not-node 6.3.48 → 6.3.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/auth/const.js +8 -0
- package/src/form/form.js +91 -6
- package/src/manifest/manifest.filter.js +1 -1
- package/src/types.js +18 -18
package/package.json
CHANGED
package/src/auth/const.js
CHANGED
|
@@ -19,6 +19,13 @@ const ACTION_SIGNATURES = {
|
|
|
19
19
|
ANY: ACTION_SIGNATURE_ANY,
|
|
20
20
|
};
|
|
21
21
|
|
|
22
|
+
const METHOD_SIGNAURES = {
|
|
23
|
+
GET: ACTION_SIGNATURES.READ,
|
|
24
|
+
PUT: ACTION_SIGNATURES.CREATE,
|
|
25
|
+
POST: ACTION_SIGNATURES.UPDATE,
|
|
26
|
+
DELETE: ACTION_SIGNATURES.DELETE,
|
|
27
|
+
};
|
|
28
|
+
|
|
22
29
|
const OBJECT_STRING = "[object String]";
|
|
23
30
|
|
|
24
31
|
const DOCUMENT_OWNER_FIELD_NAME = "owner";
|
|
@@ -32,4 +39,5 @@ module.exports = {
|
|
|
32
39
|
DEFAULT_USER_ROLE_FOR_ADMIN,
|
|
33
40
|
DOCUMENT_OWNER_FIELD_NAME,
|
|
34
41
|
ACTION_SIGNATURES,
|
|
42
|
+
METHOD_SIGNAURES,
|
|
35
43
|
};
|
package/src/form/form.js
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
|
+
const Schema = require("mongoose").Schema;
|
|
1
2
|
const validator = require("validator");
|
|
2
3
|
const notPath = require("not-path");
|
|
3
4
|
const FormFabric = require("./fabric");
|
|
5
|
+
const Auth = require("../auth");
|
|
4
6
|
const { createSchemaFromFields } = require("../fields");
|
|
5
|
-
|
|
7
|
+
const notFieldsFilter = require("../fields/filter.js");
|
|
8
|
+
const getApp = require("../getApp.js");
|
|
6
9
|
const {
|
|
7
10
|
objHas,
|
|
8
11
|
isFunc,
|
|
@@ -27,6 +30,7 @@ const {
|
|
|
27
30
|
const DEFAULT_EXTRACTORS = require("./extractors");
|
|
28
31
|
const DEFAULT_ID_EXTRACTORS = require("./env_extractors");
|
|
29
32
|
const DEFAULT_TRANSFORMERS = require("./transformers");
|
|
33
|
+
const notAppIdentity = require("../identity/index.js");
|
|
30
34
|
|
|
31
35
|
/**
|
|
32
36
|
* Generic form validation class
|
|
@@ -41,6 +45,7 @@ class Form {
|
|
|
41
45
|
form: [],
|
|
42
46
|
forms: {},
|
|
43
47
|
};
|
|
48
|
+
#MODEL_SCHEMA;
|
|
44
49
|
/**
|
|
45
50
|
* @prop {string} name of form
|
|
46
51
|
**/
|
|
@@ -521,7 +526,7 @@ class Form {
|
|
|
521
526
|
/**
|
|
522
527
|
*
|
|
523
528
|
* @param {import('../types').notNodeExpressRequest} req Express Request
|
|
524
|
-
* @returns {Array<string
|
|
529
|
+
* @returns {Array<string>}
|
|
525
530
|
*/
|
|
526
531
|
extractActionFieldsFromRequest(req) {
|
|
527
532
|
if (
|
|
@@ -539,6 +544,68 @@ class Form {
|
|
|
539
544
|
return [];
|
|
540
545
|
}
|
|
541
546
|
|
|
547
|
+
/**
|
|
548
|
+
*
|
|
549
|
+
* @param {import('../types.js').notActionData} actionData
|
|
550
|
+
* @returns
|
|
551
|
+
*/
|
|
552
|
+
getActionSignature(actionData) {
|
|
553
|
+
if (actionData.actionSignature) {
|
|
554
|
+
return actionData.actionSignature;
|
|
555
|
+
} else if (actionData.method && typeof actionData.method === "string") {
|
|
556
|
+
const METHOD = actionData.method.toUpperCase();
|
|
557
