@opengis/fastify-table 2.4.5 → 2.4.7

package/dist/module/core/select/core.user_mentioned.sql

@@ -1,2 +1,2 @@
-select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
+select uid, coalesce(sur_name,'')||coalesce(' '||user_name,'') as text, email from admin.users
 where enabled order by coalesce(sur_name,'')||coalesce(' '||user_name,'')

package/dist/server/migrations/crm.sql

@@ -46,6 +46,7 @@ COMMENT ON COLUMN crm.notifications.body is 'Зміст повідомлення
 COMMENT ON COLUMN crm.notifications.link is 'Посилання на об''єкт';
 COMMENT ON COLUMN crm.notifications.author_id is 'ID користувача автора повідомлення';
 COMMENT ON COLUMN crm.notifications.entity_id is 'ID на об''єкту';
+COMMENT ON COLUMN crm.notifications.entity_id is 'Сутність об''єкту';
 
 -- crm.files
 -- DROP TABLE IF EXISTS crm.files;
@@ -159,7 +160,11 @@ CREATE TABLE if not exists crm.reactions (
     reaction_id text default next_id() PRIMARY KEY,
     created_by text NOT NULL,
     entity_id text NOT NULL,
+    entity_type text,
     reaction_type text NOT NULL check (reaction_type in ('like', 'love', 'hate', 'wow', 'sad', 'angry')),
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     FOREIGN KEY (created_by) REFERENCES admin.users(uid)
-);
+);
+
+alter table crm.reactions add column if not exists entity_type text;
+alter table crm.notifications add column if not exists entity_type text;

package/dist/server/migrations/oauth.sql.sql

@@ -0,0 +1,77 @@
+CREATE schema if not exists oauth;
+
+CREATE TABLE if not exists oauth.clients (
+  client_id              text PRIMARY KEY DEFAULT next_id(),   -- ID клієнта (публічний ідентифікатор)
+  client_secret_hash     text,                                 -- Хеш секрету (NULL для public-клієнтів)
+  name                   text NOT NULL,                        -- Назва застосунку
+  type                   text NOT NULL CHECK (type IN ('public','confidential')),
+  token_endpoint_auth_method text NOT NULL CHECK (token_endpoint_auth_method IN ('client_secret_basic','client_secret_post','private_key_jwt','none')),
+  owner_user_id          text,                                 -- Власник/адміністратор клієнта (посилання на users.id or other id)
+
+  redirect_uris          text[],         					   -- Дозволені redirect_uri  
+  grant_types            text[]  CHECK (case when grant_types is not null then grant_types <@ ARRAY['authorization_code','refresh_token','client_credentials','device_code']::text[] else true end),
+  require_pkce           boolean NOT NULL DEFAULT true,
+  scopes         text[],  
+  allowed_cors_origins   text[],
+  jwks                   jsonb,                                -- Вбудований JWK Set (опційно)  
+
+  created_at             timestamptz NOT NULL DEFAULT now(),
+  updated_at             timestamptz NOT NULL DEFAULT now()
+);
+
+CREATE TABLE if not exists oauth.tokens (
+  id                     text PRIMARY KEY DEFAULT next_id(),
+  token_type             text NOT NULL CHECK (token_type IN ('access','refresh')),
+  token_hash             text NOT NULL UNIQUE,                  -- Argon2/bcrypt/SCrypt (хеш у застосунку)
+  token_hint             text,                                  -- останні 6-8 символів для діагностики (необов’язково)
+  jti                    text UNIQUE,                           -- JWT ID, якщо токен — JWT
+  client_id              text NOT NULL REFERENCES oauth.clients(client_id) ON DELETE CASCADE,
+  user_id                text,                                  -- NULL для client_credentials    
+  issuer                 text,                                  -- iss
+  scopes                 text[],
+  claims                 jsonb,                                 -- додаткові клейми
+  issued_at              timestamptz NOT NULL DEFAULT now(),
+  expires_at             timestamptz NOT NULL,
+  revoked_at             timestamptz,
+  revocation_reason      text,
+  ip                     inet                                  -- IP видачі/використання (опційно)  
+);
+
+COMMENT ON SCHEMA oauth IS 'Schema for OAuth2 / OpenID Connect clients and tokens';
+
+-- Comments for oauth.clients
+COMMENT ON TABLE oauth.clients IS 'OAuth 2.0 clients (applications) that can request tokens';
+
+COMMENT ON COLUMN oauth.clients.client_id IS 'Client identifier (public ID, generated by next_id())';
+COMMENT ON COLUMN oauth.clients.client_secret_hash IS 'Hashed client secret (NULL for public clients)';
+COMMENT ON COLUMN oauth.clients.name IS 'Name of the application/client';
+COMMENT ON COLUMN oauth.clients.type IS 'Client type: public or confidential';
+COMMENT ON COLUMN oauth.clients.token_endpoint_auth_method IS 'Authentication method at token endpoint (client_secret_basic, client_secret_post, private_key_jwt, none)';
+COMMENT ON COLUMN oauth.clients.owner_user_id IS 'Owner/administrator of the client (reference to users.id or external id)';
+COMMENT ON COLUMN oauth.clients.redirect_uris IS 'Allowed redirect URIs';
+COMMENT ON COLUMN oauth.clients.grant_types IS 'Allowed grant types (authorization_code, refresh_token, client_credentials, device_code)';
+COMMENT ON COLUMN oauth.clients.require_pkce IS 'Whether PKCE is required (default true)';
+COMMENT ON COLUMN oauth.clients.scopes IS 'Allowed OAuth2 scopes';
+COMMENT ON COLUMN oauth.clients.allowed_cors_origins IS 'Allowed CORS origins for browser-based apps';
+COMMENT ON COLUMN oauth.clients.jwks IS 'Embedded JSON Web Key Set (optional)';
+COMMENT ON COLUMN oauth.clients.created_at IS 'Creation timestamp';
+COMMENT ON COLUMN oauth.clients.updated_at IS 'Last update timestamp';
+
+-- Comments for oauth.tokens
+COMMENT ON TABLE oauth.tokens IS 'Issued OAuth 2.0 tokens (access or refresh)';
+
+COMMENT ON COLUMN oauth.tokens.id IS 'Internal token ID (generated by next_id())';
+COMMENT ON COLUMN oauth.tokens.token_type IS 'Type of token: access or refresh';
+COMMENT ON COLUMN oauth.tokens.token_hash IS 'Secure hash of the token (Argon2/bcrypt/SCrypt)';
+COMMENT ON COLUMN oauth.tokens.token_hint IS 'Optional hint (last 6–8 characters of token) for diagnostics';
+COMMENT ON COLUMN oauth.tokens.jti IS 'JWT ID if token is a JWT (unique)';
+COMMENT ON COLUMN oauth.tokens.client_id IS 'Reference to oauth.clients (issuing client)';
+COMMENT ON COLUMN oauth.tokens.user_id IS 'User ID if bound to user (NULL for client_credentials flow)';
+COMMENT ON COLUMN oauth.tokens.issuer IS 'Token issuer (iss claim)';
+COMMENT ON COLUMN oauth.tokens.scopes IS 'Granted OAuth2 scopes for this token';
+COMMENT ON COLUMN oauth.tokens.claims IS 'Additional claims (JSONB)';
+COMMENT ON COLUMN oauth.tokens.issued_at IS 'Timestamp when issued';
+COMMENT ON COLUMN oauth.tokens.expires_at IS 'Timestamp when token expires';
+COMMENT ON COLUMN oauth.tokens.revoked_at IS 'Timestamp when revoked';
+COMMENT ON COLUMN oauth.tokens.revocation_reason IS 'Reason for revocation (if any)';
+COMMENT ON COLUMN oauth.tokens.ip IS 'IP address of issuance/usage (optional)';

