not-node 6.3.0 → 6.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/index.js +2 -0
  2. package/package.json +2 -2
  3. package/src/auth/const.js +17 -0
  4. package/src/auth/fields.js +10 -5
  5. package/src/auth/roles.js +2 -2
  6. package/src/auth/rules.js +49 -13
  7. package/src/bootstrap/logic.js +12 -11
  8. package/src/bootstrap/route.js +1 -1
  9. package/src/common.js +7 -0
  10. package/src/fields/filter.js +326 -0
  11. package/src/fields/index.js +2 -2
  12. package/src/form/env_extractors/activeUser.js +1 -1
  13. package/src/form/env_extractors/activeUserId.js +6 -0
  14. package/src/form/env_extractors/index.js +3 -0
  15. package/src/form/env_extractors/query.js +6 -0
  16. package/src/form/fabric.js +3 -3
  17. package/src/form/form.js +37 -10
  18. package/src/generic/form.authorizedAction.js +6 -8
  19. package/src/generic/form.getByID.js +8 -10
  20. package/src/generic/form.getById.js +8 -9
  21. package/src/generic/form.listAndCount.js +28 -26
  22. package/src/generic/logic.js +31 -85
  23. package/src/identity/index.js +6 -2
  24. package/src/identity/providers/session.js +14 -12
  25. package/src/identity/providers/token.js +14 -7
  26. package/src/init/lib/sessions/index.js +1 -1
  27. package/src/manifest/manifest.filter.js +118 -17
  28. package/src/manifest/manifest.js +8 -2
  29. package/src/manifest/module.js +21 -16
  30. package/src/manifest/registrator/fields.js +8 -1
  31. package/src/manifest/registrator/forms.js +1 -0
  32. package/src/manifest/registrator/locales.js +9 -1
  33. package/src/manifest/registrator/logics.js +2 -2
  34. package/src/manifest/registrator/models.js +2 -2
  35. package/src/manifest/registrator/routes.js +8 -8
  36. package/src/manifest/result.filter.js +3 -2
  37. package/src/manifest/route.js +42 -14
  38. package/src/model/default.js +1 -1
  39. package/src/model/proto.js +1 -1
  40. package/src/obsolete.js +23 -7
  41. package/src/types.js +83 -0
  42. package/test/auth/fields.js +2 -2
  43. package/test/auth/obsolete.js +16 -9
  44. package/test/extractors.js +60 -0
  45. package/test/filter.js +286 -0
  46. package/test/init/sessions.js +14 -2
  47. package/test/notManifestFilter.js +358 -19
  48. package/test/notModule.js +41 -1
  49. package/test/transformers.js +21 -0
  50. package/tmpl/files/module.server/layers/routes.manifest.ejs +9 -0
package/test/init/sessions.js CHANGED
@@ -14,9 +14,9 @@ module.exports = ({ expect }) => {
14
14
  describe("Sessions", () => {
15
15
  describe("getConstructor", () => {
16
16
  describe("getConstructor", () => {
17
- it("driver mongo", () => {
17
+ it("driver mongoose", () => {
18
18
  const res = InitSessions.getConstructor({
19
- driver: "mongo",
19
+ driver: "mongoose",
20
20
  });
21
21
  expect(res.prototype.constructor.name).to.be.equal(
22
22
  "InitSessionsMongo"
@@ -81,6 +81,18 @@ module.exports = ({ expect }) => {
81
81
  expect(e).to.be.instanceof(Error);
82
82
  }
83
83
  });
84
+
85
+ it("no config", async () => {
86
+ const fEmit = createFakeEmit();
87
+ const config = {
88
+ get() {
89
+ return undefined;
90
+ },
91
+ };
92
+ await new InitSessions().run({
93
+ config,
94
+ });
95
+ });
84
96
  });
85
97
 
86
98
  after(() => {
package/test/notManifestFilter.js CHANGED
@@ -1,3 +1,10 @@
1
+ const { notFieldsFilter } = require("..");
2
+ const {
3
+ DEFAULT_USER_ROLE_FOR_GUEST,
4
+ ACTION_SIGNATURES,
5
+ } = require("../src/auth");
6
+
7
+ const Schema = require("mongoose").Schema;
1
8
  const expect = require("chai").expect,
2
9
  notManifestFilter = require("../src/manifest/manifest.filter");
3
10
 
@@ -163,7 +170,7 @@ describe("notManifestFilter", function () {
