npm - @things-factory/operato-hub - Versions diffs - 4.3.769 → 4.3.771 - Mend

@things-factory/operato-hub 4.3.769 → 4.3.771

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/server/routers/api/restful-apis/v1/warehouse/get-release-order-details.ts CHANGED Viewed

@@ -141,7 +141,8 @@ router.get(
             zone: src.loc_zone,
             warehouse: {
               name: src.warehouse_name,
-              description: src.warehouse_description
+              description: src.warehouse_description,
+              refCode: src.warehouse_ref_code
             }
           },
           orderProducts: orderProducts.find(op => op.id === src.oi_order_product_id),

package/server/routers/api/restful-apis/v1/warehouse/get-return-order-details.ts CHANGED Viewed

@@ -121,7 +121,8 @@ router.get(
               warehouse: {
                 id: orderInv.inventory?.location?.warehouse?.id,
                 name: orderInv.inventory?.location?.warehouse?.name,
-                description: orderInv.inventory?.location?.warehouse?.description
+                description: orderInv.inventory?.location?.warehouse?.description,
+                refCode: orderInv.inventory?.location?.warehouse?.refCode
               }
             }
           }

package/server/routers/api/restful-apis/v1/warehouse/index.ts CHANGED Viewed

@@ -17,6 +17,7 @@ import './get-inbound-order-list'
 import './get-inventory-adjustment-details'
 import './get-inventory-adjustment-list'
 import './get-inventory-product-group-list'
+import './get-inventory-warehouse-group-list'
 import './get-manifest-details'
 import './get-onhand-inventory-list'
 import './get-release-order-details'

package/server/routers/api/restful-apis/v1/warehouse/update-release-order-details.ts CHANGED Viewed

