prostgles-server 4.2.159 → 4.2.161

package/lib/DboBuilder/dboBuilderUtils.ts

@@ -0,0 +1,222 @@
+
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Stefan L. All rights reserved.
+ *  Licensed under the MIT License. See LICENSE in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import {
+  AnyObject,
+  PG_COLUMN_UDT_DATA_TYPE,
+  ProstglesError,
+  TS_PG_Types,
+  getKeys,
+  isObject,
+  omitKeys
+} from "prostgles-types";
+import {
+  DB,
+} from "../Prostgles";
+import { pickKeys } from "../PubSubManager/PubSubManager";
+import { LocalParams, SortItem, pgp } from "./DboBuilderTypes";
+import { asNameAlias } from "./QueryBuilder/QueryBuilder";
+import { ViewHandler } from "./ViewHandler/ViewHandler";
+import { getSchemaFilter } from "./getTablesForSchemaPostgresSQL";
+
+import { ProstglesInitOptions } from "../ProstglesTypes";
+import { sqlErrCodeToMsg } from "./sqlErrCodeToMsg";
+import { TableHandler } from "./TableHandler/TableHandler";
+export function escapeTSNames(str: string, capitalize = false): string {
+  let res = str;
+  res = (capitalize ? str[0]?.toUpperCase() : str[0]) + str.slice(1);
+  if (canBeUsedAsIsInTypescript(res)) return res;
+  return JSON.stringify(res);
+}
+
+export const getErrorAsObject = (rawError: any, includeStack = false) => {
+  if(["string", "boolean", "number"].includes(typeof rawError)){
+    return { message: rawError };
+  }
+  if(rawError instanceof Error){
+    const result = JSON.parse(JSON.stringify(rawError, Object.getOwnPropertyNames(rawError)));
+    if(!includeStack){
+      return omitKeys(result, ["stack"]);
+    }
+    return result;
+  }
+  
+  return rawError;
+}
+
+type GetSerializedClientErrorFromPGErrorArgs = {
+  type: "sql";
+} | {
+  type: "tableMethod";
+  localParams: LocalParams | undefined;
+  view: ViewHandler | Partial<TableHandler> | undefined;
+  allowedKeys?: string[];
+  canRunSql?: boolean;
+} | {
+  type: "method";
+  localParams: LocalParams | undefined; 
+  allowedKeys?: string[]; 
+  view?: undefined;
+  canRunSql?: boolean;
+}
+export function getSerializedClientErrorFromPGError(rawError: any, args: GetSerializedClientErrorFromPGErrorArgs): AnyObject {
+  const err = getErrorAsObject(rawError);
+  if(err.code) {
+    err.code_info = sqlErrCodeToMsg(err.code);
+  }
+  if (process.env.PRGL_DEBUG) {
+    console.trace(err)
+  }
+
+  const isServerSideRequest = args.type !== "sql" && !args.localParams;
+  if(args.type === "sql" || isServerSideRequest){
+    return err;
+  }
+  const { view, allowedKeys } = args;
+
+
+  const sensitiveErrorKeys = ["hint", "detail", "context"];
+  const otherKeys = ["column", "code", "code_info", "table", "constraint", "severity", "message", "name"];
+  const finalKeys = otherKeys
+    .concat(allowedKeys ?? [])
+    .concat(args.canRunSql? sensitiveErrorKeys : []);
+
+  const errObject = pickKeys(err, finalKeys);
+  if (view?.dboBuilder?.constraints && errObject.constraint && !errObject.column) {
+    const constraint = view.dboBuilder.constraints
+      .find(c => c.conname === errObject.constraint && c.relname === view.name);
+    if (constraint) {
+      const cols = view.columns?.filter(c =>
+        (!allowedKeys || allowedKeys.includes(c.name)) &&
+        constraint.conkey.includes(c.ordinal_position)
+      );
+      const [firstCol] = cols ?? [];
+      if (firstCol) {
+        errObject.column = firstCol.name;
+        errObject.columns = cols?.map(c => c.name);
+      }
+    }
+  }
+  return errObject;
+}
+export function getClientErrorFromPGError(rawError: any, args: GetSerializedClientErrorFromPGErrorArgs) {
+  const errorObj = getSerializedClientErrorFromPGError(rawError, args);
+  return Promise.reject(errorObj);
+}
+
+/**
+ * @deprecated
+ */
+export function parseError(e: any, _caller: string): ProstglesError {
+
+  const errorObject = isObject(e) ? e : undefined;
+  const message = typeof e === "string" ? e : e instanceof Error ? e.message :
+    isObject(errorObject) ? (errorObject.message ?? errorObject.txt ?? JSON.stringify(errorObject) ?? "") : "";
+ 
+  const result: ProstglesError = {
+    ...errorObject,
+    message, 
+  }
+  return result;
+}
+
+export type PGConstraint = {
+  /**
+   * Constraint type
+   */
+  contype:
+  | "u" // Unique
+  | "p" // Primary key 
+  | "c" // Check
+
+  /**
+   * Column ordinal positions
+   */
+  conkey: number[];
+
+  /**
+   * Constraint name
+   */
+  conname: string;
+
+  /**
+   * Table name
+   */
+  relname: string;
+};
+
+export const getConstraints = async (db: DB, schema: ProstglesInitOptions["schema"]): Promise<PGConstraint[]> => {
+  const { sql, schemaNames } = getSchemaFilter(schema);
+  return db.any(`
+    SELECT rel.relname, con.conkey, con.conname, con.contype
+    FROM pg_catalog.pg_constraint con
+        INNER JOIN pg_catalog.pg_class rel
+            ON rel.oid = con.conrelid
+        INNER JOIN pg_catalog.pg_namespace nsp
+            ON nsp.oid = connamespace
+    WHERE nsp.nspname ${sql}
+  `, { schemaNames });
+}
+
+/**
+ * @deprecated
+ * use isObject
+ */
+export function isPlainObject(o: any): o is Record<string, any> {
+  return Object(o) === o && Object.getPrototypeOf(o) === Object.prototype;
+}
+
+export function postgresToTsType(udt_data_type: PG_COLUMN_UDT_DATA_TYPE): keyof typeof TS_PG_Types {
+  return getKeys(TS_PG_Types).find(k => {
+    // @ts-ignore
+    return TS_PG_Types[k].includes(udt_data_type)
+  }) ?? "any";
+}
+
+export const prepareOrderByQuery = (items: SortItem[], tableAlias?: string): string[] => {
+  if (!items.length) return [];
+  return ["ORDER BY " + items.map(d => {
+
+    const orderType = d.asc ? " ASC " : " DESC ";
+    const nullOrder = d.nulls ? ` NULLS ${d.nulls === "first" ? " FIRST " : " LAST "}` : "";
+    if(d.type === "query" && d.nested){
+      return d.fieldQuery;
+    }
+    return `${asNameAlias(d.key, tableAlias)} ${orderType} ${nullOrder}`;
+  }).join(", ")]
+}
+
+export const getCanExecute = async (db: DB) => {
+
+  try {
+    await db.task(t => t.any(`DO $$ BEGIN  EXECUTE 'select 1'; END $$;`));
+    return true;
+  } catch (error) {
+    console.warn(error)
+  }
+
+  return false;
+}
+
+export const withUserRLS = (localParams: LocalParams | undefined, query: string) => {
+
+  const user = localParams?.isRemoteRequest?.user;
+  const queryPrefix = `SET SESSION "prostgles.user" \nTO`
+  let firstQuery = `${queryPrefix} '';`;
+  if (user) {
+    firstQuery = pgp.as.format(`${queryPrefix} \${user};`, { user });
+  }
+
+  return [firstQuery, query].join("\n");
+}
+
+
+function canBeUsedAsIsInTypescript(str: string): boolean {
+  if (!str) return false;
+  const isAlphaNumericOrUnderline = str.match(/^[a-z0-9_]+$/i);
+  const startsWithCharOrUnderscore = str[0]?.match(/^[a-z_]+$/i);
+  return Boolean(isAlphaNumericOrUnderline && startsWithCharOrUnderscore);
+}