163
170
  const result = notManifestFilter.filterRoute(
164
171
  route,
165
172
  false,
166
- "user",
173
+ ["user"],
167
174
  false
168
175
  );
169
176
  expect(result).to.deep.equal({
@@ -179,7 +186,7 @@ describe("notManifestFilter", function () {
179
186
  const result = notManifestFilter.filterRoute(
180
187
  route,
181
188
  false,
182
- "user",
189
+ ["user"],
183
190
  true
184
191
  );
185
192
  expect(result).to.deep.equal({
@@ -198,7 +205,7 @@ describe("notManifestFilter", function () {
198
205
  const result = notManifestFilter.filterRoute(
199
206
  route,
200
207
  true,
201
- "user",
208
+ ["user"],
202
209
  false
203
210
  );
204
211
  expect(result).to.deep.equal({
@@ -214,7 +221,7 @@ describe("notManifestFilter", function () {
214
221
  const result = notManifestFilter.filterRoute(
215
222
  route,
216
223
  true,
217
- "manager",
224
+ ["manager"],
218
225
  false
219
226
  );
220
227
  expect(result).to.deep.equal({
@@ -347,20 +354,16 @@ describe("notManifestFilter", function () {
347
354
  manAfterFilter = notManifestFilter.filter(
348
355
  man,
349
356
  false,
357
+ [],
350
358
  false,
351
- false
359
+ ""
352
360
  );
353
361
  expect(manAfterFilter).to.deep.equal(filtered.guest);
354
362
  });
355
363
 
356
364
  it("Auth manifest", function () {
357
365
  let man = rawRoutesManifest,
358
- manAfterFilter = notManifestFilter.filter(
359
- man,
360
- true,
361
- false,
362
- false
363
- );
366
+ manAfterFilter = notManifestFilter.filter(man, true, [], false);
364
367
  expect(manAfterFilter).to.deep.equal(filtered.user);
365
368
  });
366
369
 
@@ -369,7 +372,7 @@ describe("notManifestFilter", function () {
369
372
  manAfterFilter = notManifestFilter.filter(
370
373
  man,
371
374
  true,
372
- "manager",
375
+ ["manager"],
373
376
  false
374
377
  );
375
378
  expect(manAfterFilter).to.deep.equal(filtered.manager);
@@ -380,7 +383,7 @@ describe("notManifestFilter", function () {
380
383
  manAfterFilter = notManifestFilter.filter(
381
384
  man,
382
385
  false,
383
- "notActivated",
386
+ ["notActivated"],
384
387
  false
385
388
  );
386
389
  expect(manAfterFilter).to.deep.equal(filtered.notActivated);
@@ -388,13 +391,349 @@ describe("notManifestFilter", function () {
388
391
 
389
392
  it("Admin manifest", function () {
390
393
  let man = rawRoutesManifest,
391
- manAfterFilter = notManifestFilter.filter(
392
- man,
393
- false,
394
- false,
395
- true
396
- );
394
+ manAfterFilter = notManifestFilter.filter(man, false, [], true);
397
395
  expect(manAfterFilter).to.deep.equal(filtered.admin);
398
396
  });
399
397
  });
398
+
399
+ describe("Filter fields with schema and actionSignature", () => {
400
+ const SCHEMA = () => {
401
+ return {
402
+ role: {
403
+ type: [String],
404
+ required: true,
405
+ searchable: true,
406
+ default: ["user"],
407
+ validate: [],
408
+ safe: {
409
+ create: ["@system"],
410
+ update: ["root", "admin"],
411
+ read: ["@owner", "root", "admin"],
412
+ },
413
+ },
414
+ name: {
415
+ type: String,
416
+ safe: {
417
+ create: ["@system"],
418
+ update: ["@system", "@owner", "root", "admin"],
419
+ read: ["*"],
420
+ },
421
+ },
422
+ salt: {
423
+ type: String,
424
+ required: true,
425
+ },
426
+ telephone: {
427
+ type: String,
428
+ unique: false,
429
+ searchable: true,
430
+ required: false,
431
+ safe: {
432
+ create: ["@system"],
433
+ update: ["@owner", "root", "admin"],
434
+ read: ["@owner", "root", "admin"],
435
+ },
436
+ },
437
+ username: {
438
+ type: String,
439
+ unique: true,
440
+ searchable: true,
441
+ required: true,
442
+ safe: {
443
+ create: ["@system"],
