lupine.api 1.1.58 → 1.1.59

package/src/admin-api/admin-auth.ts

@@ -1,146 +1,152 @@
-import { ServerResponse } from 'http';
-import { Logger, ServerRequest, ApiHelper } from 'lupine.api';
-import { CryptoUtils } from '../lib/utils/crypto';
-import { adminApiHelper, DEV_ADMIN_CRYPTO_KEY_NAME, DEV_ADMIN_TYPE, DevAdminSessionProps } from './admin-api-helper';
-import { langHelper } from '../lang';
-
-const logger = new Logger('admin-auth');
-
-export const needDevAdminSession = async (req: ServerRequest, res: ServerResponse) => {
-  const devAdminSession = await adminApiHelper.getDevAdminFromCookie(req, res, true);
-  if (!devAdminSession) {
-    // return true to skip the rest of the middleware
-    const response = {
-      status: 'error',
-      message: langHelper.getLang('shared:permission_denied'),
-    };
-    ApiHelper.sendJson(req, res, response);
-    return true;
-  }
-  return false;
-};
-
-// dev admin, for development only
-export const devAdminAuth = async (req: ServerRequest, res: ServerResponse) => {
-  const cryptoKey = process.env[DEV_ADMIN_CRYPTO_KEY_NAME];
-  if (!cryptoKey) {
-    const msg = langHelper.getLang('shared:name_not_set', {
-      name: 'ENV ' + DEV_ADMIN_CRYPTO_KEY_NAME,
-    });
-    logger.error(msg);
-    const response = {
-      status: 'error',
-      message: msg,
-    };
-    ApiHelper.sendJson(req, res, response);
-    return true;
-  }
-  if (!process.env['DEV_ADMIN_PASS']) {
-    const msg = langHelper.getLang('shared:name_not_set', {
-      name: 'ENV DEV_ADMIN_PASS',
-    });
-    logger.error(msg);
-    const response = {
-      status: 'error',
-      message: msg,
-    };
-    ApiHelper.sendJson(req, res, response);
-    return true;
-  }
-
-  // TODO: secure and httpOnly cookies
-  const data = req.locals.json();
-  if (!data || Array.isArray(data) || !data.u || !data.p) {
-    // if session already exists, use session data login
-    const devAdminSession = await adminApiHelper.getDevAdminFromCookie(req, res, false);
-    if (!devAdminSession) {
-      // check is app admin
-      const appAdminHookCheckLogin = adminApiHelper.getAppAdminHookCheckLogin();
-      if (appAdminHookCheckLogin) {
-        if (await appAdminHookCheckLogin(req, res, '', '')) {
-          return true;
-        }
-      }
-
-      const response = {
-        status: 'error',
-        message: 'Please login to use this system.',
-      };
-      ApiHelper.sendJson(req, res, response);
-      return true;
-    }
-    // on set app cookie when login, not every time
-    // // if it's dev admin, then set app admin cookie as well
-    // let addLoginResponse = {};
-    // const appAdminHookSetCookie = adminApiHelper.getAppAdminHookSetCookie();
-    // if (appAdminHookSetCookie) {
-    //   addLoginResponse = await appAdminHookSetCookie(req, res, devAdminSession.u);
-    // }
-    const response = {
-      // ...addLoginResponse,
-      status: 'ok',
-      message: langHelper.getLang('shared:login_success'),
-      devLogin: CryptoUtils.encrypt(JSON.stringify(devAdminSession), cryptoKey),
-    };
-    ApiHelper.sendJson(req, res, response);
-    return true;
-  }
-
-  if (data.u === process.env['DEV_ADMIN_USER'] && data.p === process.env['DEV_ADMIN_PASS']) {
-    logger.info('dev admin logged in');
-    const devSession: DevAdminSessionProps = {
-      u: data.u,
-      t: DEV_ADMIN_TYPE,
-      ip: req.socket.remoteAddress as string,
-      h: CryptoUtils.hash(data.u + ':' + data.p),
-    };
-    const token = JSON.stringify(devSession);
-    const tokenCookie = CryptoUtils.encrypt(token, cryptoKey);
-
-    // if it's dev admin, then set app admin cookie as well
-    let addLoginResponse = {};