@@ -448,10 +448,12 @@ async function removeOrderProducts(tx: EntityManager, orderProductIds: string[],
             .createQueryBuilder()
             .update(Inventory)
             .set({
-              lockedQty: () => `COALESCE(locked_qty, 0) - ${oiReleaseQty}`,
-              lockedUomValue: () => `COALESCE(locked_uom_value, 0) - ${oiReleaseUomValue}`,
+              lockedQty: () => `GREATEST(COALESCE(locked_qty, 0) - :releaseQty::numeric, 0)`,
+              lockedUomValue: () => `GREATEST(COALESCE(locked_uom_value, 0) - :releaseUomValue::numeric, 0)`,
               updater: orderProductEntity.updater
             })
+            .setParameter('releaseQty', oiReleaseQty)
+            .setParameter('releaseUomValue', oiReleaseUomValue)
             .where('id = :id', { id: inventoryEntity.id })
             .execute()
         }
@@ -490,9 +492,11 @@ async function removeOrderProducts(tx: EntityManager, orderProductIds: string[],
           .createQueryBuilder()
           .update(ProductDetailStock)
           .set({
-            unassignedQty: () => `"unassigned_qty" - ${releaseQty}`,
-            unassignedUomValue: () => `"unassigned_uom_value" - ${releaseUomValue}`
+            unassignedQty: () => `GREATEST("unassigned_qty" - :releaseQty::numeric, 0)`,
+            unassignedUomValue: () => `GREATEST("unassigned_uom_value" - :releaseUomValue::numeric, 0)`
           })
+          .setParameter('releaseQty', releaseQty)
+          .setParameter('releaseUomValue', releaseUomValue)
           .where({ productDetail: productDetail.id })
           .execute()
       }
@@ -560,9 +564,11 @@ async function updateExistingOrderProduct(
       .createQueryBuilder()
       .update(ProductDetailStock)
       .set({
-        unassignedQty: () => `"unassigned_qty" + ${qtyDiff}`,
-        unassignedUomValue: () => `"unassigned_uom_value" + ${uomValueDiff}`
+        unassignedQty: () => `"unassigned_qty" + :qtyDiff::numeric`,
+        unassignedUomValue: () => `"unassigned_uom_value" + :uomValueDiff::numeric`
       })
+      .setParameter('qtyDiff', qtyDiff)
+      .setParameter('uomValueDiff', uomValueDiff)
       .where({ productDetail: existing.productDetail.id })
       .execute()
   }
@@ -634,10 +640,12 @@ async function updateOrderInventoriesForQtyChange(
           .createQueryBuilder()
           .update(Inventory)
           .set({
-            lockedQty: () => `COALESCE(locked_qty, 0) - ${deductQty}`,
-            lockedUomValue: () => `COALESCE(locked_uom_value, 0) - ${deductUomValue}`,
+            lockedQty: () => `GREATEST(COALESCE(locked_qty, 0) - :deductQty::numeric, 0)`,
+            lockedUomValue: () => `GREATEST(COALESCE(locked_uom_value, 0) - :deductUomValue::numeric, 0)`,
             updater: user
           })
+          .setParameter('deductQty', deductQty)
+          .setParameter('deductUomValue', deductUomValue)
           .where('id = :id', { id: inventory.id })
           .execute()
       }
@@ -843,7 +851,6 @@ async function assignAdditionalInventory(
           acc.query.push(`${itm.query} ${itm?.operator ? itm.operator : '='} $${acc.values.length + 1}`)
           break
       }
-      acc.query.push(`${itm.query} ${itm?.operator ? itm.operator : '='} $${acc.values.length + 1}`)
       return acc
     },
     {
@@ -895,6 +902,14 @@ async function assignAdditionalInventory(
   const releaseShelfLifeParamIndex = params.length + 1
   params.push(releaseShelfLifeOverride)
+  // Add seed row parameters to avoid SQL injection
+  const seedUomIdx = params.length + 1
+  const seedPackingTypeIdx = params.length + 2
+  const seedPackingSizeIdx = params.length + 3
+  const seedReleaseQtyIdx = params.length + 4
+  const seedReleaseUomValueIdx = params.length + 5
+  params.push(uom, orderProduct.packingType, orderProduct.packingSize, qtyDiff, uomValueDiff)
   // Build the sophisticated SQL query with window functions
   let query = `
     update inventories tgt set locked_qty = coalesce(locked_qty,0) + src.reserve_qty,
@@ -915,12 +930,10 @@ async function assignAdditionalInventory(
           ) as available_qty,
           sum(qty - locked_qty - release_qty - unassigned_qty) over (order by sort_seq asc rows between unbounded preceding and current row) as lock_amount
           from (
-            SELECT 0 as sort_seq, null as id, null as pallet_id, null as batch_id, null as batch_id_ref,
-            null as unit, '${uom}' as uom, '${orderProduct.packingType}' as packing_type, '${
-    orderProduct.packingSize
-  }' as packing_size,
+            SELECT 0 as sort_seq, null as id, null as pallet_id, null as batch_id, null as batch_id_ref,
+            null as unit, $${seedUomIdx} as uom, $${seedPackingTypeIdx} as packing_type, $${seedPackingSizeIdx} as packing_size,
             null as manufacture_year, null as carton_id, 0 as uom_value, 0 as locked_uom_value, 0 as qty, 0 as locked_qty, 0 as unassigned_uom_value, 0 as unassigned_qty, null as created_at,
-            ${qtyDiff}::numeric as release_qty, ${uomValueDiff}::numeric as release_uom_value
+            $${seedReleaseQtyIdx}::numeric as release_qty, $${seedReleaseUomValueIdx}::numeric as release_uom_value
             UNION
             (
               SELECT ROW_NUMBER() OVER(PARTITION BY iv.domain_id ORDER BY wiar.rank ${
@@ -959,33 +972,49 @@ async function assignAdditionalInventory(
           ) dt1
         ) dt2 where case when "lock_amount" < 0 then "available_qty" else "available_qty" - "lock_amount" end > 0
       ) dt3 where sort_seq > 0
-    ) src where src.id = tgt.id
-    returning
-      tgt."id", tgt."qty", tgt."pallet_id", tgt."carton_id", tgt."batch_id", tgt."batch_id_ref", tgt."unit",
-      tgt."uom", tgt."packing_type", tgt."packing_size", tgt."manufacture_year",
+    ) src where src.id = tgt.id AND tgt.qty >= coalesce(tgt.locked_qty, 0) + src.reserve_qty
+    returning
+      tgt."id", tgt."qty", tgt."pallet_id", tgt."carton_id", tgt."batch_id", tgt."batch_id_ref", tgt."unit",
+      tgt."uom", tgt."packing_type", tgt."packing_size", tgt."manufacture_year",
       tgt."locked_qty", tgt."uom_value", tgt."locked_uom_value", src."reserve_qty", src."reserve_uom_value";`
-  let updatedInventories = await tx.getRepository(Inventory).query(query, params)
+  const MAX_ASSIGN_RETRIES = 3
+  const RETRY_DELAY_MS = 10
+  let updatedInventories
-  let totalAssigned =
-    updatedInventories[0]?.reduce((acc: number, inv: any) => {
-      return acc + inv.reserve_qty
-    }, 0) || 0
+  for (let attempt = 1; attempt <= MAX_ASSIGN_RETRIES; attempt++) {
+    await tx.query('SAVEPOINT assign_retry')
-  // For non-decimal products, round the values before comparison
-  let roundedQtyDiff = qtyDiff
-  if (!product.isInventoryDecimal) {
-    roundedQtyDiff = Math.round(qtyDiff)
-    totalAssigned = Math.round(totalAssigned)
-  } else {
-    // For decimal products, round to 3 decimal places
-    roundedQtyDiff = Math.round(qtyDiff * 1000) / 1000
-    totalAssigned = Math.round(totalAssigned * 1000) / 1000
-  }
+    updatedInventories = await tx.getRepository(Inventory).query(query, params)
+    let totalAssigned =
+      updatedInventories[0]?.reduce((acc: number, inv: any) => {
+        return acc + Number(inv.reserve_qty)
+      }, 0) || 0
+    // For non-decimal products, round the values before comparison
+    let roundedQtyDiff = qtyDiff
+    if (!product.isInventoryDecimal) {
+      roundedQtyDiff = Math.round(qtyDiff)
+      totalAssigned = Math.round(totalAssigned)
+    } else {
+      // For decimal products, round to 3 decimal places
+      roundedQtyDiff = Math.round(qtyDiff * 1000) / 1000
+      totalAssigned = Math.round(totalAssigned * 1000) / 1000
+    }
+    if (Math.abs(roundedQtyDiff - totalAssigned) > 0.001) {
+      await tx.query('ROLLBACK TO SAVEPOINT assign_retry')
+      if (attempt < MAX_ASSIGN_RETRIES) {
+        await new Promise(resolve => setTimeout(resolve, RETRY_DELAY_MS))
+        continue
+      }
+      // Using small epsilon for float comparison
+      throw new ApiError('E01', 'INSUFFICIENT_STOCK')
+    }
-  if (Math.abs(roundedQtyDiff - totalAssigned) > 0.001) {
-    // Using small epsilon for float comparison
-    throw new ApiError('E01', 'INSUFFICIENT_STOCK')
+    await tx.query('RELEASE SAVEPOINT assign_retry')
+    break
   }
   // Create order inventory records for each assigned inventory
@@ -1225,9 +1254,11 @@ async function addNewOrderProduct(
       .createQueryBuilder()
       .update(ProductDetailStock)
       .set({
-        unassignedQty: () => `"unassigned_qty" + ${roundedReleaseQty}`,
-        unassignedUomValue: () => `"unassigned_uom_value" + ${releaseUomValue}`
+        unassignedQty: () => `"unassigned_qty" + :releaseQty::numeric`,
+        unassignedUomValue: () => `"unassigned_uom_value" + :releaseUomValue::numeric`
       })
+      .setParameter('releaseQty', roundedReleaseQty)
+      .setParameter('releaseUomValue', releaseUomValue)
       .where({ productDetail: productDetail.id })
       .execute()
   }