444
+ read: ["*"],
445
+ },
446
+ },
447
+ confirm: {
448
+ type: Schema.Types.Mixed,
449
+ required: false,
450
+ searchable: true,
451
+ safe: {
452
+ create: ["@system"],
453
+ update: ["@system", "root", "admin"],
454
+ },
455
+ },
456
+ code: {
457
+ type: String,
458
+ searchable: true,
459
+ required: true,
460
+ },
461
+ country: {
462
+ type: String,
463
+ required: false,
464
+ searchable: true,
465
+ default: "ru",
466
+ safe: {
467
+ create: ["@system"],
468
+ update: ["@system", "@owner", "root", "admin"],
469
+ read: ["*"],
470
+ },
471
+ },
472
+ email: {
473
+ type: String,
474
+ unique: true,
475
+ searchable: true,
476
+ required: true,
477
+ safe: {
478
+ create: ["@system"],
479
+ update: ["@owner", "root", "admin"],
480
+ read: ["@owner", "root", "admin"],
481
+ },
482
+ },
483
+ };
484
+ };
485
+
486
+ const modelName = "User";
487
+ const moduleName = "User";
488
+
489
+ before(() => {
490
+ notManifestFilter.schemaLoader = SCHEMA;
491
+ });
492
+
493
+ it("filterRouteAction @safe for READ", () => {
494
+ const actionName = "get";
495
+ const actionData = {
496
+ actionSignature: ACTION_SIGNATURES.READ,
497
+ method: "get",
498
+ rules: [
499
+ {
500
+ auth: false,
501
+ fields: ["@safe"],
502
+ },
503
+ ],
504
+ };
505
+ const auth = false;
506
+ const root = false;
507
+ const roles = [DEFAULT_USER_ROLE_FOR_GUEST];
508
+ const routeMan = {
509
+ actions: {},
510
+ };
511
+ const targetResult = {
512
+ actions: {
513
+ get: {
514
+ method: "get",
515
+ fields: ["name", "username", "country"],
516
+ },
517
+ },
518
+ };
519
+ notManifestFilter.filterRouteAction(
520
+ actionName,
521
+ actionData,
522
+ auth,
523
+ roles,
524
+ root,
525
+ routeMan,
526
+ modelName,
527
+ moduleName
528
+ );
529
+ expect(routeMan).to.be.deep.equal(targetResult);
530
+ });
531
+
532
+ it("filterRouteAction @* for READ", () => {
533
+ const actionName = "get";
534
+ const actionData = {
535
+ actionSignature: ACTION_SIGNATURES.READ,
536
+ method: "get",
537
+ rules: [
538
+ {
539
+ auth: false,
540
+ fields: ["@*"],
541
+ },
542
+ ],
543
+ };
544
+ const auth = false;
545
+ const root = false;
546
+ const roles = [DEFAULT_USER_ROLE_FOR_GUEST];
547
+ const routeMan = {
548
+ actions: {},
549
+ };
550
+ const targetResult = {
551
+ actions: {
552
+ get: {
553
+ method: "get",
554
+ fields: [
555
+ "_id",
556
+ "userID",
557
+ "role",
558
+ "name",
559
+ "salt",
560
+ "telephone",
561
+ "username",
562
+ "confirm",
563
+ "code",
564
+ "country",
565
+ "email",
566
+ ],
567
+ },
568
+ },
569
+ };
570
+ notManifestFilter.filterRouteAction(
571
+ actionName,
572
+ actionData,
573
+ auth,
574
+ roles,
575
+ root,
576
+ routeMan,
577
+ modelName,
578
+ moduleName
579
+ );
580
+ expect(routeMan).to.be.deep.equal(targetResult);
581
+ });
582
+
583
+ it("filterRouteAction @*,-@safe for READ", () => {
584
+ const actionName = "get";
585
+ const actionData = {
586
+ actionSignature: ACTION_SIGNATURES.READ,
587
+ method: "get",
588
+ rules: [
589
+ {
590
+ auth: false,
591
+ fields: ["@*", "-@safe"],
592
+ },
593
+ ],
594
+ };
595
+ const auth = false;
596
+ const root = false;
597
+ const roles = [DEFAULT_USER_ROLE_FOR_GUEST];
598
+ const routeMan = {
599
+ actions: {},
600
+ };
601
+ const targetResult = {
602
+ actions: {
603
+ get: {
604
+ method: "get",
605
+ fields: [
606
+ "_id",
607
+ "userID",
608
+ "role",
609
+ "salt",
610
+ "telephone",
611
+ "confirm",
612
+ "code",
613
+ "email",
614
+ ],
615
+ },
616
+ },
617
+ };
618
+ notManifestFilter.filterRouteAction(
619
+ actionName,
620
+ actionData,
621
+ auth,
622
+ roles,
623
+ root,
624
+ routeMan,
625