-    const appAdminHookSetCookie = adminApiHelper.getAppAdminHookSetCookie();
-    if (appAdminHookSetCookie) {
-      addLoginResponse = await appAdminHookSetCookie(req, res, data.u);
-    }
-
-    const response = {
-      ...addLoginResponse,
-      status: 'ok',
-      message: langHelper.getLang('shared:login_success'),
-      devLogin: tokenCookie,
-    };
-    // req.locals.setCookie('_token', tokenCookie, {
-    //   expireDays: 360,
-    //   path: '/',
-    //   httpOnly: false,
-    //   secure: true,
-    //   sameSite: 'none',
-    // });
-    ApiHelper.sendJson(req, res, response);
-    return true;
-  }
-
-  // check is app admin
-  const appAdminHookCheckLogin = adminApiHelper.getAppAdminHookCheckLogin();
-  if (appAdminHookCheckLogin) {
-    if (await appAdminHookCheckLogin(req, res, data.u as string, data.p as string)) {
-      return true;
-    }
-  }
-
-  logger.info(`dev admin login failed: ${((data.u as string) || '').substring(0, 30)}`);
-  const response = {
-    status: 'error',
-    message: langHelper.getLang('shared:login_failed'),
-  };
-  ApiHelper.sendJson(req, res, response);
-  return true;
-};
-
-export const devAdminLogout = async (req: ServerRequest, res: ServerResponse) => {
-  req.locals.setCookie('_token_dev', '', { expireDays: 360, path: '/', httpOnly: false, secure: true, sameSite: 'none' });
-  await adminApiHelper.getAppAdminHookLogout()?.(req, res);
-  ApiHelper.sendJson(req, res, { status: 'ok', message: langHelper.getLang('shared:process_completed') });
-  return true;
-};
+import { ServerResponse } from 'http';
+import { Logger, ServerRequest, ApiHelper } from 'lupine.api';
+import { CryptoUtils } from '../lib/utils/crypto';
+import { adminApiHelper, DEV_ADMIN_CRYPTO_KEY_NAME, DEV_ADMIN_TYPE, DevAdminSessionProps } from './admin-api-helper';
+import { langHelper } from '../lang';
+
+const logger = new Logger('admin-auth');
+
+export const needDevAdminSession = async (req: ServerRequest, res: ServerResponse) => {
+  const devAdminSession = await adminApiHelper.getDevAdminFromCookie(req, res, true);
+  if (!devAdminSession) {
+    // return true to skip the rest of the middleware
+    const response = {
+      status: 'error',
+      message: langHelper.getLang('shared:permission_denied'),
+    };
+    ApiHelper.sendJson(req, res, response);
+    return true;
+  }
+  return false;
+};
+
+// dev admin, for development only
+export const devAdminAuth = async (req: ServerRequest, res: ServerResponse) => {
+  const cryptoKey = process.env[DEV_ADMIN_CRYPTO_KEY_NAME];
+  if (!cryptoKey) {
+    const msg = langHelper.getLang('shared:name_not_set', {
+      name: 'ENV ' + DEV_ADMIN_CRYPTO_KEY_NAME,
+    });
+    logger.error(msg);
+    const response = {
+      status: 'error',
+      message: msg,
+    };
+    ApiHelper.sendJson(req, res, response);
+    return true;
+  }
+  if (!process.env['DEV_ADMIN_PASS']) {
+    const msg = langHelper.getLang('shared:name_not_set', {
+      name: 'ENV DEV_ADMIN_PASS',
+    });
+    logger.error(msg);
+    const response = {
+      status: 'error',
+      message: msg,
+    };
+    ApiHelper.sendJson(req, res, response);
+    return true;
+  }
+
+  // TODO: secure and httpOnly cookies
+  const data = req.locals.json();
+  if (!data || Array.isArray(data) || !data.u || !data.p) {
+    // if session already exists, use session data login
+    const devAdminSession = await adminApiHelper.getDevAdminFromCookie(req, res, false);
+    if (!devAdminSession) {
+      // check is app admin
+      const appAdminHookCheckLogin = adminApiHelper.getAppAdminHookCheckLogin();
+      if (appAdminHookCheckLogin) {
+        if (await appAdminHookCheckLogin(req, res, '', '')) {
