
req.ip?.startsWith?.("192.168.") ||
|
|
17
|
-
config.debug) &&
|
|
18
|
-
req.headers?.token &&
|
|
19
|
-
config.auth?.tokens?.includes?.(headers.token);
|
|
20
|
-
if (validToken && !req?.user?.uid) {
|
|
21
|
-
req.user = {
|
|
22
|
-
uid: req.headers?.uid?.toString?.(),
|
|
23
|
-
user_type: req.headers?.user_type?.toString?.() || "regular",
|
|
24
|
-
};
|
|
25
|
-
}
|
|
26
|
-
const isAdmin = process.env.NODE_ENV === "admin" ||
|
|
27
|
-
hostname?.split?.(":")?.shift?.() === config.adminDomain ||
|
|
28
|
-
config.admin ||
|
|
29
|
-
hostname?.startsWith?.("admin");
|
|
30
|
-
const isPublic = Array.isArray(policy)
|
|
31
|
-
? policy.includes("public")
|
|
32
|
-
: policy === "L0";
|
|
33
|
-
if (req.cookies?.["session_auth"] &&
|
|
34
|
-
!req.session?.passport?.user?.uid &&
|
|
35
|
-
(config.auth?.disable || config.auth?.user)) {
|
|
36
|
-
req.session = req.session || {};
|
|
37
|
-
req.session.passport = req.session.passport || {}; // ensure passport session exists
|
|
38
|
-
req.session.passport.user = {
|
|
39
|
-
...(config.auth?.user || {}),
|
|
40
|
-
uid: config.auth?.user?.uid?.toString?.() || "1",
|
|
41
|
-
user_rnokpp: config.auth?.user?.rnokpp,
|
|
42
|
-
user_type: config.auth?.user?.type || "regular",
|
|
43
|
-
};
|
|
44
|
-
req.user = req.session.passport.user;
|
|
45
|
-
}
|
|
46
|
-
// ! intentional: null || undefined > undefined
|
|
47
|
-
req.user = req.user || req.session?.passport?.user || undefined; // fix for user.uid errors, by default user is null, while with express passport it was {}, unauthorized user does not trigger serializer
|
|
48
|
-
// currently 2factor + auth with passwd file not supported
|
|
49
|
-
const ispasswd = (existsSync("passwd") && !config.auth?.["2factor"]) || config.auth?.passwd;
|
|
50
|
-
const loginPageUrl = config.auth?.link?.core?.login || config?.auth?.redirect || "/login";
|
|
51
|
-
if (!req.user?.uid &&
|
|
52
|
-
!config.auth?.disable &&
|
|
53
|
-
isAdmin &&
|
|
54
|
-
!isPublic &&
|
|
55
|
-
!config.auth?.disableRedirect &&
|
|
56
|
-
!req.url.startsWith(prefix) &&
|
|
57
|
-
!req.url.startsWith("/api") &&
|
|
58
|
-
!req.url.includes(loginPageUrl) &&
|
|
59
|
-
!req.url.includes(".") &&
|
|
60
|
-
!req.url.includes("@")) {
|
|
61
|
-
if (isApi) {
|
|
62
|
-
return reply.status(401).send({ error: "unauthorized", code: 401 });
|
|
63
|
-
}
|
|
64
|
-
return reply.redirect(`${loginPageUrl}` + `?redirect=${req.url}`);
|
|
65
|
-
}
|
|
66
|
-
// by default, disable 2factor for id.gov.ua auth
|
|
67
|
-
const check = req.user?.auth_type === "govid" ? config.auth?.["2factor"]?.govid : true;
|
|
68
|
-
const login2faPage = config.auth?.link?.["2fa"]?.login || "/2factor";
|
|
69
|
-
// example: 2factor for admin env only, while public env does not require it
|
|
70
|
-
const checkEnv = () => {
|
|
71
|
-
if (!config.auth?.["2factorEnv"])
|
|
72
|
-
return true;
|
|
73
|
-
if ((config.auth?.["2factorEnv"] &&
|
|
74
|
-
process.env.NODE_ENV === config.auth?.["2factorEnv"]) ||
|
|
75
|
-
(config.auth?.["2factorEnv"] === "admin" && isAdmin)) {
|
|
76
|
-
return true;
|
|
77
|
-
}
|
|
78
|
-
return false;
|
|
79
|
-
};
|
|
80
|
-