+ modelName,
626
+ moduleName
627
+ );
628
+ expect(routeMan).to.be.deep.equal(targetResult);
629
+ });
630
+
631
+ it("filterRouteAction @* for UPDATE as guest", () => {
632
+ const actionName = "update";
633
+ const actionData = {
634
+ actionSignature: ACTION_SIGNATURES.UPDATE,
635
+ method: "post",
636
+ rules: [
637
+ {
638
+ role: ["user"],
639
+ fields: ["@*"],
640
+ },
641
+ ],
642
+ };
643
+ const auth = false;
644
+ const root = false;
645
+ const roles = [DEFAULT_USER_ROLE_FOR_GUEST];
646
+ const routeMan = {
647
+ actions: {},
648
+ };
649
+ const targetResult = {
650
+ actions: {},
651
+ };
652
+ notManifestFilter.filterRouteAction(
653
+ actionName,
654
+ actionData,
655
+ auth,
656
+ roles,
657
+ root,
658
+ routeMan,
659
+ modelName,
660
+ moduleName
661
+ );
662
+ expect(routeMan).to.be.deep.equal(targetResult);
663
+ });
664
+
665
+ it("filterRouteAction @safe for CREATE as guest", () => {
666
+ const actionName = "create";
667
+ const actionData = {
668
+ actionSignature: ACTION_SIGNATURES.CREATE,
669
+ method: "put",
670
+ rules: [
671
+ {
672
+ role: ["user"],
673
+ fields: ["@safe"],
674
+ },
675
+ ],
676
+ };
677
+ const auth = false;
678
+ const root = false;
679
+ const roles = [DEFAULT_USER_ROLE_FOR_GUEST];
680
+ const routeMan = {
681
+ actions: {},
682
+ };
683
+ const targetResult = {
684
+ actions: {},
685
+ };
686
+ notManifestFilter.filterRouteAction(
687
+ actionName,
688
+ actionData,
689
+ auth,
690
+ roles,
691
+ root,
692
+ routeMan,
693
+ modelName,
694
+ moduleName
695
+ );
696
+ expect(routeMan).to.be.deep.equal(targetResult);
697
+ });
698
+
699
+ it("filterRouteAction @listFields for READ", () => {
700
+ const actionName = "list";
701
+ notFieldsFilter.addSet("listFields", ["@ID", "@safe"]);
702
+ const actionData = {
703
+ actionSignature: ACTION_SIGNATURES.READ,
704
+ method: "get",
705
+ rules: [
706
+ {
707
+ auth: false,
708
+ fields: ["@listFields"],
709
+ },
710
+ ],
711
+ };
712
+ const auth = false;
713
+ const root = false;
714
+ const roles = [DEFAULT_USER_ROLE_FOR_GUEST];
715
+ const routeMan = {
716
+ actions: {},
717
+ };
718
+ const targetResult = {
719
+ actions: {
720
+ list: {
721
+ method: "get",
722
+ fields: ["userID", "name", "username", "country"],
723
+ },
724
+ },
725
+ };
726
+ notManifestFilter.filterRouteAction(
727
+ actionName,
728
+ actionData,
729
+ auth,
730
+ roles,
731
+ root,
732
+ routeMan,
733
+ modelName,
734
+ moduleName
735
+ );
736
+ expect(routeMan).to.be.deep.equal(targetResult);
737
+ });
738
+ });
400
739
  });
package/test/notModule.js CHANGED
@@ -89,6 +89,46 @@ describe("notModule", function () {
89
89
  });
90
90
  });
91
91
 
92
+ describe("getRouteManifest", () => {
93
+ it("getter", () => {
94
+ const ctx = {
95
+ manifests: {
96
+ some: "fest",
97
+ },
98
+ };
99
+ const res = notModule.prototype.getRouteManifest.call(ctx, "some");
100
+ expect(res).to.be.equal("fest");
101
+ });
102
+ });
103
+
104
+ describe("getRoutesManifests", () => {
105
+ it("getter", () => {
106
+ const ctx = {
107
+ manifests: {
108
+ some: "fest",
109
+ },
110
+ };
111
+ const res = notModule.prototype.getRoutesManifests.call(ctx);
112
+ expect(res).to.be.deep.equal({
113
+ some: "fest",
114
+ });
115
+ });
116
+ });
117
+
118
+ describe("getModels", () => {
119
+ it("getter", () => {
120
+ const ctx = {
121
+ models: {
122
+ some: "fest",
123
+ },
124
+ };
125
+ const res = notModule.prototype.getModels.call(ctx);
126
+ expect(res).to.be.deep.equal({
127
+ some: "fest",
128
+ });
129
+ });
130
+ });
131
+
92
132
  describe("getManifest", function () {
93
133
  it("Get module manifest without params", function (done) {
