@websy/websy-designs 1.12.0 → 1.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -79,7 +79,7 @@ class PGHelper {
79
79
  this.pool = pool
80
80
  this.onReadyAuthCallbackFn = null
81
81
  this.onReadyShopCallbackFn = null
82
- this.options = { entityConfig: {}, fieldValueSeparator: ':' }
82
+ this.options = { entityConfig: {}, fieldValueSeparator: ':', whereValueSeparator: ';' }
83
83
  this.updateIgnores = [
84
84
  'id',
85
85
  'create_date'
@@ -294,6 +294,8 @@ class PGHelper {
294
294
  return sql
295
295
  }
296
296
  buildWhere (input, entity) {
297
+ // console.log('building where', input)
298
+
297
299
  if (typeof input === 'undefined' || input.trim() === '') {
298
300
  return '1=1'
299
301
  }
@@ -306,17 +308,19 @@ class PGHelper {
306
308
  }
307
309
  // console.log('where input', input)
308
310
  // console.log('splitter is', this.options.fieldValueSeparator)
309
- let list = input.split(';').map(d => {
310
- let parts = d.split(this.options.fieldValueSeparator)
311
+ // console.log('splitter is', this.options.whereValueSeparator)
312
+ let list = input.split(this.options.whereValueSeparator).map(d => {
313
+ let parts = d.split(this.options.fieldValueSeparator)
314
+ // console.log(parts)
311
315
  if (parts.length === 2) {
312
316
  let partValues = parts[1]
313
317
  partValues = partValues.split('|')
314
- if (partValues.length === 1) {
315
- if (parts[1].indexOf('>') !== -1) {
316
- return `${entity ? entity + '.' : ''}${parts[0]} > '${parts[1].replace('>', '')}'`
318
+ if (partValues.length === 1) {
319
+ if (parts[1].indexOf('_gt') !== -1) {
320
+ return `${entity ? entity + '.' : ''}${parts[0]} > '${parts[1].replace('_gt', '')}'`
317
321
  }
318
- else if (parts[1].indexOf('<') !== -1) {
319
- return `${entity ? entity + '.' : ''}${parts[0]} < '${parts[1].replace('<', '')}'`
322
+ else if (parts[1].indexOf('_lt') !== -1) {
323
+ return `${entity ? entity + '.' : ''}${parts[0]} < '${parts[1].replace('_lt', '')}'`
320
324
  }
321
325
  else if (parts[1].indexOf('%') !== -1) {
322
326
  return `LOWER(${entity ? entity + '.' : ''}${parts[0]}) LIKE '${parts[1]}'`
@@ -335,7 +339,9 @@ class PGHelper {
335
339
  return `${entity ? entity + '.' : ''}${parts[0]} <> '${parts[1]}'`
336
340
  }
337
341
  }
338
- })
342
+ })
343
+ // console.log(list)
344
+
339
345
  return `
340
346
  ${list.length > 0 ? list.join(' AND ') : ''}
341
347
  `
@@ -432,6 +438,7 @@ class PGHelper {
432
438
  })
433
439
  }
434
440
  execute (query) {
441
+ console.log(query)
435
442
  return new Promise((resolve, reject) => {
436
443
  // console.log(query)
437
444
  if (query !== null) {
@@ -3,7 +3,6 @@ const bodyParser = require('body-parser')
3
3
  const cookieParser = require('cookie-parser')
4
4
  const expressSession = require('express-session')
5
5
  const sanitizer = require('perfect-express-sanitizer')
6
-
7
6
  module.exports = function (options) {
8
7
  return new Promise((resolve, reject) => {
9
8
  const unless = function (middleware) {
@@ -47,16 +46,24 @@ module.exports = function (options) {
47
46
  res.header('Access-Control-Allow-Credentials', true)
48
47
  res.header('Access-Control-Allow-Headers', 'Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Content-Type, Authorization, X-Requested-With, Set-Cookie')
49
48
  next()
50
- }
49
+ }
50
+ const checkReferrer = (req, res, next) => {
51
+ if (typeof req.headers.referer === 'undefined') {
52
+ res.status(403)
53
+ res.send('Forbidden')
54
+ return
55
+ }
56
+ next()
57
+ }
51
58
  // IMPLEMENT SESSION LOGIC HERE
52
59
  app.use(allowCrossDomain)
53
- app.use(
54
- sanitizer.clean({
55
- xss: true,
56
- noSql: true,
57
- sql: true
58
- })
59
- )
60
+ // app.use(
61
+ // sanitizer.clean({
62
+ // xss: true,
63
+ // noSql: true,
64
+ // sql: true
65
+ // })
66
+ // )
60
67
  app.get('/health', (req, res) => {
61
68
  res.json('OK')
62
69
  })