+          return true;
+        }
+      }
+
+      const response = {
+        status: 'error',
+        message: 'Please login to use this system.',
+      };
+      ApiHelper.sendJson(req, res, response);
+      return true;
+    }
+    // on set app cookie when login, not every time
+    // // if it's dev admin, then set app admin cookie as well
+    // let addLoginResponse = {};
+    // const appAdminHookSetCookie = adminApiHelper.getAppAdminHookSetCookie();
+    // if (appAdminHookSetCookie) {
+    //   addLoginResponse = await appAdminHookSetCookie(req, res, devAdminSession.u);
+    // }
+    const response = {
+      // ...addLoginResponse,
+      status: 'ok',
+      message: langHelper.getLang('shared:login_success'),
+      devLogin: CryptoUtils.encrypt(JSON.stringify(devAdminSession), cryptoKey),
+    };
+    ApiHelper.sendJson(req, res, response);
+    return true;
+  }
+
+  if (data.u === process.env['DEV_ADMIN_USER'] && data.p === process.env['DEV_ADMIN_PASS']) {
+    logger.info('dev admin logged in');
+    const devSession: DevAdminSessionProps = {
+      u: data.u,
+      t: DEV_ADMIN_TYPE,
+      ip: req.socket.remoteAddress as string,
+      h: CryptoUtils.hash(data.u + ':' + data.p),
+    };
+    const token = JSON.stringify(devSession);
+    const tokenCookie = CryptoUtils.encrypt(token, cryptoKey);
+
+    // if it's dev admin, then set app admin cookie as well
+    let addLoginResponse = {};
+    const appAdminHookSetCookie = adminApiHelper.getAppAdminHookSetCookie();
+    if (appAdminHookSetCookie) {
+      addLoginResponse = await appAdminHookSetCookie(req, res, data.u);
+    }
+
+    const response = {
+      ...addLoginResponse,
+      status: 'ok',
+      message: langHelper.getLang('shared:login_success'),
+      devLogin: tokenCookie,
+    };
+    // req.locals.setCookie('_token', tokenCookie, {
+    //   expireDays: 360,
+    //   path: '/',
+    //   httpOnly: false,
+    //   secure: true,
+    //   sameSite: 'none',
+    // });
+    ApiHelper.sendJson(req, res, response);
+    return true;
+  }
+
+  // check is app admin
+  const appAdminHookCheckLogin = adminApiHelper.getAppAdminHookCheckLogin();
+  if (appAdminHookCheckLogin) {
+    if (await appAdminHookCheckLogin(req, res, data.u as string, data.p as string)) {
+      return true;
+    }
+  }
+
+  logger.info(`dev admin login failed: ${((data.u as string) || '').substring(0, 30)}`);
+  const response = {
+    status: 'error',
+    message: langHelper.getLang('shared:login_failed'),
+  };
+  ApiHelper.sendJson(req, res, response);
+  return true;
+};
+
+export const devAdminLogout = async (req: ServerRequest, res: ServerResponse) => {
+  req.locals.setCookie('_token_dev', '', {
+    expireDays: 360,
+    path: '/',
+    httpOnly: false,
+    secure: true,
+    sameSite: 'none',
+  });
+  await adminApiHelper.getAppAdminHookLogout()?.(req, res);
+  ApiHelper.sendJson(req, res, { status: 'ok', message: langHelper.getLang('shared:process_completed') });
+  return true;
+};

package/src/admin-api/admin-config.ts

@@ -1,84 +1,94 @@
-import { ServerResponse } from 'http';
-import * as fs from 'fs/promises';
-import { IApiBase, Logger, apiCache, ServerRequest, ApiRouter, ApiHelper, langHelper, FsUtils, appStorage } from 'lupine.api';
-import path from 'path';
-
-export class AdminConfig implements IApiBase {
-  private logger = new Logger('config-api');
-  protected router = new ApiRouter();
-
-  constructor() {
-    this.mountDashboard();
-  }
-
-  public getRouter(): ApiRouter {
-    return this.router;
-  }
-
-  protected mountDashboard() {
-    // called by FE
-    this.router.use('/load', this.load.bind(this));
