@websy/websy-designs 1.12.0 → 1.12.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/helpers/v1/pgHelper.js +16 -9
- package/dist/server/websy-designs-server.js +28 -21
- package/dist/websy-designs-es6.debug.js +3 -2
- package/dist/websy-designs-es6.js +3 -2
- package/dist/websy-designs-es6.min.js +1 -1
- package/dist/websy-designs.debug.js +3 -2
- package/dist/websy-designs.js +3 -2
- package/dist/websy-designs.min.js +1 -1
- package/package.json +1 -1
|
@@ -79,7 +79,7 @@ class PGHelper {
|
|
|
79
79
|
this.pool = pool
|
|
80
80
|
this.onReadyAuthCallbackFn = null
|
|
81
81
|
this.onReadyShopCallbackFn = null
|
|
82
|
-
this.options = { entityConfig: {}, fieldValueSeparator: ':' }
|
|
82
|
+
this.options = { entityConfig: {}, fieldValueSeparator: ':', whereValueSeparator: ';' }
|
|
83
83
|
this.updateIgnores = [
|
|
84
84
|
'id',
|
|
85
85
|
'create_date'
|
|
@@ -294,6 +294,8 @@ class PGHelper {
|
|
|
294
294
|
return sql
|
|
295
295
|
}
|
|
296
296
|
buildWhere (input, entity) {
|
|
297
|
+
// console.log('building where', input)
|
|
298
|
+
|
|
297
299
|
if (typeof input === 'undefined' || input.trim() === '') {
|
|
298
300
|
return '1=1'
|
|
299
301
|
}
|
|
@@ -306,17 +308,19 @@ class PGHelper {
|
|
|
306
308
|
}
|
|
307
309
|
// console.log('where input', input)
|
|
308
310
|
// console.log('splitter is', this.options.fieldValueSeparator)
|
|
309
|
-
|
|
310
|
-
|
|
311
|
+
// console.log('splitter is', this.options.whereValueSeparator)
|
|
312
|
+
let list = input.split(this.options.whereValueSeparator).map(d => {
|
|
313
|
+
let parts = d.split(this.options.fieldValueSeparator)
|
|
314
|
+
// console.log(parts)
|
|
311
315
|
if (parts.length === 2) {
|
|
312
316
|
let partValues = parts[1]
|
|
313
317
|
partValues = partValues.split('|')
|
|
314
|
-
if (partValues.length === 1) {
|
|
315
|
-
if (parts[1].indexOf('
|
|
316
|
-
return `${entity ? entity + '.' : ''}${parts[0]} > '${parts[1].replace('
|
|
318
|
+
if (partValues.length === 1) {
|
|
319
|
+
if (parts[1].indexOf('_gt') !== -1) {
|
|
320
|
+
return `${entity ? entity + '.' : ''}${parts[0]} > '${parts[1].replace('_gt', '')}'`
|
|
317
321
|
}
|
|
318
|
-
else if (parts[1].indexOf('
|
|
319
|
-
return `${entity ? entity + '.' : ''}${parts[0]} < '${parts[1].replace('
|
|
322
|
+
else if (parts[1].indexOf('_lt') !== -1) {
|
|
323
|
+
return `${entity ? entity + '.' : ''}${parts[0]} < '${parts[1].replace('_lt', '')}'`
|
|
320
324
|
}
|
|
321
325
|
else if (parts[1].indexOf('%') !== -1) {
|
|
322
326
|
return `LOWER(${entity ? entity + '.' : ''}${parts[0]}) LIKE '${parts[1]}'`
|
|
@@ -335,7 +339,9 @@ class PGHelper {
|
|
|
335
339
|
return `${entity ? entity + '.' : ''}${parts[0]} <> '${parts[1]}'`
|
|
336
340
|
}
|
|
337
341
|
}
|
|
338
|
-
})
|
|
342
|
+
})
|
|
343
|
+
// console.log(list)
|
|
344
|
+
|
|
339
345
|
return `
|
|
340
346
|
${list.length > 0 ? list.join(' AND ') : ''}
|
|
341
347
|
`
|
|