package/dist/server/plugins/hook/index.js

@@ -0,0 +1,39 @@
+import config from "../../../config.js";
+export const hookList = {};
+export async function applyHook(name, data) {
+    if (config.trace)
+        console.log("applyHook", name);
+    if (!hookList[name]?.length)
+        return null;
+    const result = {};
+    await Promise.all(hookList[name].map(async (hook) => {
+        const hookData = await hook({ ...data, config });
+        if (hookData) {
+            if (config.trace)
+                console.log("applyHook", name, hookData);
+            Object.assign(result, hookData);
+        }
+    })).catch((err) => {
+        console.error("applyHook", name, err.toString());
+    });
+    if (Object.keys(result).length) {
+        return result;
+    }
+    return null;
+}
+export function addHook(name, fn) {
+    if (!hookList[name]) {
+        hookList[name] = [];
+    }
+    if (config.trace)
+        console.log("addHook", name);
+    hookList[name].push(fn);
+}
+export function applyHookSync(name, data) {
+    if (!hookList[name]?.length)
+        return null;
+    if (config.trace)
+        console.log("applyHookSync", name);
+    const hookData = hookList[name].map((hook) => hook(data))[0];
+    return hookData;
+}

package/dist/server/plugins/migration/index.d.ts

@@ -0,0 +1,3 @@
+declare function plugin(): Promise<void>;
+export default plugin;
+//# sourceMappingURL=index.d.ts.map

package/dist/server/plugins/migration/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/plugins/migration/index.ts"],"names":[],"mappings":"AAEA,iBAAe,MAAM,kBAEpB;AAED,eAAe,MAAM,CAAC"}

package/dist/server/plugins/migration/index.js

@@ -0,0 +1,5 @@
+// import execMigrations from './funcs/exec.migrations.js';
+async function plugin() {
+    //   fastify.decorate('execMigrations', execMigrations);
+}
+export default plugin;

package/dist/server/routes/auth/controllers/2factor/generate.js

@@ -0,0 +1,38 @@
+import config from "../../../../../config.js";
+import pgClients from "../../../../plugins/pg/pgClients.js";
+import { generate } from "./providers/totp.js";
+/**
+ * Генерація secret для двохфакторної авторизації користувача
+ *
+ * @method GET
+ * @summary Генерація user secret для двохфакторної авторизації
+ * @priority 3
+ * @alias generate
+ * @type api
+ * @tag auth
+ * @requires 2fa
+ * @errors 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+export default async function generateFunction({ pg = pgClients.client, user = {} }, reply) {
+    if (!user?.uid) {
+        return reply.status(401).send("unauthorized");
+    }
+    const { uid } = user;
+    if (!config?.auth?.["2factor"]) {
+        return reply.status(400).send("2fa not enabled");
+    }
+    if (!config.pg) {
+        return reply.status(400).send("empty pg");
+    }
+    if (!uid) {
+        return reply.status(401).send("access restricted: unauthorized");
+    }
+    const res = await generate({ pg, uid });
+    if (res?.enabled) {
+        return reply.status(400).send("already created 2fa");
+    }
+    return reply.status(200).send(res);
+}