-    this.router.use('/save', this.save.bind(this));
-  }
-
-  async load(req: ServerRequest, res: ServerResponse) {
-    const appData = apiCache.getAppData();
-    let cfgPath = path.join(appData.dataPath, 'config.json');
-    if (!(await FsUtils.pathExist(cfgPath))) {
-      cfgPath = path.join(appData.dataPath, 'resources', 'config_default.json');
-    }
-    if (!(await FsUtils.pathExist(cfgPath))) {
-      const response = {
-        status: 'error',
-        message: langHelper.getLang('shared:not_found_file', { fileName: 'config.json' }),
-      };
-      ApiHelper.sendJson(req, res, response);
-      return true;
-    }
-
-    let jsonCfg: any;
-    try {
-      jsonCfg = JSON.parse(await fs.readFile(cfgPath, 'utf8'));
-    } catch (e) {
-      const response = {
-        status: 'error',
-        message: langHelper.getLang('shared:not_found_file', { fileName: 'config.json' }),
-      };
-      ApiHelper.sendJson(req, res, response);
-      return true;
-    }
-    const response = {
-      status: 'ok',
-      message: langHelper.getLang('shared:operation_success'),
-      result: jsonCfg,
-    };
-    ApiHelper.sendJson(req, res, response);
-    return true;
-  }
-
-  // called by clients
-  async save(req: ServerRequest, res: ServerResponse) {
-    const data = req.locals.json();
-    if (!data || Array.isArray(data) || !data.json) {
-      const response = {
-        status: 'error',
-        message: langHelper.getLang('shared:wrong_data'),
-      };
-      ApiHelper.sendJson(req, res, response);
-      return true;
-    }
-
-    const appData = apiCache.getAppData();
-    const cfgPath = path.join(appData.dataPath, 'config.json');
-    await fs.writeFile(cfgPath, JSON.stringify(data.json));
-
-    await appStorage.load(appData.appName, appData.dataPath);
-
-    const response = {
-      status: 'ok',
-      message: langHelper.getLang('shared:operation_success'),
-    };
-    ApiHelper.sendJson(req, res, response);
-    return true;
-  }
-}
+import { ServerResponse } from 'http';
+import * as fs from 'fs/promises';
+import {
+  IApiBase,
+  Logger,
+  apiCache,
+  ServerRequest,
+  ApiRouter,
+  ApiHelper,
+  langHelper,
+  FsUtils,
+  appStorage,
+} from 'lupine.api';
+import path from 'path';
+
+export class AdminConfig implements IApiBase {
+  private logger = new Logger('config-api');
+  protected router = new ApiRouter();
+
+  constructor() {
+    this.mountDashboard();
+  }
+
+  public getRouter(): ApiRouter {
+    return this.router;
+  }
+
+  protected mountDashboard() {
+    // called by FE
+    this.router.use('/load', this.load.bind(this));
+    this.router.use('/save', this.save.bind(this));
+  }
+
+  async load(req: ServerRequest, res: ServerResponse) {
+    const appData = apiCache.getAppData();
+    let cfgPath = path.join(appData.dataPath, 'config.json');
+    if (!(await FsUtils.pathExist(cfgPath))) {
+      cfgPath = path.join(appData.dataPath, 'resources', 'config_default.json');
+    }
+    if (!(await FsUtils.pathExist(cfgPath))) {
+      const response = {
+        status: 'error',
+        message: langHelper.getLang('shared:not_found_file', { fileName: 'config.json' }),
+      };
+      ApiHelper.sendJson(req, res, response);
+      return true;
+    }
+
+    let jsonCfg: any;
+    try {
+      jsonCfg = JSON.parse(await fs.readFile(cfgPath, 'utf8'));
+    } catch (e) {
+      const response = {
+        status: 'error',
+        message: langHelper.getLang('shared:not_found_file', { fileName: 'config.json' }),
+      };
+      ApiHelper.sendJson(req, res, response);
+      return true;
+    }
+    const response = {
+      status: 'ok',
+      message: langHelper.getLang('shared:operation_success'),