@@ -432,6 +438,7 @@ class PGHelper {
|
|
|
432
438
|
})
|
|
433
439
|
}
|
|
434
440
|
execute (query) {
|
|
441
|
+
console.log(query)
|
|
435
442
|
return new Promise((resolve, reject) => {
|
|
436
443
|
// console.log(query)
|
|
437
444
|
if (query !== null) {
|
|
@@ -3,7 +3,6 @@ const bodyParser = require('body-parser')
|
|
|
3
3
|
const cookieParser = require('cookie-parser')
|
|
4
4
|
const expressSession = require('express-session')
|
|
5
5
|
const sanitizer = require('perfect-express-sanitizer')
|
|
6
|
-
|
|
7
6
|
module.exports = function (options) {
|
|
8
7
|
return new Promise((resolve, reject) => {
|
|
9
8
|
const unless = function (middleware) {
|
|
@@ -47,16 +46,24 @@ module.exports = function (options) {
|
|
|
47
46
|
res.header('Access-Control-Allow-Credentials', true)
|
|
48
47
|
res.header('Access-Control-Allow-Headers', 'Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Content-Type, Authorization, X-Requested-With, Set-Cookie')
|
|
49
48
|
next()
|
|
50
|
-
}
|
|
49
|
+
}
|
|
50
|
+
const checkReferrer = (req, res, next) => {
|
|
51
|
+
if (typeof req.headers.referer === 'undefined') {
|
|
52
|
+
res.status(403)
|
|
53
|
+
res.send('Forbidden')
|
|
54
|
+
return
|
|
55
|
+
}
|
|
56
|
+
next()
|
|
57
|
+
}
|
|
51
58
|
// IMPLEMENT SESSION LOGIC HERE
|
|
52
59
|
app.use(allowCrossDomain)
|
|
53
|
-
app.use(
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
)
|
|
60
|
+
// app.use(
|
|
61
|
+
// sanitizer.clean({
|
|
62
|
+
// xss: true,
|
|
63
|
+
// noSql: true,
|
|
64
|
+
// sql: true
|
|
65
|
+
// })
|
|
66
|
+
// )
|
|
60
67
|
app.get('/health', (req, res) => {
|
|
61
68
|
res.json('OK')
|
|
62
69
|
})
|
|
@@ -158,24 +165,17 @@ module.exports = function (options) {
|
|
|
158
165
|
}
|
|
159
166
|
}
|
|
160
167
|
else {
|
|
161
|
-
let excludedRoutes = process.env.EXCLUDED_ROUTES.split(',')
|
|
162
|
-
console.log('secure routes', secureRoutes)
|
|
163
|
-
console.log('excluded routes', excludedRoutes)
|
|
164
|
-
console.log('path', req.path)
|
|
165
|
-
console.log('index of', excludedRoutes.indexOf(req.path))
|
|
168
|
+
let excludedRoutes = process.env.EXCLUDED_ROUTES.split(',')
|
|
166
169
|
if (secureRoutes === true) {
|
|
167
170
|
excludedRoutes.push('/resources', '/scripts', '/styles', '/external', '/templates', '/fonts')
|
|
168
171
|
}
|
|
169
|
-
if (secureRoutes === false && excludedRoutes.indexOf('/' + req.path.split('/')[1]) !== -1) {
|
|
170
|
-
console.log('in condition A')
|
|
172
|
+
if (secureRoutes === false && excludedRoutes.indexOf('/' + req.path.split('/')[1]) !== -1) {
|
|
171
173
|
app.authHelper.isLoggedIn(req, res, next)
|
|
172
174
|
}
|
|
173
|
-
else if (secureRoutes === true && excludedRoutes.indexOf('/' + req.path.split('/')[1]) === -1) {
|
|
174
|
-
console.log('in condition B')
|
|
175
|
+
else if (secureRoutes === true && excludedRoutes.indexOf('/' + req.path.split('/')[1]) === -1) {
|
|
175
176
|