package/dist/server/routes/auth/controllers/2factor/toggle.js

@@ -0,0 +1,39 @@
+import config from '../../../../../config.js';
+import pgClients from '../../../../plugins/pg/pgClients.js';
+import { toggle } from './providers/totp.js';
+/**
+ * Включення/виключення двохфакторної авторизації для користувача
+ *
+ * @method GET
+ * @summary Включення/виключення двохфакторної авторизації
+ * @priority 2
+ * @alias toggle
+ * @type api
+ * @tag auth
+ * @requires 2fa
+ * @errors 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+export default async function toggleFunction(req, reply) {
+    const { pg = pgClients.client, session = {}, query = {}, } = req;
+    const { uid } = session?.passport?.user || {};
+    const { code, enable } = query;
+    if (!config.pg) {
+        return reply.status(400).send('empty pg');
+    }
+    if (!uid) {
+        return reply.status(401).send('access restricted: unauthorized');
+    }
+    if (!code) {
+        return reply.status(400).send('param "code" is required');
+    }
+    if (!Object.hasOwn(query, 'enable')) {
+        return reply.status(400).send('param "enable" is required');
+    }
+    const data = await toggle({
+        pg, code, enable: enable === 'true', uid,
+    });
+    return reply.status(200).send(data);
+}

package/dist/server/routes/logger/controllers/utils/checkUserAccess.js

@@ -0,0 +1,22 @@
+import config from "../../../../../config.js";
+const { accessToken = "0NWcGQxKRP8AsRxD" } = config.auth || {};
+/**
+ *
+ * @summary check user access to logger interface - per admin user type or user group
+ * @returns {Object} message, status
+ */
+export default function checkUserAccess({ user = {}, token, }) {
+    if (token && token === accessToken) {
+        return { message: "access granted", status: 200 };
+    }
+    // console.log(user);
+    if (!user.user_type?.includes?.("admin") &&
+        !config?.local &&
+        !config.auth?.disable) {
+        return { message: "access restricted", status: 403 };
+    }
+    /* if (!['admin', 'superadmin']?.includes(user.user_type) && count === '0') {
+      return { message: 'access restricted', status: 403 };
+    } */
+    return { message: "access granted", status: 200 };
+}

package/dist/server/routes/logger/controllers/utils/getRootDir.js

@@ -0,0 +1,25 @@
+/* eslint-disable no-console */
+import fs from "node:fs";
+import path from "node:path";
+import config from "../../../../../config.js";
+// import { existsSync } from 'fs';
+let logDir = null;
+export default function getRootDir() {
+    // absolute / relative path
+    if (logDir)
+        return logDir;
+    const file = ["config.json", "/data/local/config.json"].find((el) => fs.existsSync(el) ? el : null);
+    const root = file === "config.json" ? process.cwd() : "/data/local";
+    logDir = config.logDir || path.join(root, config.log?.dir || "log");
+    console.log({ logDir });
+    return logDir;
+    // windows debug support
+    /* const customLogDir = process.cwd().includes(':') ? 'c:/data/local' : '/data/local';
+    // docker default path
+    if (existsSync(customLogDir)) {
+      return path.join(customLogDir, config.folder || '', 'log');
+    }
+  
+    // non-docker default path
+    return path.join(config.root || '/data/local', config.folder || '', 'log'); */
+}

package/dist/server/routes/widget/controllers/widget.set.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"widget.set.d.ts","sourceRoot":"","sources":["../../../../../server/routes/widget/controllers/widget.set.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAqC5C,wBAA8B,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY;;;;;;GAqHpE"}
+{"version":3,"file":"widget.set.d.ts","sourceRoot":"","sources":["../../../../../server/routes/widget/controllers/widget.set.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAqC5C,wBAA8B,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY;;;;;;GA8HpE"}

package/dist/server/routes/widget/controllers/widget.set.js

@@ -109,6 +109,11 @@ export default async function widgetSet(req, reply) {
             data,
             uid: user?.uid,
         });
+    // put w/ out file
+    if (type === "gallery" && body?.ismain && id) {
+        await pg.query(`update crm.files set ismain=false 
+        where entity_id=$1 and file_id<>$2`, [objectid, id]);
+    }
     return reply.status(200).send({
         rowCount: result.rowCount,
         data: "ok",

package/dist/server/routes/widget/hook/onWidgetSet.d.ts

@@ -1,2 +1,2 @@
-export default function onWidgetSet({ pg, id, objectid, type, payload }: any): Promise<null>;
+export default function onWidgetSet({ pg, id, objectid, entityType, type, payload, }: any): Promise<null>;
 //# sourceMappingURL=onWidgetSet.d.ts.map

package/dist/server/routes/widget/hook/onWidgetSet.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"onWidgetSet.d.ts","sourceRoot":"","sources":["../../../../../server/routes/widget/hook/onWidgetSet.ts"],"names":[],"mappings":"AAEA,wBAA8B,WAAW,CAAC,EACxC,EAAqB,EACrB,EAAE,EACF,QAAQ,EACR,IAAI,EACJ,OAAY,EACb,EAAE,GAAG,iBAQL"}
+{"version":3,"file":"onWidgetSet.d.ts","sourceRoot":"","sources":["../../../../../server/routes/widget/hook/onWidgetSet.ts"],"names":[],"mappings":"AAEA,wBAA8B,WAAW,CAAC,EACxC,EAAqB,EACrB,EAAE,EACF,QAAQ,EACR,UAAU,EACV,IAAI,EACJ,OAAY,GACb,EAAE,GAAG,iBAiBL"}