// if 2factor is enabled globally + for user and secondFactorPassed not true => redirect to 2factor login page
|
|
81
|
-
if (req.user?.uid &&
|
|
82
|
-
req.user?.twofa &&
|
|
83
|
-
// config.auth?.["2factor"] &&
|
|
84
|
-
// !isPublic &&
|
|
85
|
-
(routeOptions?.method || "GET") === "GET" &&
|
|
86
|
-
!req.session?.secondFactorPassed &&
|
|
87
|
-
!ispasswd &&
|
|
88
|
-
!config.auth?.disableRedirect &&
|
|
89
|
-
!config.auth?.disable &&
|
|
90
|
-
check &&
|
|
91
|
-
checkEnv() &&
|
|
92
|
-
!req.url.startsWith(login2faPage) &&
|
|
93
|
-
!routeOptions.url?.includes?.("/logout") &&
|
|
94
|
-
!routeOptions.url?.includes?.("/2fa") &&
|
|
95
|
-
!routeOptions.url?.includes?.("/assets")) {
|
|
96
|
-
if (isApi) {
|
|
97
|
-
return reply
|
|
98
|
-
.status(403)
|
|
99
|
-
.send({ error: "access restricted: twofa", code: 403 });
|
|
100
|
-
}
|
|
101
|
-
return reply.redirect(login2faPage);
|
|
102
|
-
}
|
|
103
|
-
return null;
|
|
104
|
-
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/plugins/migration/index.ts"],"names":[],"mappings":"AAEA,iBAAe,MAAM,kBAEpB;AAED,eAAe,MAAM,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"checkAuth.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAMvC,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAIzD,wBAA8B,SAAS,CACrC,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,iBA+HpB"}
|
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
import { existsSync } from "node:fs";
|
|
2
|
-
import config from "../../../../config.js";
|
|
3
|
-
const { prefix = "/api" } = config;
|
|
4
|
-
export default async function onRequest(req, reply) {
|
|
5
|
-
const { hostname, headers, routeOptions } = req;
|
|
6
|
-
const { config: routeConfig, method, handler, url } = routeOptions || {};
|
|
7
|
-
const { policy } = routeConfig || {};
|
|
8
|
-
const isApi = method && url && typeof handler === "function" && url !== "*";
|
|
9
|
-
// handle non-api at vite/vike
|
|
10
|
-
if (!isApi) {
|
|
11
|
-
return null;
|
|
12
|
-
}
|
|
13
|
-
// proxy from old apps to editor, bi etc.
|
|
14
|
-
const validToken = (req.ip === "193.239.152.181" ||
|
|
15
|
-
req.ip === "127.0.0.1" ||
|
|
16
|
-
req.ip?.startsWith?.("192.168.") ||
|
|
17
|
-
config.debug) &&
|
|
18
|
-
req.headers?.token &&
|
|
19
|
-
config.auth?.tokens?.includes?.(headers.token);
|
|
20
|
-
if (validToken && !req?.user?.uid) {
|
|
21
|
-
req.user = {
|
|
22
|
-
uid: req.headers?.uid?.toString?.(),
|
|
23
|
-
user_type: req.headers?.user_type?.toString?.() || "regular",
|
|
24
|
-
};
|
|
25
|
-
}
|
|
26
|
-
const isAdmin = process.env.NODE_ENV === "admin" ||
|
|
27
|
-
hostname?.split?.(":")?.shift?.() === config.adminDomain ||
|
|
28
|
-
config.admin ||
|
|
29
|
-
hostname?.startsWith?.("admin");
|
|
30
|
-
const isPublic = Array.isArray(policy)
|
|
31
|
-
? policy.includes("public")
|
|
32
|
-
: policy === "L0";
|
|
33
|
-
if (req.cookies?.["session_auth"] &&
|
|
34
|
-
!req.session?.passport?.user?.uid &&
|
|
35
|
-
(config.auth?.disable || config.auth?.user)) {
|
|
36
|
-
req.session = req.session || {};
|
|
37
|
-
req.session.passport = req.session.passport || {}; // ensure passport session exists
|
|
38
|
-
req.session.passport.user = {
|
|
39
|
-