|
+
if (objHas(Auth.METHOD_SIGNAURES, METHOD)) {
|
|
558
|
+
return Auth.METHOD_SIGNAURES[METHOD];
|
|
559
|
+
}
|
|
560
|
+
}
|
|
561
|
+
return Auth.ACTION_SIGNATURES.ANY;
|
|
562
|
+
}
|
|
563
|
+
|
|
564
|
+
/**
|
|
565
|
+
*
|
|
566
|
+
* @param {import('../types.js').notNodeExpressRequest} req
|
|
567
|
+
* @returns {import('../fields/filter.js').FieldsFilteringModificators}
|
|
568
|
+
*/
|
|
569
|
+
extractActionMods(req) {
|
|
570
|
+
const authData = notAppIdentity.extractAuthData(req);
|
|
571
|
+
/**
|
|
572
|
+
* @type {import('../types.js').notRouteData}
|
|
573
|
+
*/
|
|
574
|
+
const routeData = req.notRouteData;
|
|
575
|
+
let action = this.getActionSignature(req.notRouteData.actionData);
|
|
576
|
+
if (
|
|
577
|
+
action === Auth.ACTION_SIGNATURES.ANY &&
|
|
578
|
+
routeData.actionName &&
|
|
579
|
+
routeData.actionName.length
|
|
580
|
+
) {
|
|
581
|
+
action = routeData.actionName;
|
|
582
|
+
}
|
|
583
|
+
return {
|
|
584
|
+
auth: authData.auth,
|
|
585
|
+
roles: authData.role,
|
|
586
|
+
root: authData.root,
|
|
587
|
+
modelName: routeData.modelName,
|
|
588
|
+
action,
|
|
589
|
+
};
|
|
590
|
+
}
|
|
591
|
+
|
|
592
|
+
/**
|
|
593
|
+
*
|
|
594
|
+
* @param {Object} schemaField
|
|
595
|
+
*/
|
|
596
|
+
extractDefaultTransformers(schemaField) {
|
|
597
|
+
if (typeof schemaField === "undefined" || schemaField === null) {
|
|
598
|
+
return [];
|
|
599
|
+
}
|
|
600
|
+
switch (schemaField.type) {
|
|
601
|
+
case String:
|
|
602
|
+
case Schema.Types.String:
|
|
603
|
+
return ["xss"];
|
|
604
|
+
default:
|
|
605
|
+
return [];
|
|
606
|
+
}
|
|
607
|
+
}
|
|
608
|
+
|
|
542
609
|
/**
|
|
543
610
|
*
|
|
544
611
|
* @param {import('../types.js').notNodeExpressRequest} req
|
|
@@ -548,16 +615,34 @@ class Form {
|
|
|
548
615
|
*/
|
|
549
616
|
createInstructionFromRouteActionFields(
|
|
550
617
|
req,
|
|
551
|
-
mainInstruction = ["fromBody"
|
|
618
|
+
mainInstruction = ["fromBody"],
|
|
552
619
|
exceptions = {}
|
|
553
620
|
) {
|
|
554
621
|
const result = {};
|
|
555
622
|
const fields = this.extractActionFieldsFromRequest(req);
|
|
556
|
-
|
|
623
|
+
const schema = getApp().getModelSchema(
|
|
624
|
+
`${this.getModuleName()}//${this.getModelName(req)}`
|
|
625
|
+
);
|
|
626
|
+
const filteredFields = notFieldsFilter.filter(
|
|
627
|
+
fields,
|
|
628
|
+
schema,
|
|
629
|
+
this.extractActionMods(req)
|
|
630
|
+
);
|
|
631
|
+
filteredFields.forEach((fieldName) => {
|
|
557
632
|
if (objHas(exceptions, fieldName)) {
|
|
558
633
|
result[fieldName] = exceptions[fieldName];
|
|
559
634
|
} else {
|
|
560
|
-
|
|
635
|
+
const fieldTransformers = this.extractDefaultTransformers(
|
|
636
|
+
schema[fieldName]
|
|
637
|
+
);
|
|
638
|
+
if (Array.isArray(fieldTransformers)) {
|
|
639
|
+
result[fieldName] = [
|
|
640
|
+
...mainInstruction,
|
|
641
|
+
...fieldTransformers,
|
|
642
|
+
];
|
|
643
|
+
} else {
|
|
644
|
+