package/dist/server/routes/widget/hook/onWidgetSet.js

@@ -1,10 +1,13 @@
-import pgClients from '../../../plugins/pg/pgClients.js';
-export default async function onWidgetSet({ pg = pgClients.client, id, objectid, type, payload = {} }) {
-    if (!id || !objectid || type !== 'gallery') {
+import pgClients from "../../../plugins/pg/pgClients.js";
+export default async function onWidgetSet({ pg = pgClients.client, id, objectid, entityType, type, payload = {}, }) {
+    if (!id || !objectid || type !== "gallery") {
         return null;
     }
-    if (payload?.ismain) {
-        await pg.query('update crm.files set ismain=false where entity_id=$1 and file_id<>$2', [objectid, id]);
+    if (payload?.ismain && !entityType) {
+        await pg.query("update crm.files set ismain=false where entity_id=$1 and file_id<>$2", [objectid, id]);
+    }
+    if (payload?.ismain && entityType) {
+        await pg.query("update crm.files set ismain=false where entity_id=$1 and entity_type=$2 and file_id<>$3", [objectid, entityType, id]);
     }
     return null;
 }

package/dist/server/routes/widget/index.d.ts

@@ -1,2 +1,2 @@
-export default function route(app: any, opt?: any): void;
+export default function route(app: any): void;
 //# sourceMappingURL=index.d.ts.map

package/dist/server/routes/widget/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/widget/index.ts"],"names":[],"mappings":"AA2CA,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,GAAE,GAAQ,QAKpD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/widget/index.ts"],"names":[],"mappings":"AAkDA,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,GAAG,EAAE,GAAG,QAmHrC"}

package/dist/server/routes/widget/index.js

@@ -4,6 +4,10 @@ import widgetSet from "./controllers/widget.set.js";
 import widgetGet from "./controllers/widget.get.js";
 import fileEdit from "./controllers/file.edit.js";
 import onWidgetSet from "./hook/onWidgetSet.js";
+import widgetEntityGet from "./services/widget.entity.get.js";
+import widgetEntitySet from "./services/widget.entity.set.js";
+import widgetEntityDel from "./services/widget.entity.del.js";
+import uploadMultiPart from "../../plugins/file/uploadMultiPart.js";
 const tags = ["core", "widget"];
 const tableSchema = {
     params: {
@@ -20,6 +24,7 @@ const tableSchema = {
                     "reaction",
                 ],
             },
+            entityType: { type: "string", pattern: "^([\\w\\d_.]+)$" },
             objectid: { type: "string", pattern: "^([\\d\\w]+)$" },
             id: { type: "string", pattern: "^([\\d\\w]+)$" },
         },
@@ -34,9 +39,80 @@ const tableSchema = {
 addHook("onWidgetSet", onWidgetSet);
 const policy = "L0";
 const params = { config: { tags, policy }, schema: tableSchema };
-export default function route(app, opt = {}) {
-    app.delete("/widget/:type/:objectid/:id", params, widgetDel);
+export default function route(app) {
+    app.get("/v2/widget/:type/:entityType/:objectid", params, async (req) => {
+        const result = await widgetEntityGet({
+            type: req.params.type,
+            entityType: req.params.entityType,
+            objectid: req.params.objectid,
+            uid: req.user?.uid,
+            userName: req.user?.user_name,
+            debug: req.query.debug && req.user?.user_type?.includes?.("admin"),
+        }, req.pg);
+        return result;
+    });
+    app.post("/v2/widget/:type/:entityType/:objectid", params, async (req) => {
+        if (["gallery", "file"].includes(req.params.type) &&
+            req.headers["content-type"]?.startsWith("multipart/form-data")) {
+            const file = await uploadMultiPart(req);
+            const result = await widgetEntitySet({
+                type: req.params.type,
+                entityType: req.params.entityType,
+                objectid: req.params.objectid,
+                uid: req.user?.uid,
+                file,
+            }, req.pg);
+            return result;
+        }
+        const result = await widgetEntitySet({
+            type: req.params.type,
+            entityType: req.params.entityType,
+            objectid: req.params.objectid,
+            uid: req.user?.uid,
+            reqPath: req.path,
+            body: req.body,
+        }, req.pg);
+        return result;
+    });
+    app.put("/v2/widget/:type/:entityType/:objectid/:id", params, async (req) => {
+        if (["gallery", "file"].includes(req.params.type) &&
+            req.headers["content-type"]?.startsWith("multipart/form-data")) {
+            const file = await uploadMultiPart(req);
+            const result = await widgetEntitySet({
+                type: req.params.type,
+                entityType: req.params.entityType,
+                objectid: req.params.objectid,
+                id: req.params.id,
+                uid: req.user?.uid,
+                file,
+            }, req.pg);
+            return result;
+        }
+        const result = await widgetEntitySet({
+            type: req.params.type,
+            entityType: req.params.entityType,
+            objectid: req.params.objectid,
+            id: req.params.id,
+            uid: req.user?.uid,
+            reqPath: req.path,
+            body: req.body,
+        }, req.pg);
+        return result;
+    });
+    app.delete("/v2/widget/:type/:entityType/:objectid/:id", params, async (req) => {
+        const result = await widgetEntityDel({
+            type: req.params.type,
+            entityType: req.params.entityType,
+            objectid: req.params.objectid,
+            id: req.params.id,
+            uid: req.user?.uid,
+            userName: req.user?.user_name,
+        }, req.pg);
+        return result;
+    });
+    app.get("/widget/:type/:objectid", params, widgetGet);
     app.post("/widget/:type/:objectid/:id?", params, widgetSet);
+    // app.put("/widget/:type/:objectid/:id", params, widgetSet);
+    app.delete("/widget/:type/:objectid/:id", params, widgetDel);
     app.put("/file-edit/:id", params, fileEdit);
-    app.get("/widget/:type/:objectid", params, widgetGet);
 }

