@websy/websy-designs 1.12.1 → 1.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -79,7 +79,7 @@ class PGHelper {
79
79
  this.pool = pool
80
80
  this.onReadyAuthCallbackFn = null
81
81
  this.onReadyShopCallbackFn = null
82
- this.options = { entityConfig: {}, fieldValueSeparator: ':' }
82
+ this.options = { entityConfig: {}, fieldValueSeparator: ':', whereValueSeparator: ';' }
83
83
  this.updateIgnores = [
84
84
  'id',
85
85
  'create_date'
@@ -294,6 +294,8 @@ class PGHelper {
294
294
  return sql
295
295
  }
296
296
  buildWhere (input, entity) {
297
+ // console.log('building where', input)
298
+
297
299
  if (typeof input === 'undefined' || input.trim() === '') {
298
300
  return '1=1'
299
301
  }
@@ -306,17 +308,19 @@ class PGHelper {
306
308
  }
307
309
  // console.log('where input', input)
308
310
  // console.log('splitter is', this.options.fieldValueSeparator)
309
- let list = input.split(';').map(d => {
310
- let parts = d.split(this.options.fieldValueSeparator)
311
+ // console.log('splitter is', this.options.whereValueSeparator)
312
+ let list = input.split(this.options.whereValueSeparator).map(d => {
313
+ let parts = d.split(this.options.fieldValueSeparator)
314
+ // console.log(parts)
311
315
  if (parts.length === 2) {
312
316
  let partValues = parts[1]
313
317
  partValues = partValues.split('|')
314
- if (partValues.length === 1) {
315
- if (parts[1].indexOf('>') !== -1) {
316
- return `${entity ? entity + '.' : ''}${parts[0]} > '${parts[1].replace('>', '')}'`
318
+ if (partValues.length === 1) {
319
+ if (parts[1].indexOf('_gt') !== -1) {
320
+ return `${entity ? entity + '.' : ''}${parts[0]} > '${parts[1].replace('_gt', '')}'`
317
321
  }
318
- else if (parts[1].indexOf('<') !== -1) {
319
- return `${entity ? entity + '.' : ''}${parts[0]} < '${parts[1].replace('<', '')}'`
322
+ else if (parts[1].indexOf('_lt') !== -1) {
323
+ return `${entity ? entity + '.' : ''}${parts[0]} < '${parts[1].replace('_lt', '')}'`
320
324
  }
321
325
  else if (parts[1].indexOf('%') !== -1) {
322
326
  return `LOWER(${entity ? entity + '.' : ''}${parts[0]}) LIKE '${parts[1]}'`
@@ -335,7 +339,9 @@ class PGHelper {
335
339
  return `${entity ? entity + '.' : ''}${parts[0]} <> '${parts[1]}'`
336
340
  }
337
341
  }
338
- })
342
+ })
343
+ // console.log(list)
344
+
339
345
  return `
340
346
  ${list.length > 0 ? list.join(' AND ') : ''}
341
347
  `
@@ -3,7 +3,6 @@ const bodyParser = require('body-parser')
3
3
  const cookieParser = require('cookie-parser')
4
4
  const expressSession = require('express-session')
5
5
  const sanitizer = require('perfect-express-sanitizer')
6
-
7
6
  module.exports = function (options) {
8
7
  return new Promise((resolve, reject) => {
9
8
  const unless = function (middleware) {
@@ -166,24 +165,17 @@ module.exports = function (options) {
166
165
  }
167
166
  }
168
167
  else {
169
- let excludedRoutes = process.env.EXCLUDED_ROUTES.split(',')
170
- console.log('secure routes', secureRoutes)
171
- console.log('excluded routes', excludedRoutes)
172
- console.log('path', req.path)
173
- console.log('index of', excludedRoutes.indexOf(req.path))
168
+ let excludedRoutes = process.env.EXCLUDED_ROUTES.split(',')
174
169
  if (secureRoutes === true) {