package/server/routers/xilnex-router.ts CHANGED Viewed

@@ -1281,6 +1281,7 @@ async function assignToInventory(orderProducts: OrderProduct[], customerBizplace
     let queryFilters = []
+    // TODO: Fix reducer bugs — typo itm.filtes -> itm.filters, duplicate acc.query.push, missing return acc
     let queryStrings = queryFilters.reduce(
       (acc, itm, idx, arr) => {
         acc.values.push(itm.filters)
@@ -1332,7 +1333,9 @@ async function assignToInventory(orderProducts: OrderProduct[], customerBizplace
               qty - locked_qty as available_qty,
               sum(qty - locked_qty - release_qty) over (order by sort_seq asc rows between unbounded preceding and current row) as lock_amount
               from (
-                SELECT 0 as sort_seq, null as id, null as pallet_id, null as batch_id, null as batch_id_ref,
+                // TODO: Replace template literal interpolation with $N positional parameters (see unstable/add-release-order.ts for pattern)
+                // String values (uom, packingType, packingSize) are SQL injection vectors; numeric values need ::numeric casts
+                SELECT 0 as sort_seq, null as id, null as pallet_id, null as batch_id, null as batch_id_ref,
                 null as unit, '${orderInventory.uom}' as uom, '${orderInventory.packingType}' as packing_type, '${
         orderInventory.packingSize
       }' as packing_size,
@@ -1352,12 +1355,14 @@ async function assignToInventory(orderProducts: OrderProduct[], customerBizplace
                   WHERE case when coalesce("iv"."locked_qty",0) < 0 then 0 else ("iv"."qty" - coalesce("iv"."locked_qty",0)) end > 0 AND
                    "iv"."domain_id" = $2 AND "iv"."bizplace_id" = $3 AND "iv"."packing_type" = $4 AND "iv"."packing_size" = $5 AND  "iv"."product_id" = $6 AND "iv"."status" = $7 AND "loc"."type" NOT IN ($8, $9)
                   AND "iv"."obsolete" = false AND case when "iv"."expiration_date" is not null and "p"."min_outbound_shelf_life" is not null then CURRENT_DATE < "iv"."expiration_date" - "p"."min_outbound_shelf_life" else true end
-                  ${queryStrings.query.length > 0 ? `AND ${queryStrings.join(' AND ')}` : ''}
+                  ${queryStrings.query.length > 0 ? `AND ${queryStrings.query.join(' AND ')}` : ''}
                   ORDER BY ${sortQuery}
                 )
               ) dt1
             ) dt2 where case when "lock_amount" < 0 then "available_qty" else "available_qty" - "lock_amount" end > 0
           ) dt3 where sort_seq > 0
+        // TODO: Add over-assignment guard: AND tgt.qty >= coalesce(tgt.locked_qty, 0) + src.reserve_qty
+        // TODO: Add SAVEPOINT retry logic with Number() cast on reserve_qty (see v1/add-release-order.ts for pattern)
         ) src where src.id = tgt.id
         returning
           tgt."id", tgt."qty", tgt."pallet_id", tgt."carton_id", tgt."batch_id", tgt."batch_id_ref", tgt."unit",