package/dist/server/routes/widget/services/widget.entity.del.d.ts

@@ -0,0 +1,26 @@
+/**
+ *
+ * @method DELETE
+ * @summary CRM дані для обраного віджета.
+ * @priority 2
+ * @tag table
+ * @type api
+ * @param {String} id Ідентифікатор child рядка (файлу, зображення, коментаря тощо)
+ * @param {Any} objectid ID parent рядка в БД, primary key
+ * @param {Any} entityType Сутність / таблиця, для збереження унікальності при використанні objectid default serial
+ * @param {String} type Тип віджету
+ * @errors 400, 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+export default function widgetEntityDel({ type, entityType, objectid, id, uid, userName }: any, pg?: any): Promise<{
+    data: {
+        id: any;
+    };
+    user: {
+        uid: any;
+        name: any;
+    };
+}>;
+//# sourceMappingURL=widget.entity.del.d.ts.map

package/dist/server/routes/widget/services/widget.entity.del.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"widget.entity.del.d.ts","sourceRoot":"","sources":["../../../../../server/routes/widget/services/widget.entity.del.ts"],"names":[],"mappings":"AAiCA;;;;;;;;;;;;;;;GAeG;AAEH,wBAA8B,eAAe,CAC3C,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,GAAG,EACtD,EAAE,MAAmB;;;;;;;;GAwEtB"}

package/dist/server/routes/widget/services/widget.entity.del.js

@@ -0,0 +1,79 @@
+import config from "../../../../config.js";
+import isFileExists from "../../../plugins/file/isFileExists.js";
+import logChanges from "../../../plugins/crud/funcs/utils/logChanges.js";
+import pgClients from "../../../plugins/pg/pgClients.js";
+import { BadRequestError, ForbiddenError, UnauthorizedError, } from "../../../../errors.js";
+const isAdmin = () => process.env.NODE_ENV === "admin" || config.admin;
+async function checkAccess({ pg, objectid, entityType, id, }) {
+    const { uid, filepath } = await pg
+        .query("select uid, file_path as filepath from crm.files where entity_id=$1 and entity_type=$2 and entity_type=$2 and file_id=$3", [objectid, entityType, id])
+        .then((el) => el.rows?.[0] || {});
+    return { uid, exists: filepath ? await isFileExists(filepath) : null };
+}
+/**
+ *
+ * @method DELETE
+ * @summary CRM дані для обраного віджета.
+ * @priority 2
+ * @tag table
+ * @type api
+ * @param {String} id Ідентифікатор child рядка (файлу, зображення, коментаря тощо)
+ * @param {Any} objectid ID parent рядка в БД, primary key
+ * @param {Any} entityType Сутність / таблиця, для збереження унікальності при використанні objectid default serial
+ * @param {String} type Тип віджету
+ * @errors 400, 500
+ * @returns {Number} status Номер помилки
+ * @returns {String|Object} error Опис помилки
+ * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами
+ */
+export default async function widgetEntityDel({ type, entityType, objectid, id, uid, userName }, pg = pgClients.client) {
+    if (!uid) {
+        throw UnauthorizedError("unauthorized");
+    }
+    if (!entityType) {
+        throw BadRequestError("not enough params: entity type");
+    }
+    if (!objectid) {
+        throw BadRequestError("not enough params: object id");
+    }
+    if (!id && type !== "reaction") {
+        throw BadRequestError("not enough params: id");
+    }
+    // force delete db entry if file not exists
+    const { exists, uid: author } = ["file", "gallery"].includes(type)
+        ? await checkAccess({ pg, objectid, entityType, id })
+        : {};
+    if (exists && !isAdmin() && uid && author !== uid) {
+        throw ForbiddenError("access restricted: file exists, not an author");
+    }
+    const sqls = {
+        comment: `delete from crm.communications where entity_id=$1 and entity_type=$2 and ${isAdmin() ? "$3=$3" : "uid=$3"} and communication_id=$4`,
+        checklist: `delete from crm.checklists where entity_id=$1 and entity_type=$2 and ${isAdmin() ? "$3=$3" : "uid=$3"} and checklist_id=$4`,
+        file: `update crm.files set file_status=3 where entity_id=$1 and entity_type=$2 and ${!exists || isAdmin() ? "$3=$3" : "uid=$3"} and file_id=$4 returning uploaded_name`,
+        gallery: `update crm.files set file_status=3 where entity_id=$1 and entity_type=$2 and ${!exists || isAdmin() ? "$3=$3" : "uid=$3"} and file_id=$4 returning uploaded_name`,
+        reaction: `delete from crm.reactions where entity_id=$1 and entity_type=$2 and ${isAdmin() ? "$3=$3" : "created_by=$3"} and $3=$3 and reaction_id=$4 returning reaction_type`,
+    };
+    const q = sqls[type];
+    const table = {
+        comment: "crm.communications",
+        checklist: "crm.checklists",
+        file: "crm.files",
+        gallery: "crm.files",
+        reaction: "crm.reactions",
+    }[type];
+    if (!q || !table) {
+        throw BadRequestError("invalid widget type");
+    }
+    const rows = await pg
+        .query(q, [objectid, entityType, uid, id || ""])
+        .then((r) => r.rows || []);
+    await logChanges({
+        pg,
+        table,
+        id: type === "reaction" ? objectid : id,
+        data: rows[0],
+        uid,
+        type: "DELETE",
+    });
+    return { data: { id }, user: { uid, name: userName } };
+}