@@ -158,24 +165,17 @@ module.exports = function (options) {
158
165
  }
159
166
  }
160
167
  else {
161
- let excludedRoutes = process.env.EXCLUDED_ROUTES.split(',')
162
- console.log('secure routes', secureRoutes)
163
- console.log('excluded routes', excludedRoutes)
164
- console.log('path', req.path)
165
- console.log('index of', excludedRoutes.indexOf(req.path))
168
+ let excludedRoutes = process.env.EXCLUDED_ROUTES.split(',')
166
169
  if (secureRoutes === true) {
167
170
  excludedRoutes.push('/resources', '/scripts', '/styles', '/external', '/templates', '/fonts')
168
171
  }
169
- if (secureRoutes === false && excludedRoutes.indexOf('/' + req.path.split('/')[1]) !== -1) {
170
- console.log('in condition A')
172
+ if (secureRoutes === false && excludedRoutes.indexOf('/' + req.path.split('/')[1]) !== -1) {
171
173
  app.authHelper.isLoggedIn(req, res, next)
172
174
  }
173
- else if (secureRoutes === true && excludedRoutes.indexOf('/' + req.path.split('/')[1]) === -1) {
174
- console.log('in condition B')
175
+ else if (secureRoutes === true && excludedRoutes.indexOf('/' + req.path.split('/')[1]) === -1) {
175
176
  app.authHelper.isLoggedIn(req, res, next)
176
177
  }
177
- else {
178
- console.log('in condition C')
178
+ else {
179
179
  next()
180
180
  }
181
181
  // secureRoutes === false && excludedRoutes.indexOf(req.path) !== -1 && app.authHelper.isLoggedIn(req, res, next)
@@ -188,7 +188,14 @@ module.exports = function (options) {
188
188
  }
189
189
  app.use(protectedRoutes)
190
190
  if (options.useAPI === true) {
191
- app.use('/api', protectedRoutes, require(`./routes/${version}/api`)(dbHelper, app.authHelper))
191
+ console.log('allowed keys', options.allowedKeys)
192
+
193
+ app.use('/api', sanitizer.clean({
194
+ xss: true,
195
+ noSql: true,
196
+ sql: true,
197
+ allowedKeys: options.allowedKeys || []
198
+ }), checkReferrer, protectedRoutes, require(`./routes/${version}/api`)(dbHelper, app.authHelper))
192
199
  }
193
200
  if (options.useShop === true) {
194
201
  app.use('/shop', protectedRoutes, require(`./routes/${version}/shop`)(dbHelper, options.dbEngine, app))
@@ -35,7 +35,8 @@ class APIService {
35
35
  constructor (baseUrl = '', options = {}) {
36
36
  this.baseUrl = baseUrl
37
37
  this.options = Object.assign({}, {
38
- fieldValueSeparator: ':'
38
+ fieldValueSeparator: ':',
39
+ whereValueSeparator: ';'
39
40
  }, options)
40
41
  }
41
42
  add (entity, data, options = {}) {
@@ -49,7 +50,7 @@ class APIService {
49
50
  if (id) {
50
51
  query.push(`id${this.options.fieldValueSeparator}${id}`)
51
52
  }
52
- return `${this.baseUrl}/${entity}${query.length > 0 ? `${entity.indexOf('?') === -1 ? '?' : '&'}where=${query.join(';')}` : ''}`
53
+ return `${this.baseUrl}/${entity}${query.length > 0 ? `${entity.indexOf('?') === -1 ? '?' : '&'}where=${query.join(this.options.whereValueSeparator)}` : ''}`
53
54
  }
54
55
  delete (entity, id) {
55
56
  const url = this.buildUrl(entity, id)
@@ -57,7 +57,8 @@ var APIService = /*#__PURE__*/function () {
57
57
  _classCallCheck(this, APIService);
58
58
  this.baseUrl = baseUrl;
59
59
  this.options = _extends({}, {
60
- fieldValueSeparator: ':'
60
+ fieldValueSeparator: ':',
61
+ whereValueSeparator: ';'
61
62
  }, options);
62
63
  }
63
64
  _createClass(APIService, [{
@@ -76,7 +77,7 @@ var APIService = /*#__PURE__*/function () {
76
77
  if (id) {
77
78
  query.push("id".concat(this.options.fieldValueSeparator).concat(id));
78
79
  }
79
- return "".concat(this.baseUrl, "/").concat(entity).concat(query.length > 0 ? "".concat(entity.indexOf('?') === -1 ? '?' : '&', "where=").concat(query.join(';')) : '');
80
+ return "".concat(this.baseUrl, "/").concat(entity).concat(query.length > 0 ? "".concat(entity.indexOf('?') === -1 ? '?' : '&', "where=").concat(query.join(this.options.whereValueSeparator)) : '');
80
81
  }
81
82
  }, {
82
83
  key: "delete",