@websy/websy-designs 1.12.15 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,18 +1,24 @@
1
1
  const express = require('express')
2
2
  const router = express.Router()
3
- // const PG = require('../helpers/dbHelper')
4
- // const dbHelper = new PG()
5
3
 
6
- function APIRoutes (dbHelper, authHelper) {
7
- router.delete('/:entity/:id', (req, res) => {
8
- const sql = `DELETE FROM ${req.params.entity} WHERE ${dbHelper.buildWhereWithId(req.params.entity, req.params.id)}`
9
- dbHelper.execute(sql).then(response => res.json(response), err => res.json(err))
4
+ function APIRoutes (dbHelper, authHelper) {
5
+ router.delete('/:entity/:id', authHelper.checkPermissions.bind(authHelper), (req, res) => {
6
+ const { where, values } = dbHelper.buildWhereWithId(req.params.entity, req.params.id)
7
+ let sql = `DELETE FROM ${req.params.entity} WHERE ${where}`
8
+ if (!dbHelper.options.entityConfig[req.params.entity]) {
9
+ sql = 'SELECT 1=1'
10
+ }
11
+ dbHelper.execute(sql, values).then(response => res.json(response), err => res.json(err))
10
12
  })
11
- router.delete('/:entity', (req, res) => {
12
- const sql = dbHelper.buildDelete(req.params.entity, req.query.where)
13
+ router.delete('/:entity', authHelper.checkPermissions.bind(authHelper), (req, res) => {
14
+ // if (!dbHelper.options.entityConfig[req.params.entity]) {
15
+ // return 'SELECT 1=1'
16
+ // }
17
+ // const { sql, values } = dbHelper.buildDelete(req.params.entity, req.query.where)
18
+ const sql = `SELECT 'Cannot perform bulk delete' as result`
13
19
  dbHelper.execute(sql).then(response => res.json(response), err => res.json(err))
14
20
  })
15
- router.get('/currentuser', (req, res) => {
21
+ router.get('/currentuser', authHelper.checkPermissions.bind(authHelper), (req, res) => {
16
22
  let user = {}
17
23
  if (req.session && req.session.user) {
18
24
  user = req.session.user
@@ -24,28 +30,28 @@ function APIRoutes (dbHelper, authHelper) {
24
30
  }
25
31
  res.json(user)
26
32
  })
27
- router.get('/:entity/:id', (req, res) => {
33
+ router.get('/:entity/:id', authHelper.checkPermissions.bind(authHelper), (req, res) => {
28
34
  let lang = process.env.DEFAULT_LANGUAGE
29
35
  if (req.session && req.session.language && req.query.notranslate !== 'true') {
30
36
  lang = req.session.language
31
37
  }
32
- const sql = dbHelper.buildSelectWithId(req.params.entity, req.params.id, req.query, req.query.columns, lang)
33
- dbHelper.execute(sql).then(response => {
38
+ const { sql, values } = dbHelper.buildSelectWithId(req.params.entity, req.params.id, req.query, req.query.columns, lang)
39
+ dbHelper.execute(sql, values).then(response => {
34
40
  res.json(translate(response))
35
41
  }, err => res.json(err))
36
42
  })
37
- router.get('/:entity', (req, res) => {
43
+ router.get('/:entity', authHelper.checkPermissions.bind(authHelper), (req, res) => {
38
44
  let lang = process.env.DEFAULT_LANGUAGE
39
45
  if (req.session && req.session.language && req.query.notranslate !== 'true') {
40
46
  lang = req.session.language
41
47
  }
42
- // console.log(`lang is ${lang}`)
43
- const sql = dbHelper.buildSelect(req.params.entity, req.query, req.query.columns, lang)
44
- dbHelper.execute(sql).then(response => {
45
- if (process.env.RETURN_COUNTS === true || process.env.RETURN_COUNTS === 'true') {
46
- let countWhere = ''
47
- const countSql = `SELECT COUNT(*) as total FROM ${req.params.entity} WHERE ${dbHelper.buildWhere(req.query.where, req.params.entity)}`
48
- dbHelper.execute(countSql).then(countResponse => {
48
+ const { sql, values } = dbHelper.buildSelect(req.params.entity, req.query, req.query.columns, lang)
49
+
50