package/dist/server/routes/widget/services/widget.entity.get.d.ts

@@ -0,0 +1,39 @@
+/**
+ * @method GET
+ * @type api
+ * @param {Any} objectid ID parent рядка в БД, primary key
+ * @param {Any} entityType Сутність / таблиця, для збереження унікальності при використанні objectid default serial
+ * @param {String} type Тип віджету
+ */
+export default function widgetEntityGet({ type, entityType, objectid, uid, userName, debug }: any, pg?: any): Promise<{
+    q: string;
+    type: any;
+    q1: string;
+    id: any;
+    data: any;
+    time?: undefined;
+    rows?: undefined;
+    user?: undefined;
+    objectid?: undefined;
+} | {
+    time: {
+        rows: number;
+        data: number;
+    };
+    rows: any;
+    user: {
+        uid: any;
+        name: any;
+    };
+    data: {
+        author: any;
+        cdate: any;
+        edate: any;
+    };
+    objectid: any;
+    q?: undefined;
+    type?: undefined;
+    q1?: undefined;
+    id?: undefined;
+}>;
+//# sourceMappingURL=widget.entity.get.d.ts.map

package/dist/server/routes/widget/services/widget.entity.get.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"widget.entity.get.d.ts","sourceRoot":"","sources":["../../../../../server/routes/widget/services/widget.entity.get.ts"],"names":[],"mappings":"AAyBA;;;;;;GAMG;AAEH,wBAA8B,eAAe,CAC3C,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,GAAG,EACzD,EAAE,MAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyKtB"}

package/dist/server/routes/widget/services/widget.entity.get.js

@@ -0,0 +1,148 @@
+import getMeta from "../../../plugins/pg/funcs/getMeta.js";
+import pgClients from "../../../plugins/pg/pgClients.js";
+import { BadRequestError, NotFoundError } from "../../../../errors.js";
+const galleryExtList = [
+    "png",
+    "svg",
+    "jpg",
+    "jpeg",
+    "gif",
+    "mp4",
+    "mov",
+    "avi",
+];
+const username = "coalesce(u.sur_name,'')||coalesce(' '||u.user_name,'') ||coalesce(' '||u.father_name,'')";
+const pkList = {
+    comment: "communication_id",
+    checklist: "checklist_id",
+    file: "file_id",
+    gallery: "file_id",
+    reaction: "reaction_id",
+};
+/**
+ * @method GET
+ * @type api
+ * @param {Any} objectid ID parent рядка в БД, primary key
+ * @param {Any} entityType Сутність / таблиця, для збереження унікальності при використанні objectid default serial
+ * @param {String} type Тип віджету
+ */
+export default async function widgetEntityGet({ type, entityType, objectid, uid, userName, debug }, pg = pgClients.client) {
+    const time = [Date.now()];
+    if (!entityType) {
+        throw BadRequestError("not enough params: entity type");
+    }
+    if (!objectid) {
+        throw BadRequestError("not enough params: id");
+    }
+    const sqls = {
+        comment: pg.pk["admin.users"]
+            ? `select communication_id, entity_id, body, subject, c.cdate, c.uid, 
+    ${username} as username, u.login, u.avatar
+    from crm.communications c
+    left join admin.users u on u.uid=c.uid 
+    where entity_id=$1 and entity_type=$2 order by cdate desc`
+            : "select communication_id, entity_id, body, subject, cdate, uid from crm.communications where entity_id=$1 and entity_type=$2 order by cdate desc",
+        history: `SELECT change_id, entity_id, entity_type, change_type, change_date, a.change_user_id, a.uid, a.cdate, b.json_agg as changes,
+      ${username} as username, u.login, u.avatar
+      FROM log.table_changes a
+      left join admin.users u on a.change_user_id = u.uid
+      left join lateral(
+        select json_agg(row_to_json(q)) from (
+          select change_data_id, entity_key, value_new, value_old from log.table_changes_data
+          where change_id=a.change_id
+        )q
+      )b on 1=1
+      where a.change_type != 'INSERT' and b.json_agg is not null and ((entity_id=$1 and entity_type=$2) or entity_id in (
+        select communication_id from crm.communications where entity_id=$1 and entity_type=$2
+        union all select checklist_id from crm.checklists where entity_id=$1 and entity_type=$2
+        union all select file_id from crm.files where entity_id=$1 and entity_type=$2) 
+      )
+      order by cdate desc limit 100`,
+        checklist: pg.pk["admin.users"]
+            ? `SELECT checklist_id, entity_id, subject, is_done, done_date, c.uid, c.cdate, ${username} as username, u.login, u.avatar
+      FROM crm.checklists c
+      left join admin.users u on u.uid=c.uid
+      where entity_id=$1 and entity_type=$2 order by cdate desc`
+            : "SELECT checklist_id, entity_id, subject, is_done, done_date, uid, cdate FROM crm.checklists where entity_id=$1 and entity_type=$2 order by cdate desc",
+        file: pg.pk["admin.users"]
+            ? `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, c.uid, c.cdate, file_type, c.ismain, 
+    ${username} as username, u.login, isverified, u.avatar, u.uid as author, file_status 
+    FROM crm.files c 
+    left join admin.users u on u.uid=c.uid
+    where entity_id=$1 and entity_type=$2 and file_status<>3 order by cdate desc`
+            : `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, uid, cdate, file_type, ismain,
+      isverified, uid as author, file_status FROM crm.files c where entity_id=$1 and entity_type=$2 and file_status<>3 order by cdate desc`,
+        gallery: pg.pk["admin.users"]
+            ? `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, c.uid, c.cdate, file_type, c.ismain,
+    ${username} as username, u.login, u.avatar, isverified, u.avatar, c.uid as author, file_status 
+    FROM crm.files c 
+    left join admin.users u on u.uid=c.uid
+    where entity_id=$1 and entity_type=$2 and file_status<>3 and ext = any($3) order by cdate desc`
+            : `SELECT file_id, entity_id, entity_type, file_path, uploaded_name, ext, size, c.uid, c.cdate, file_type, ismain,
+      isverified, uid as author, file_status FROM crm.files c where entity_id=$1 and entity_type=$2 and file_status<>3 and ext = any($3) order by cdate desc`,
+        reaction: "SELECT count(*), reaction_type FROM crm.reactions c where entity_id=$1 and entity_type=$2 group by reaction_type",
+    };
+    const q = sqls[type];
+    if (!q) {
+        throw BadRequestError("invalid widget type");
+    }
+    /* rows */
+    const rows = await pg
+        .query(q, [objectid, entityType, type === "gallery" ? galleryExtList : null].filter(Boolean))
+        .then((el) => el.rows || []);
+    time.push(Date.now());
+    rows.forEach((row) => Object.assign(row, { username: row.username?.trim?.() || row.login }));
+    /* reactions */
+    const widgetPkey = pkList[type];
+    if (type === "comment" && widgetPkey) {
+        const reactions = rows.length && uid
+            ? await pg
+                .query("select json_object_agg(entity_id, reaction_type) from crm.reactions where entity_id=any($1) and entity_type=$2 and created_by=$3", [rows.map((row) => row[widgetPkey]), entityType, uid])
+                .then((el) => el.rows?.[0]?.json_object_agg || {})
+            : {};
+        rows
+            .filter((row) => reactions[row[widgetPkey]])
+            .forEach((row) => {
+            Object.assign(row, { reaction: reactions[row[widgetPkey]] });
+        });
+    }
+    /* Object info  */
+    const { pk, columns = [] } = await getMeta({ pg, table: entityType });
+    const authorIdColumn = columns.find((col) => ["uid", "created_by"].includes(col.name))?.name;
+    if (!pk &&
+        type === "history" &&
+        process.env.NODE_ENV !== "test" &&
+        !process.env.VITEST) {
+        throw NotFoundError("log table not found");
+    }
+    const cdateColumn = columns.find((col) => ["cdate", "created_at"].includes(col.name))?.name;
+    const editorDateColumn = columns.find((col) => ["editor_date", "updated_at"].includes(col.name))?.name;
+    const q1 = `select ${username} as author, u.login ${cdateColumn ? `,a.${cdateColumn} as cdate` : ""} ${editorDateColumn ? `,a.${editorDateColumn} as editor_date` : ""} from ${entityType} a 
+  left join admin.users u on a.${authorIdColumn}=u.uid where a.${pk}=$1 limit 1`;
+    const data = pg.pk["admin.users"] && pk && entityType
+        ? await pg
+            .query(q1, [objectid, type === "gallery" ? galleryExtList : null].filter(Boolean))
+            .then((el) => el.rows?.[0] || {})
+        : {};
+    time.push(Date.now());
+    if (debug) {
+        return {
+            q,
+            type,
+            q1,
+            id: objectid,
+            data,
+        };
+    }
+    return {
+        time: { rows: time[1] - time[0], data: time[2] - time[1] },
+        rows,
+        user: { uid, name: userName },
+        data: {
+            author: data?.author,
+            cdate: data?.cdate,
+            edate: data?.editor_date,
+        },
+        objectid,
+    };
+}