94
134
  const ctx = {
@@ -101,7 +141,7 @@ describe("notModule", function () {
101
141
  some: "fest",
102
142
  });
103
143
  expect(auth).to.be.false;
104
- expect(role).to.be.equal("guest");
144
+ expect(role).to.be.deep.equal(["guest"]);
105
145
  expect(root).to.be.false;
106
146
  done();
107
147
  },
package/test/transformers.js ADDED
@@ -0,0 +1,21 @@
1
+ const expect = require("chai").expect,
2
+ transformers = require("../src/form/transformers");
3
+
4
+ describe("Form//Transformers", () => {
5
+ it("xss", () => {
6
+ const stringWithAttack = "<IMG SRC=j&#X41vascript:alert('test2')>";
7
+ const cleanString = transformers.xss(stringWithAttack);
8
+ expect(stringWithAttack).to.be.not.equal(cleanString);
9
+ });
10
+
11
+ it("stringToJSON", () => {
12
+ const stringifiedJSON =
13
+ '{"field1": 1, "field2":true, "field3": [1,"string", false]}';
14
+ const json = transformers.stringToJSON(stringifiedJSON);
15
+ expect(json).to.be.deep.equal({
16
+ field1: 1,
17
+ field2: true,
18
+ field3: [1, "string", false],
19
+ });
20
+ });
21
+ });
package/tmpl/files/module.server/layers/routes.manifest.ejs CHANGED
@@ -1,3 +1,4 @@
1
+ const ACTION_SIGNATURES = require('not-node/src/auth/const').ACTION_SIGNATURES;
1
2
  const FIELDS = [
2
3
  ["_id", "not-node//_id"],
3
4
  ["<%- modelName %>ID", "not-node//ID"],
@@ -24,6 +25,7 @@ module.exports = {
24
25
  <% if (Object.hasOwn(actions, 'create')){ %>
25
26
  create: {
26
27
  method: "put",
28
+ actionSignature: ACTION_SIGNATURES.CREATE,
27
29
  title: "<%- ModuleName %>:form_title_create",
28
30
  description: "<%- ModuleName %>:form_description_create",
29
31
  rules: [
@@ -45,6 +47,7 @@ module.exports = {
45
47
  <% if (Object.hasOwn(actions,'get')){ %>
46
48
  get: {
47
49
  method: "get",
50
+ actionSignature: ACTION_SIGNATURES.READ,
48
51
  title: "<%- ModuleName %>:form_title_details",
49
52
  description: "<%- ModuleName %>:form_description_details",
50
53
  rules: [
@@ -79,6 +82,7 @@ module.exports = {
79
82
  <% if (Object.hasOwn(actions,'getRaw')){ %>
80
83
  getRaw: {
81
84
  method: "get",
85
+ actionSignature: ACTION_SIGNATURES.READ,
82
86
  title: "<%- ModuleName %>:form_title_details",
83
87
  description: "<%- ModuleName %>:form_description_details",
84
88
  rules: [
@@ -125,6 +129,7 @@ module.exports = {
125
129
  <% if (Object.hasOwn(actions,'update')){ %>
126
130
  update: {
127
131
  title: "<%- ModuleName %>:form_title_update",
132
+ actionSignature: ACTION_SIGNATURES.UPDATE,
128
133
  description: "<%- ModuleName %>:form_description_update",
129
134
  method: "post",
130
135
  rules: [
@@ -145,6 +150,7 @@ module.exports = {
145
150
  <% } %>
146
151
  <% if (Object.hasOwn(actions,'delete')){ %>
147
152
  delete: {
153
+ actionSignature: ACTION_SIGNATURES.DELETE,
148
154
  title: "<%- ModuleName %>:form_title_delete",
149
155
  description: "<%- ModuleName %>:form_description_delete",
150
156
  method: "delete",
@@ -165,6 +171,7 @@ module.exports = {
165
171
  <% if (Object.hasOwn(actions,'listAndCount')){ %>
166
172
  listAndCount: {
167
173
  method: "get",
174
+ actionSignature: ACTION_SIGNATURES.READ,
168
175
  data: ["pager", "sorter", "filter", "search"],
169
176
  rules: [
170
177
  {
@@ -186,6 +193,7 @@ module.exports = {
186
193
  <% if (Object.hasOwn(actions,'listAll')){ %>
187
194
  listAll: {
188
195
  method: "get",
196
+ actionSignature: ACTION_SIGNATURES.READ,
189
197
  data: ["record", "sorter"],
190
198
  fields: [
191
199
  <%- fields.map((entry) => `"${entry}"`).join(',') %>,
@@ -209,3 +217,4 @@ module.exports = {
209
217
  <% } %>
210
218
  },
211
219
  };
220
+