+ dbHelper.execute(sql, values).then(response => {
51
+ if (process.env.RETURN_COUNTS === true || process.env.RETURN_COUNTS === 'true') {
52
+ const { where: countWhere, values: countValues } = dbHelper.buildWhere(req.query.where, req.params.entity)
53
+ const countSql = `SELECT COUNT(*) as total FROM ${req.params.entity} WHERE ${countWhere}`
54
+ dbHelper.execute(countSql, countValues).then(countResponse => {
49
55
  response.totalCount = countResponse.rows[0].total
50
56
  res.json(translate(response))
51
57
  })
@@ -55,47 +61,54 @@ function APIRoutes (dbHelper, authHelper) {
55
61
  }
56
62
  }, err => res.json(err))
57
63
  })
58
- router.post('/:entity/upsert', authHelper.checkPermissions, (req, res) => {
64
+ router.post('/:entity/upsert', authHelper.checkPermissions.bind(authHelper), (req, res) => {
59
65
  let user
60
66
  if (req.session && req.session.user) {
61
67
  user = req.session.user
62
68
  }
63
- const sql = dbHelper.buildUpsert(req.params.entity, req.body, user)
64
- console.log('upsert sql')
65
- console.log(sql)
66
- dbHelper.execute(sql).then(response => res.json(response), err => res.json(err))
69
+ if (req.body && req.body.data) {
70
+ const queries = dbHelper.buildUpsert(req.params.entity, req.body.data, user)
71
+ dbHelper.executeUpsert(0, queries, (err) => {
72
+ if (err) {
73
+ res.json(err)
74
+ }
75
+ else {
76
+ res.json(true)
77
+ }
78
+ })
79
+ }
80
+ else {
81
+ res.status(400)
82
+ res.json({ err: 'Malformed body. Missing data prop' })
83
+ }
67
84
  })
68
- router.post('/:entity', authHelper.checkPermissions, (req, res) => {
69
- // const sql = dbHelper.buildInsert(req.params.entity, req.body, req.session.passport.user.id)
70
- // console.log(req.body)
71
- // console.log(req.session)
85
+ router.post('/:entity', authHelper.checkPermissions.bind(authHelper), (req, res) => {
72
86
  let user
73
87
  if (req.session && req.session.user) {
74
88
  user = req.session.user
75
89
  }
76
- const sql = dbHelper.buildInsert(req.params.entity, req.body, user)
77
- // console.log(sql)
78
- dbHelper.execute(sql).then(response => res.json(response), err => {
90
+ const { sql, values } = dbHelper.buildInsert(req.params.entity, req.body, user)
91
+
92
+ dbHelper.execute(sql, values).then(response => res.json(response), err => {
79
93
  res.statusCode = 404
80
94
  res.json({err})
81
95
  })
82
- })
83
- // console.log('defining put endpoint for /:entity/:id')
84
- router.put('/:entity/:id', authHelper.checkPermissions, (req, res) => {
96
+ })
97
+ router.put('/:entity/:id', authHelper.checkPermissions.bind(authHelper), (req, res) => {
85
98
  let user
86
99
  if (req.session && req.session.user) {
87
100
  user = req.session.user
88
101
  }
89
- const sql = dbHelper.buildUpdateWithId(req.params.entity, req.params.id, req.body, user)
90
- dbHelper.execute(sql).then(response => res.json(response), err => res.json(err))
102
+ const { sql, values } = dbHelper.buildUpdateWithId(req.params.entity, req.params.id, req.body, user)
103
+ dbHelper.execute(sql, values).then(response => res.json(response), err => res.json(err))
91
104
  })
92
- router.put('/:entity', authHelper.checkPermissions, (req, res) => {
105
+ router.put('/:entity', authHelper.checkPermissions.bind(authHelper), (req, res) => {
93
106
  let user
94
107
  if (req.session && req.session.user) {
95
108
  user = req.session.user
96
109
  }
97
- const sql = dbHelper.buildUpdate(req.params.entity, req.query.where, req.body, user)
98
- dbHelper.execute(sql).then(response => res.json(response), err => res.json(err))
110
+ const { sql, values } = dbHelper.buildUpdate(req.params.entity, req.query.where, req.body, user)
111