package/dist/server/routes/widget/services/widget.entity.set.d.ts

@@ -0,0 +1,22 @@
+/**
+ * @method POST|PUT
+ * @type api
+ * @param {String} id Ідентифікатор child рядка (файлу, зображення, коментаря тощо)
+ * @param {Any} objectid ID parent рядка в БД, primary key
+ * @param {Any} entityType Сутність / таблиця, для збереження унікальності при використанні objectid default serial
+ * @param {String} type Тип віджету
+ */
+export default function widgetEntitySet({ type, entityType, objectid, id, uid, reqPath, file, body }: any, pg?: any): Promise<{
+    rowCount: number;
+    data: string;
+    command: string;
+    id: any;
+    entity_id: any;
+} | {
+    rowCount: any;
+    data: string;
+    command: any;
+    id: any;
+    entity_id?: undefined;
+}>;
+//# sourceMappingURL=widget.entity.set.d.ts.map

package/dist/server/routes/widget/services/widget.entity.set.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"widget.entity.set.d.ts","sourceRoot":"","sources":["../../../../../server/routes/widget/services/widget.entity.set.ts"],"names":[],"mappings":"AAoCA;;;;;;;GAOG;AAEH,wBAA8B,eAAe,CAC3C,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,GAAG,EACjE,EAAE,MAAmB;;;;;;;;;;;;GAiHtB"}