+      result: jsonCfg,
+    };
+    ApiHelper.sendJson(req, res, response);
+    return true;
+  }
+
+  // called by clients
+  async save(req: ServerRequest, res: ServerResponse) {
+    const data = req.locals.json();
+    if (!data || Array.isArray(data) || !data.json) {
+      const response = {
+        status: 'error',
+        message: langHelper.getLang('shared:wrong_data'),
+      };
+      ApiHelper.sendJson(req, res, response);
+      return true;
+    }
+
+    const appData = apiCache.getAppData();
+    const cfgPath = path.join(appData.dataPath, 'config.json');
+    await fs.writeFile(cfgPath, JSON.stringify(data.json));
+
+    await appStorage.load(appData.appName, appData.dataPath);
+
+    const response = {
+      status: 'ok',
+      message: langHelper.getLang('shared:operation_success'),
+    };
+    ApiHelper.sendJson(req, res, response);
+    return true;
+  }
+}

package/src/admin-api/admin-csv.ts

@@ -1,94 +1,94 @@
-import { ServerResponse } from 'http';
-import { Logger } from 'lupine.api';
-import { Db } from '../lib/db';
-
-const logger = new Logger('admin-csv');
-export const exportCSVData = async (db: Db, tableName: string, res: ServerResponse) => {
-  res.write(`@TABLE,${tableName}\r\n`);
-
-  const result = await db.selectObject(tableName);
-  if (result && result.length > 0) {
-    const fields = Object.keys(result[0]).join(',').toLowerCase();
-    res.write(`@FIELD,${fields}\r\n`);
-    result.forEach((row: any) => {
-      res.write(`${JSON.stringify(Object.values(row))}\r\n`);
-    });
-  } else {
-    res.write('#no data\r\n');
-  }
-};
-
-export const exportCSVHead = (fileName: string, res: ServerResponse) => {
-  res.writeHead(200, {
-    'Content-Type': 'text/csv',
-    // 'Expires': '0',
-    // 'Cache-Control': 'no-cache, no-store, must-revalidate',
-    'Content-Disposition': 'attachment; filename=' + fileName + '.ljcsv',
-    // 'Content-Description': 'File Transfer',
-  });
-};
-
-export const exportCSV = async (db: Db, tableName: string, res: ServerResponse) => {
-  if (tableName) {
-    exportCSVHead(tableName + '-' + new Date().toJSON().replace(/:/g, '-'), res);
-    await exportCSVData(db, tableName, res);
-  } else {
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.write('Need a table name.');
-  }
-  res.end();
-  return true;
-};
-
-export const exportCSVTables = async (db: Db, tables: string[], res: ServerResponse) => {
-  exportCSVHead('all-tables-' + new Date().toJSON().replace(/:/g, '-'), res);
-  for (const i in tables) {
-    await exportCSVData(db, tables[i], res);
-    res.write('\r\n');
-  }
-  res.end();
-  return true;
-};
-
-export const loadCSV = async (db: Db, lines: string[]) => {
-  let table = '';
-  let insSql = '';
-  const result: any = {};
-  let toFields: string[] = [];
-  let toFieldsIndex: number[] = [];
-  for (const i in lines) {
-    if (!lines[i] || lines[i].startsWith('#')) {
-      continue;
-    }
-    if (lines[i].startsWith('@TABLE,')) {
-      table = lines[i].substring(7);
-      result[table] = { succeeded: 0, failed: 0, errorMessage: [] };
-
-      const toTableInfo = await db.getTableInfo(table);
-      toFields = toTableInfo.map((item: any) => item.name);
-    } else if (lines[i].startsWith('@FIELD,')) {
-      const fromFields = lines[i]
-        .substring(7)
-        .split(',')
-        .filter((item: string) => toFields.includes(item));
-      toFieldsIndex = toFields.map((item: string) => fromFields.indexOf(item));
-      const values = Array(fromFields.length).fill('?').join(',');
-      insSql = `INSERT INTO ${table} (${fromFields.join(',')} ) VALUES (${values})`;
-    } else {