app.authHelper.isLoggedIn(req, res, next)
|
|
176
177
|
}
|
|
177
|
-
else {
|
|
178
|
-
console.log('in condition C')
|
|
178
|
+
else {
|
|
179
179
|
next()
|
|
180
180
|
}
|
|
181
181
|
// secureRoutes === false && excludedRoutes.indexOf(req.path) !== -1 && app.authHelper.isLoggedIn(req, res, next)
|
|
@@ -188,7 +188,14 @@ module.exports = function (options) {
|
|
|
188
188
|
}
|
|
189
189
|
app.use(protectedRoutes)
|
|
190
190
|
if (options.useAPI === true) {
|
|
191
|
-
|
|
191
|
+
console.log('allowed keys', options.allowedKeys)
|
|
192
|
+
|
|
193
|
+
app.use('/api', sanitizer.clean({
|
|
194
|
+
xss: true,
|
|
195
|
+
noSql: true,
|
|
196
|
+
sql: true,
|
|
197
|
+
allowedKeys: options.allowedKeys || []
|
|
198
|
+
}), checkReferrer, protectedRoutes, require(`./routes/${version}/api`)(dbHelper, app.authHelper))
|
|
192
199
|
}
|
|
193
200
|
if (options.useShop === true) {
|
|
194
201
|
app.use('/shop', protectedRoutes, require(`./routes/${version}/shop`)(dbHelper, options.dbEngine, app))
|
|
@@ -35,7 +35,8 @@ class APIService {
|
|
|
35
35
|
constructor (baseUrl = '', options = {}) {
|
|
36
36
|
this.baseUrl = baseUrl
|
|
37
37
|
this.options = Object.assign({}, {
|
|
38
|
-
fieldValueSeparator: ':'
|
|
38
|
+
fieldValueSeparator: ':',
|
|
39
|
+
whereValueSeparator: ';'
|
|
39
40
|
}, options)
|
|
40
41
|
}
|
|
41
42
|
add (entity, data, options = {}) {
|
|
@@ -49,7 +50,7 @@ class APIService {
|
|
|
49
50
|
if (id) {
|
|
50
51
|
query.push(`id${this.options.fieldValueSeparator}${id}`)
|
|
51
52
|
}
|
|
52
|
-
return `${this.baseUrl}/${entity}${query.length > 0 ? `${entity.indexOf('?') === -1 ? '?' : '&'}where=${query.join(
|
|
53
|
+
return `${this.baseUrl}/${entity}${query.length > 0 ? `${entity.indexOf('?') === -1 ? '?' : '&'}where=${query.join(this.options.whereValueSeparator)}` : ''}`
|
|
53
54
|
}
|
|
54
55
|
delete (entity, id) {
|
|
55
56
|
const url = this.buildUrl(entity, id)
|
|
@@ -57,7 +57,8 @@ var APIService = /*#__PURE__*/function () {
|
|
|
57
57
|
_classCallCheck(this, APIService);
|
|
58
58
|
this.baseUrl = baseUrl;
|
|
59
59
|
this.options = _extends({}, {
|
|
60
|
-
fieldValueSeparator: ':'
|
|
60
|
+
fieldValueSeparator: ':',
|
|
61
|
+
whereValueSeparator: ';'
|
|
61
62
|
}, options);
|
|
62
63
|
}
|
|
63
64
|
_createClass(APIService, [{
|
|
@@ -76,7 +77,7 @@ var APIService = /*#__PURE__*/function () {
|
|
|
76
77
|
if (id) {
|
|
77
78
|
query.push("id".concat(this.options.fieldValueSeparator).concat(id));
|
|
78
79
|
}
|
|
79
|
-
return "".concat(this.baseUrl, "/").concat(entity).concat(query.length > 0 ? "".concat(entity.indexOf('?') === -1 ? '?' : '&', "where=").concat(query.join(
|
|
80
|
+
return "".concat(this.baseUrl, "/").concat(entity).concat(query.length > 0 ? "".concat(entity.indexOf('?') === -1 ? '?' : '&', "where=").concat(query.join(this.options.whereValueSeparator)) : '');
|
|
80
81
|
}
|
|
81
82
|
}, {
|
|
82
83
|
key: "delete",
|