...(config.auth?.user || {}),
|
|
40
|
-
uid: config.auth?.user?.uid?.toString?.() || "1",
|
|
41
|
-
user_rnokpp: config.auth?.user?.rnokpp,
|
|
42
|
-
user_type: config.auth?.user?.type || "regular",
|
|
43
|
-
};
|
|
44
|
-
req.user = req.session.passport.user;
|
|
45
|
-
}
|
|
46
|
-
// ! intentional: null || undefined > undefined
|
|
47
|
-
req.user = req.user || req.session?.passport?.user || undefined; // fix for user.uid errors, by default user is null, while with express passport it was {}, unauthorized user does not trigger serializer
|
|
48
|
-
// currently 2factor + auth with passwd file not supported
|
|
49
|
-
const ispasswd = (existsSync("passwd") && !config.auth?.["2factor"]) || config.auth?.passwd;
|
|
50
|
-
const loginPageUrl = config.auth?.link?.core?.login || config?.auth?.redirect || "/login";
|
|
51
|
-
if (!req.user?.uid &&
|
|
52
|
-
!config.auth?.disable &&
|
|
53
|
-
isAdmin &&
|
|
54
|
-
!isPublic &&
|
|
55
|
-
!config.auth?.disableRedirect &&
|
|
56
|
-
!req.url.startsWith(prefix) &&
|
|
57
|
-
!req.url.startsWith("/api") &&
|
|
58
|
-
!req.url.includes(loginPageUrl) &&
|
|
59
|
-
!req.url.includes(".") &&
|
|
60
|
-
!req.url.includes("@")) {
|
|
61
|
-
if (isApi) {
|
|
62
|
-
return reply.status(401).send({ error: "unauthorized", code: 401 });
|
|
63
|
-
}
|
|
64
|
-
return reply.redirect(`${loginPageUrl}` + `?redirect=${req.url}`);
|
|
65
|
-
}
|
|
66
|
-
// by default, disable 2factor for id.gov.ua auth
|
|
67
|
-
const check = req.user?.auth_type === "govid" ? config.auth?.["2factor"]?.govid : true;
|
|
68
|
-
const login2faPage = config.auth?.link?.["2fa"]?.login || "/2factor";
|
|
69
|
-
// example: 2factor for admin env only, while public env does not require it
|
|
70
|
-
const checkEnv = () => {
|
|
71
|
-
if (!config.auth?.["2factorEnv"])
|
|
72
|
-
return true;
|
|
73
|
-
if ((config.auth?.["2factorEnv"] &&
|
|
74
|
-
process.env.NODE_ENV === config.auth?.["2factorEnv"]) ||
|
|
75
|
-
(config.auth?.["2factorEnv"] === "admin" && isAdmin)) {
|
|
76
|
-
return true;
|
|
77
|
-
}
|
|
78
|
-
return false;
|
|
79
|
-
};
|
|
80
|
-
// if 2factor is enabled globally + for user and secondFactorPassed not true => redirect to 2factor login page
|
|
81
|
-
if (req.user?.uid &&
|
|
82
|
-
req.user?.twofa &&
|
|
83
|
-
// config.auth?.["2factor"] &&
|
|
84
|
-
// !isPublic &&
|
|
85
|
-
(routeOptions?.method || "GET") === "GET" &&
|
|
86
|
-
!req.session?.secondFactorPassed &&
|
|
87
|
-
!ispasswd &&
|
|
88
|
-
!config.auth?.disableRedirect &&
|
|
89
|
-
!config.auth?.disable &&
|
|
90
|
-
check &&
|
|
91
|
-
checkEnv() &&
|
|
92
|
-
!req.url.startsWith(login2faPage) &&
|
|
93
|
-
!routeOptions.url?.includes?.("/logout") &&
|
|
94
|
-
!routeOptions.url?.includes?.("/2fa") &&
|
|
95
|
-
!routeOptions.url?.includes?.("/assets")) {
|
|
96
|
-
if (isApi) {
|
|
97
|
-
return reply
|
|
98
|
-
.status(403)
|
|
99
|
-
.send({ error: "access restricted: twofa", code: 403 });
|
|
100
|
-
}
|
|
101
|
-
return reply.redirect(login2faPage);
|
|
102
|
-
}
|
|
103
|
-
return null;
|
|
104
|
-