package/dist/server/routes/widget/services/widget.entity.set.js

@@ -0,0 +1,131 @@
+import path from "node:path";
+import pgClients from "../../../plugins/pg/pgClients.js";
+import getMeta from "../../../plugins/pg/funcs/getMeta.js";
+import dataInsert from "../../../plugins/crud/funcs/dataInsert.js";
+import dataUpdate from "../../../plugins/crud/funcs/dataUpdate.js";
+import { applyHook } from "../../../../utils.js";
+import { BadRequestError, NotFoundError } from "../../../../errors.js";
+const tableList = {
+    comment: "crm.communications",
+    gallery: "crm.files",
+    file: "crm.files",
+    checklist: "crm.checklists",
+    reaction: "crm.reactions",
+};
+const pkList = {
+    comment: "communication_id",
+    checklist: "checklist_id",
+    file: "file_id",
+    gallery: "file_id",
+    reaction: "reaction_id",
+};
+const galleryExtList = [
+    "png",
+    "svg",
+    "jpg",
+    "jpeg",
+    "gif",
+    "mp4",
+    "mov",
+    "avi",
+];
+/**
+ * @method POST|PUT
+ * @type api
+ * @param {String} id Ідентифікатор child рядка (файлу, зображення, коментаря тощо)
+ * @param {Any} objectid ID parent рядка в БД, primary key
+ * @param {Any} entityType Сутність / таблиця, для збереження унікальності при використанні objectid default serial
+ * @param {String} type Тип віджету
+ */
+export default async function widgetEntitySet({ type, entityType, objectid, id, uid, reqPath, file, body }, pg = pgClients.client) {
+    if (!pkList[type] || !tableList[type]) {
+        throw BadRequestError("param type not valid");
+    }
+    if (!entityType) {
+        throw BadRequestError("not enough params: entity type");
+    }
+    if (!objectid) {
+        throw BadRequestError("not enough params: id");
+    }
+    const table = tableList[type];
+    if (file) {
+        const extName = path
+            .extname(file.filepath || "")
+            .slice(1)
+            .toLowerCase();
+        const data = {
+            uploaded_name: file?.originalFilename
+                ?.toLocaleLowerCase()
+                ?.replace(/'/g, "''"),
+            file_path: file?.relativeFilepath?.replace(/\\/g, "/"),
+            ext: extName,
+            size: file?.size,
+            file_status: 1,
+            uid: uid || 1,
+            entity_id: objectid,
+            entity_type: entityType,
+        };
+        if (type === "gallery" && !galleryExtList.includes(extName.toLowerCase())) {
+            throw BadRequestError("invalid file extension");
+        }
+        const row = await dataInsert({
+            pg,
+            table: "crm.files",
+            data,
+            uid,
+        }).then((r) => r.rows?.[0]);
+        if (type === "gallery") {
+            await pg.query(`update crm.files set ismain=true 
+      where entity_id=$1 and entity_type=$2
+      and file_id=$3
+      and (select count(*) = 0 from crm.files where entity_id=$1 and entity_type=$2 and ismain)`, [objectid, entityType, row?.file_id]);
+        }
+        return {
+            rowCount: 1,
+            data: "ok",
+            command: "UPLOAD",
+            id: row?.file_id,
+            entity_id: row?.entity_id,
+        };
+    }
+    const { pk } = await getMeta({ pg, table });
+    if (!pk) {
+        throw NotFoundError("table not found");
+    }
+    const data = { ...body, uid, entity_id: objectid, entity_type: entityType };
+    await applyHook("onWidgetSet", {
+        pg,
+        link: reqPath,
+        id,
+        objectid,
+        entityType,
+        user: { uid },
+        type,
+        payload: data,
+    });
+    const result = id
+        ? await dataUpdate({
+            pg,
+            table,
+            data,
+            id,
+            uid,
+        })
+        : await dataInsert({
+            pg,
+            table,
+            data,
+            uid,
+        });
+    // put w/ out file
+    if (type === "gallery" && body?.ismain && id) {
+        await pg.query(`update crm.files set ismain=false 
+      where entity_id=$1 and entity_type=$2 and file_id<>$3`, [objectid, entityType, id]);
+    }
+    return {
+        rowCount: result.rowCount,
+        data: "ok",
+        command: result.command,
+        id: result.rows?.[0]?.[pkList[type]] || result?.[pkList[type]],
+    };
+}

package/dist/server/types/errors.d.ts

@@ -0,0 +1,14 @@
+import createError from "@fastify/error";
+export declare const NotFoundError: createError.FastifyErrorConstructor<{
+    code: "NOT_FOUND_ERROR";
+    statusCode: 404;
+}, [any?, any?, any?]>;
+export declare const BadRequestError: createError.FastifyErrorConstructor<{
+    code: "BAD_REQUEST_ERROR";
+    statusCode: 400;
+}, [any?, any?, any?]>;
+export declare const PayloadTooLargeError: createError.FastifyErrorConstructor<{
+    code: "PAYLOAD_TOO_LARGE_ERROR";
+    statusCode: 413;
+}, [any?, any?, any?]>;
+//# sourceMappingURL=errors.d.ts.map

package/dist/server/types/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../server/types/errors.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,gBAAgB,CAAC;AACzC,eAAO,MAAM,aAAa;;;sBAIzB,CAAC;AACF,eAAO,MAAM,eAAe;;;sBAI3B,CAAC;AACF,eAAO,MAAM,oBAAoB;;;sBAIhC,CAAC"}

package/dist/server/types/errors.js

@@ -0,0 +1,4 @@
+import createError from "@fastify/error";
+export const NotFoundError = createError("NOT_FOUND_ERROR", "Resource not found: %s", 404);
+export const BadRequestError = createError("BAD_REQUEST_ERROR", "Bad request: %s", 400);
+export const PayloadTooLargeError = createError("PAYLOAD_TOO_LARGE_ERROR", "Payload Too Large: %s", 413);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "2.4.5",
+  "version": "2.4.7",
   "type": "module",
   "description": "core-plugins",
   "keywords": [