+ dbHelper.execute(sql, values).then(response => res.json(response), err => res.json(err))
99
112
  })
100
113
  return router
101
114
  }
@@ -7,13 +7,11 @@ router.get('/', (req, res) => {
7
7
  // res.setHeader('Content-Disposition', 'attachment')
8
8
  // res.setHeader('filename', `${req.params.name || utils.createIdentity()}.pdf`)
9
9
  res.setHeader('Content-Disposition', `attachment;filename=${utils.createIdentity()}.pdf`)
10
- res.contentType('application/pdf')
11
- console.log(req.session.pdf)
10
+ res.contentType('application/pdf')
12
11
  res.send(req.session.pdf)
13
12
  })
14
13
 
15
- router.post('/', (req, res) => {
16
- console.log('creating pdf in wd')
14
+ router.post('/', (req, res) => {
17
15
  pdfHelper.createPDF(req.body, (err, pdf) => {
18
16
  if (err) {
19
17
  res.status(400)
@@ -21,6 +21,7 @@ module.exports = function (options) {
21
21
  }
22
22
  const app = express()
23
23
  app.set('trust proxy', 1)
24
+ app.set('case sensitive routing', true)
24
25
  process.env.wdRoot = __dirname
25
26
  let version = options.version || 'v1'
26
27
  process.env.WD_VERSION = version
@@ -30,15 +31,12 @@ module.exports = function (options) {
30
31
  app.use(bodyParser.raw({limit: options.maxBodySize || '5mb'}))
31
32
  const AuthHelper = require(`./helpers/${version}/authHelper`)
32
33
  const NoAuthHelper = require(`./helpers/${version}/noAuthHelper`)
33
- const allowCrossDomain = (req, res, next) => {
34
- // console.log(req.url);
35
- // const allowedOrigins = ['https://www.google.com', 'http://localhost:4000', 'https://localhost:4000', 'http://ec2-3-92-185-52.compute-1.amazonaws.com', 'https://ec2-3-92-185-52.compute-1.amazonaws.com']
34
+ const allowCrossDomain = (req, res, next) => {
36
35
  let allowedOrigins = ['*']
37
36
  if (process.env.ALLOWED_ORIGINS) {
38
37
  allowedOrigins = process.env.ALLOWED_ORIGINS.split(',')
39
38
  }
40
- const origin = req.headers.origin
41
- // console.log(allowedOrigins.indexOf(origin))
39
+ const origin = req.headers.origin
42
40
  if (allowedOrigins.indexOf(origin) !== -1 || allowedOrigins[0] === '*') {
43
41
  res.header('Access-Control-Allow-Origin', origin)
44
42
  }
@@ -55,31 +53,10 @@ module.exports = function (options) {
55
53
  }
56
54
  next()
57
55
  }
58
- // IMPLEMENT SESSION LOGIC HERE
59
56
  app.use(allowCrossDomain)
60
- // app.use(
61
- // sanitizer.clean({
62
- // xss: true,
63
- // noSql: true,
64
- // sql: true
65
- // })
66
- // )
67
- app.get('/health', (req, res) => {
68
- res.json('OK')
69
- })
70
- app.get('/environment', (req, res) => {
71
- const env = {}
72
- for (let key in process.env) {
73
- if (key.substring(0, 7) === 'CLIENT_') {
74
- env[key.substring(7)] = process.env[key]
75
- }
76
- }
77
- res.json(env)
78
- })
79
57
  if (options.useRecaptcha === true && process.env.RECAPTCHA_SECRET) {
80
58
  app.use('/google', require(`./routes/${version}/recaptcha`))
81
- }
82
- app.use('/pdf', require(`./routes/${version}/pdf`))
59
+ }
83
60
  if (options.useDB === true) {
84
61
  const dbHelper = require(`./helpers/${version}/${options.dbEngine}Helper`)
85
62
  let dbOptions = options.dbEngine === 'pg' ? options.dbOptions : options.dbOnError || {}
@@ -89,7 +66,7 @@ module.exports = function (options) {
89
66
  app.use(cookieParser(process.env.SESSION_SECRET))
90
67
  let cookieConfig = {
91
68
  maxAge: 7 * 24 * 60 * 60 * 1000,
92
- httpOnly: false,
69
+ httpOnly: process.env.COOKIE_HTTPS === 'true' || process.env.COOKIE_HTTPS === true,
93
70
  domain: process.env.COOKIE_DOMAIN || 'localhost',
94
71
  secure: process.env.COOKIE_SECURE === 'true' || process.env.COOKIE_SECURE === true,
95
72
  sameSite: process.env.COOKIE_SAMESITE || 'none',