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"access.resources.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.resources.ts"],"names":[],"mappings":"AAEA,QAAA,MAAM,GAAG,KAEH,CAAC;AAEP,QAAA,MAAM,eAAe,EAAE,GAAG,EAIvB,CAAC;AAEJ,QAAA,MAAM,eAAe,GAAU,MAAM,GAAG,KAAG,OAAO,CAAC,GAAG,EAAE,CAEvD,CAAC;AAEF,OAAO,EAAE,GAAG,IAAI,SAAS,EAAE,eAAe,EAAE,CAAC;AAC7C,eAAe,eAAe,CAAC"}
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
import { existsSync, readFileSync } from "node:fs";
|
|
2
|
-
const arr = existsSync("config/resources.json")
|
|
3
|
-
? JSON.parse(readFileSync("config/resources.json", "utf-8") || "[]")
|
|
4
|
-
: [];
|
|
5
|
-
const publicResources = arr.map(({ name, actions, feature }) => ({
|
|
6
|
-
name,
|
|
7
|
-
actions,
|
|
8
|
-
feature,
|
|
9
|
-
}));
|
|
10
|
-
const accessResources = async (req) => {
|
|
11
|
-
return publicResources;
|
|
12
|
-
};
|
|
13
|
-
export { arr as resources, publicResources };
|
|
14
|
-
export default accessResources;
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
declare const arr: any;
|
|
2
|
-
interface Resource {
|
|
3
|
-
name: string;
|
|
4
|
-
actions: string[];
|
|
5
|
-
feature: string;
|
|
6
|
-
}
|
|
7
|
-
declare const publicResources: Resource[];
|
|
8
|
-
declare const resources: (req?: any) => Promise<Resource[]>;
|
|
9
|
-
export { arr as resources, publicResources };
|
|
10
|
-
export default resources;
|
|
11
|
-
//# sourceMappingURL=resources.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"resources.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/resources.ts"],"names":[],"mappings":"AAEA,QAAA,MAAM,GAAG,KAEH,CAAC;AAEP,UAAU,QAAQ;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,QAAA,MAAM,eAAe,EAAE,QAAQ,EAM9B,CAAC;AAEF,QAAA,MAAM,SAAS,GAAU,MAAM,GAAG,KAAG,OAAO,CAAC,QAAQ,EAAE,CAEtD,CAAC;AAEF,OAAO,EAAE,GAAG,IAAI,SAAS,EAAE,eAAe,EAAE,CAAC;AAC7C,eAAe,SAAS,CAAC"}
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
import { existsSync, readFileSync } from "node:fs";
|
|
2
|
-
const arr = existsSync("config/resources.json")
|
|
3
|
-
? JSON.parse(readFileSync("config/resources.json", "utf-8") || "[]")
|
|
4
|
-
: [];
|
|
5
|
-
const publicResources = arr.map(({ name, actions, feature }) => ({
|
|
6
|
-
name,
|
|
7
|
-
actions,
|
|
8
|
-
feature,
|
|
9
|
-
}));
|
|
10
|
-
const resources = async (req) => {
|
|
11
|
-
return publicResources;
|
|
12
|
-
};
|
|
13
|
-
export { arr as resources, publicResources };
|
|
14
|
-
export default resources;
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"resources.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/functions/resources.ts"],"names":[],"mappings":"AAEA,QAAA,MAAM,aAAa,KAEb,CAAC;AAEP,QAAA,MAAM,mBAAmB,EAAE,GAAG,EAM7B,CAAC;AAEF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC;;AAC9C,wBAAoB"}
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
import { existsSync, readFileSync } from "node:fs";
|
|
2
|
-
const resourcesList = existsSync("config/resources.json")
|
|
3
|
-
? JSON.parse(readFileSync("config/resources.json", "utf-8") || "[]")
|
|
4
|
-
: [];
|
|
5
|
-
const publicResourcesList = resourcesList.map(({ name, actions, feature }) => ({
|
|
6
|
-
name,
|
|
7
|
-
actions,
|
|
8
|
-
feature,
|
|
9
|
-
}));
|
|
10
|
-
export { resourcesList, publicResourcesList };
|
|
11
|
-
export default null;
|