result[fieldName] = [...mainInstruction];
|
|
645
|
+
}
|
|
561
646
|
}
|
|
562
647
|
});
|
|
563
648
|
// @ts-ignore
|
|
@@ -574,7 +659,7 @@ class Form {
|
|
|
574
659
|
*/
|
|
575
660
|
extractByInstructionsFromRouteActionFields(
|
|
576
661
|
req,
|
|
577
|
-
mainInstruction = ["fromBody"
|
|
662
|
+
mainInstruction = ["fromBody"],
|
|
578
663
|
exceptions = {},
|
|
579
664
|
additional = {}
|
|
580
665
|
) {
|
|
@@ -194,7 +194,7 @@ module.exports = class notManifestFilter {
|
|
|
194
194
|
* @param {Array<string>} mods.role
|
|
195
195
|
* @param {string} mods.modelName
|
|
196
196
|
* @param {string} mods.moduleName
|
|
197
|
-
* @param {string|undefined}
|
|
197
|
+
* @param {string|undefined} mods.actionSignature create/read/update/delete
|
|
198
198
|
* @return {object} clean action data
|
|
199
199
|
**/
|
|
200
200
|
static clearActionFromRules(
|
package/src/types.js
CHANGED
|
@@ -49,24 +49,24 @@
|
|
|
49
49
|
|
|
50
50
|
/**
|
|
51
51
|
* @typedef {object} notActionData
|
|
52
|
-
* @property {string} [method]
|
|
53
|
-
* @property {string} [actionSignature]
|
|
54
|
-
* @property {string} [postFix]
|
|
55
|
-
* @property {Array<notRouteRule>} rules
|
|
56
|
-
* @property {boolean} [ws]
|
|
57
|
-
* @property {Array<string & Array<string>>} [fields]
|
|
58
|
-
* @property {Array<string>} [return]
|
|
59
|
-
* @property {boolean} [isArray]
|
|
60
|
-
* @property {Array<string>} [data]
|
|
61
|
-
* @property {string} [title]
|
|
62
|
-
*/
|
|
63
|
-
|
|
64
|
-
/**
|
|
65
|
-
* @typedef {Object}
|
|
66
|
-
* @property {string}
|
|
67
|
-
* @property {string}
|
|
68
|
-
* @property {notRouteRule}
|
|
69
|
-
* @property {notActionData}
|
|
52
|
+
* @property {string} [method] HTTP method name GET,PUT,POST,DELETE
|
|
53
|
+
* @property {string} [actionSignature] one of create,read,update,delete,any
|
|
54
|
+
* @property {string} [postFix] uri rule
|
|
55
|
+
* @property {Array<notRouteRule>} rules access rules
|
|
56
|
+
* @property {boolean} [ws] use WS routers for this actions
|
|
57
|
+
* @property {Array<string & Array<string>>} [fields] array of fields names or fields set aliases, used in form generators, validators
|
|
58
|
+
* @property {Array<string>} [return] rule to filter results, used to exclude from response sensetive data
|
|
59
|
+
* @property {boolean} [isArray] obsolete
|
|
60
|
+
* @property {Array<string>} [data] list consisting of sources (pager,sorter,search,record) for request generation on client side
|
|
61
|
+
* @property {string} [title] used in form generators
|
|
62
|
+
*/
|
|
63
|
+
|
|
64
|
+
/**
|
|
65
|
+
* @typedef {Object} notRouteData
|
|
66
|
+
* @property {string} actionName name of action
|
|
67
|
+
* @property {string} modelName first letter should not be not capital
|
|
68
|
+
* @property {notRouteRule} rule current rule
|
|
69
|
+
* @property {notActionData} actionData action details
|
|
70
70
|
*/
|
|
71
71
|
|
|
72
72
|
/**
|