-      if (toFields.length === 0 || !insSql) {
-        throw new Error('Invalid CSV format (no @TABLE or @FIELD)');
-      }
-      try {
-        const row = JSON.parse(lines[i]);
-        const values = toFieldsIndex.map((index: number) => row[index]);
-        await db.execute(insSql, values);
-        result[table].succeeded++;
-      } catch (error: any) {
-        result[table].failed++;
-        result[table].errorMessage.push(error.message);
-      }
-    }
-  }
-
-  return result;
-};
+import { ServerResponse } from 'http';
+import { Logger } from 'lupine.api';
+import { Db } from '../lib/db';
+
+const logger = new Logger('admin-csv');
+export const exportCSVData = async (db: Db, tableName: string, res: ServerResponse) => {
+  res.write(`@TABLE,${tableName}\r\n`);
+
+  const result = await db.selectObject(tableName);
+  if (result && result.length > 0) {
+    const fields = Object.keys(result[0]).join(',').toLowerCase();
+    res.write(`@FIELD,${fields}\r\n`);
+    result.forEach((row: any) => {
+      res.write(`${JSON.stringify(Object.values(row))}\r\n`);
+    });
+  } else {
+    res.write('#no data\r\n');
+  }
+};
+
+export const exportCSVHead = (fileName: string, res: ServerResponse) => {
+  res.writeHead(200, {
+    'Content-Type': 'text/csv',
+    // 'Expires': '0',
+    // 'Cache-Control': 'no-cache, no-store, must-revalidate',
+    'Content-Disposition': 'attachment; filename=' + fileName + '.ljcsv',
+    // 'Content-Description': 'File Transfer',
+  });
+};
+
+export const exportCSV = async (db: Db, tableName: string, res: ServerResponse) => {
+  if (tableName) {
+    exportCSVHead(tableName + '-' + new Date().toJSON().replace(/:/g, '-'), res);
+    await exportCSVData(db, tableName, res);
+  } else {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.write('Need a table name.');
+  }
+  res.end();
+  return true;
+};
+
+export const exportCSVTables = async (db: Db, tables: string[], res: ServerResponse) => {
+  exportCSVHead('all-tables-' + new Date().toJSON().replace(/:/g, '-'), res);
+  for (const i in tables) {
+    await exportCSVData(db, tables[i], res);
+    res.write('\r\n');
+  }
+  res.end();
+  return true;
+};
+
+export const loadCSV = async (db: Db, lines: string[]) => {
+  let table = '';
+  let insSql = '';
+  const result: any = {};
+  let toFields: string[] = [];
+  let toFieldsIndex: number[] = [];
+  for (const i in lines) {
+    if (!lines[i] || lines[i].startsWith('#')) {
+      continue;
+    }
+    if (lines[i].startsWith('@TABLE,')) {
+      table = lines[i].substring(7);
+      result[table] = { succeeded: 0, failed: 0, errorMessage: [] };
+
+      const toTableInfo = await db.getTableInfo(table);
+      toFields = toTableInfo.map((item: any) => item.name);
+    } else if (lines[i].startsWith('@FIELD,')) {
+      const fromFields = lines[i]
+        .substring(7)
+        .split(',')
+        .filter((item: string) => toFields.includes(item));
+      toFieldsIndex = toFields.map((item: string) => fromFields.indexOf(item));
+      const values = Array(fromFields.length).fill('?').join(',');
+      insSql = `INSERT INTO ${table} (${fromFields.join(',')} ) VALUES (${values})`;
+    } else {
+      if (toFields.length === 0 || !insSql) {
+        throw new Error('Invalid CSV format (no @TABLE or @FIELD)');
+      }
+      try {
+        const row = JSON.parse(lines[i]);
+        const values = toFieldsIndex.map((index: number) => row[index]);
+        await db.execute(insSql, values);
+        result[table].succeeded++;
+      } catch (error: any) {
+        result[table].failed++;
+        result[table].errorMessage.push(error.message);
+      }
+    }
+  }
+
+  return result;
+};