175
170
  excludedRoutes.push('/resources', '/scripts', '/styles', '/external', '/templates', '/fonts')
176
171
  }
177
- if (secureRoutes === false && excludedRoutes.indexOf('/' + req.path.split('/')[1]) !== -1) {
178
- console.log('in condition A')
172
+ if (secureRoutes === false && excludedRoutes.indexOf('/' + req.path.split('/')[1]) !== -1) {
179
173
  app.authHelper.isLoggedIn(req, res, next)
180
174
  }
181
- else if (secureRoutes === true && excludedRoutes.indexOf('/' + req.path.split('/')[1]) === -1) {
182
- console.log('in condition B')
175
+ else if (secureRoutes === true && excludedRoutes.indexOf('/' + req.path.split('/')[1]) === -1) {
183
176
  app.authHelper.isLoggedIn(req, res, next)
184
177
  }
185
- else {
186
- console.log('in condition C')
178
+ else {
187
179
  next()
188
180
  }
189
181
  // secureRoutes === false && excludedRoutes.indexOf(req.path) !== -1 && app.authHelper.isLoggedIn(req, res, next)
@@ -196,10 +188,13 @@ module.exports = function (options) {
196
188
  }
197
189
  app.use(protectedRoutes)
198
190
  if (options.useAPI === true) {
191
+ console.log('allowed keys', options.allowedKeys)
192
+
199
193
  app.use('/api', sanitizer.clean({
200
194
  xss: true,
201
195
  noSql: true,
202
- sql: true
196
+ sql: true,
197
+ allowedKeys: options.allowedKeys || []
203
198
  }), checkReferrer, protectedRoutes, require(`./routes/${version}/api`)(dbHelper, app.authHelper))
204
199
  }
205
200
  if (options.useShop === true) {
@@ -35,7 +35,8 @@ class APIService {
35
35
  constructor (baseUrl = '', options = {}) {
36
36
  this.baseUrl = baseUrl
37
37
  this.options = Object.assign({}, {
38
- fieldValueSeparator: ':'
38
+ fieldValueSeparator: ':',
39
+ whereValueSeparator: ';'
39
40
  }, options)
40
41
  }
41
42
  add (entity, data, options = {}) {
@@ -49,7 +50,7 @@ class APIService {
49
50
  if (id) {
50
51
  query.push(`id${this.options.fieldValueSeparator}${id}`)
51
52
  }
52
- return `${this.baseUrl}/${entity}${query.length > 0 ? `${entity.indexOf('?') === -1 ? '?' : '&'}where=${query.join(';')}` : ''}`
53
+ return `${this.baseUrl}/${entity}${query.length > 0 ? `${entity.indexOf('?') === -1 ? '?' : '&'}where=${query.join(this.options.whereValueSeparator)}` : ''}`
53
54
  }
54
55
  delete (entity, id) {
55
56
  const url = this.buildUrl(entity, id)
@@ -57,7 +57,8 @@ var APIService = /*#__PURE__*/function () {
57
57
  _classCallCheck(this, APIService);
58
58
  this.baseUrl = baseUrl;
59
59
  this.options = _extends({}, {
60
- fieldValueSeparator: ':'
60
+ fieldValueSeparator: ':',
61
+ whereValueSeparator: ';'
61
62
  }, options);
62
63
  }
63
64
  _createClass(APIService, [{
@@ -76,7 +77,7 @@ var APIService = /*#__PURE__*/function () {
76
77
  if (id) {
77
78
  query.push("id".concat(this.options.fieldValueSeparator).concat(id));
78
79
  }
79
- return "".concat(this.baseUrl, "/").concat(entity).concat(query.length > 0 ? "".concat(entity.indexOf('?') === -1 ? '?' : '&', "where=").concat(query.join(';')) : '');
80
+ return "".concat(this.baseUrl, "/").concat(entity).concat(query.length > 0 ? "".concat(entity.indexOf('?') === -1 ? '?' : '&', "where=").concat(query.join(this.options.whereValueSeparator)) : '');
80
81
  }
81
82
  }, {
82
83
  key: "delete",