@@ -166,8 +143,8 @@ module.exports = function (options) {
166
143
  }
167
144
  else {
168
145
  let excludedRoutes = process.env.EXCLUDED_ROUTES.split(',')
169
- if (secureRoutes === true) {
170
- excludedRoutes.push('/resources', '/scripts', '/styles', '/external', '/templates', '/fonts')
146
+ if (secureRoutes === true) {
147
+ excludedRoutes.push('/login')
171
148
  }
172
149
  if (secureRoutes === false && excludedRoutes.indexOf('/' + req.path.split('/')[1]) !== -1) {
173
150
  app.authHelper.isLoggedIn(req, res, next)
@@ -178,8 +155,6 @@ module.exports = function (options) {
178
155
  else {
179
156
  next()
180
157
  }
181
- // secureRoutes === false && excludedRoutes.indexOf(req.path) !== -1 && app.authHelper.isLoggedIn(req, res, next)
182
- // secureRoutes === true && excludedRoutes.indexOf(req.path) === -1 && app.authHelper.isLoggedIn(req, res, next)
183
158
  }
184
159
  }
185
160
  else {
@@ -187,6 +162,16 @@ module.exports = function (options) {
187
162
  }
188
163
  }
189
164
  app.use(protectedRoutes)
165
+ app.get('/environment', (req, res) => {
166
+ const env = {}
167
+ for (let key in process.env) {
168
+ if (key.substring(0, 7) === 'CLIENT_') {
169
+ env[key.substring(7)] = process.env[key]
170
+ }
171
+ }
172
+ res.json(env)
173
+ })
174
+ app.use('/pdf', require(`./routes/${version}/pdf`))
190
175
  if (options.useAPI === true) {
191
176
  app.use('/api', sanitizer.clean(Object.assign({}, {
192
177
  xss: true,
@@ -194,6 +179,7 @@ module.exports = function (options) {
194
179
  sql: true,
195
180
  noSqlLevel: 2,
196
181
  sqlLevel: 2,
182
+ level: 2,
197
183
  allowedKeys: options.allowedKeys || []
198
184
  }, (dbOptions.sanitizeOptions || {}))), checkReferrer, protectedRoutes, require(`./routes/${version}/api`)(dbHelper, app.authHelper))
199
185
  }
@@ -237,6 +223,16 @@ module.exports = function (options) {
237
223
  next()
238
224
  }
239
225
  }
226
+ app.use(protectedRoutes)
227
+ app.get('/environment', (req, res) => {
228
+ const env = {}
229
+ for (let key in process.env) {
230
+ if (key.substring(0, 7) === 'CLIENT_') {
231
+ env[key.substring(7)] = process.env[key]
232
+ }
233
+ }
234
+ res.json(env)
235
+ })
240
236
  resolve({app})
241
237
  }
242
238
  })
@@ -2836,7 +2836,7 @@ class MultiForm {
2836
2836
  `
2837
2837
  newFormEl.innerHTML = html
2838
2838
  el.appendChild(newFormEl)
2839
- let formOptions = Object.assign({}, this.options, { fields: [...this.options.fields.map(f => Object.assign({}, f))] })
2839
+ let formOptions = Object.assign({}, this.options, { rowIndex: this.forms.length, fields: [...this.options.fields.map(f => Object.assign({}, f, { rowIndex: this.forms.length }))] })
2840
2840
  this.forms.push(new WebsyDesigns.Form(`${this.elementId}_${newId}_form`, formOptions))
2841
2841
  if (addEl) {
2842
2842
  addEl.style.display = this.forms.length < this.options.maxRows ? 'flex' : 'none'
@@ -2924,7 +2924,17 @@ class MultiForm {
2924
2924
  el.innerHTML = html
2925
2925
  this.forms = new Array(this.formData.length)
2926
2926
  this.formData.forEach((d, i) => {
2927
- let formOptions = Object.assign({}, this.options, { fields: [...this.options.fields.map(f => Object.assign({}, f))] })
2927
+ let formOptions = Object.assign({}, this.options, {
2928
+ rowIndex: i,
2929
+ fields: [...this.options.fields.map(f => {
2930
+ const newF = Object.assign({}, f)
2931
+ if (!newF.options) {
2932
+ newF.options = {}
2933
+ }
2934
+ newF.options.rowIndex = i
2935
+ return newF
2936
+ })]
2937
+ })
2928
2938
  let formObject = new WebsyDesigns.Form(`${this.elementId}_${d.formId}_form`, formOptions)
2929
2939
  formObject.data = d
2930
2940
  this.forms[i] = formObject