package/lib/DboBuilder/getColumns.ts

@@ -0,0 +1,114 @@
+import {
+  AnyObject, PG_COLUMN_UDT_DATA_TYPE,
+  ValidatedColumnInfo, _PG_geometric, isObject
+} from "prostgles-types";
+import { TableRule } from "../PublishParser/PublishParser";
+import { LocalParams, getClientErrorFromPGError, getErrorAsObject, getSerializedClientErrorFromPGError, postgresToTsType } from "./DboBuilder";
+import { TableHandler } from "./TableHandler/TableHandler";
+import { ViewHandler } from "./ViewHandler/ViewHandler";
+
+export const isTableHandler = (v: any): v is TableHandler => "parseUpdateRules" in v;
+
+export async function getColumns(
+  this: ViewHandler,
+  lang?: string,
+  params?: { rule: "update", filter: AnyObject, data: AnyObject },
+  _param3?: undefined,
+  tableRules?: TableRule,
+  localParams?: LocalParams
+): Promise<ValidatedColumnInfo[]> {
+  const start = Date.now();
+  try {
+
+    const p = this.getValidatedRules(tableRules, localParams);
+
+    if (!p.getColumns) throw "Not allowed";
+
+    let dynamicUpdateFields = this.column_names;
+
+    if (params && tableRules && isTableHandler(this)) {
+      if (
+        !isObject(params) || 
+        !isObject(params.filter) || 
+        params.rule !== "update"
+      ) {
+        throw "params must be { rule: 'update', filter: object } but received: " + JSON.stringify(params);
+      }
+
+      if (!tableRules?.update) {
+        dynamicUpdateFields = [];
+      } else {
+        const { filter } = params;
+        const updateRules = await this.parseUpdateRules(filter, undefined, tableRules, localParams);
+        dynamicUpdateFields = updateRules.fields;
+      }
+    }
+
+    const columns = this.columns
+      .filter(c => {
+        const { insert, select, update } = p || {};
+
+        return [
+          ...(insert?.fields || []),
+          ...(select?.fields || []),
+          ...(update?.fields || []),
+        ].includes(c.name)
+      })
+      .map(_c => {
+        const c = { ..._c };
+
+        const label = c.comment || capitalizeFirstLetter(c.name, " ");
+
+        const select = !!c.privileges.SELECT;
+        const insert = !!c.privileges.INSERT;
+        const _delete = !!this.tableOrViewInfo.privileges.delete;
+        let update = !!c.privileges.UPDATE;
+
+        delete (c as any).privileges;
+
+        const prostgles = this.dboBuilder?.prostgles;
+        const fileConfig = prostgles.fileManager?.getColInfo({ colName: c.name, tableName: this.name });
+
+        /** Do not allow updates to file table unless it's to delete fields */
+        if (prostgles.fileManager?.config && prostgles.fileManager.tableName === this.name) {
+          update = false;
+        }
+
+        const nonOrderableUD_Types: PG_COLUMN_UDT_DATA_TYPE[] = [..._PG_geometric, "xml" as any];
+
+        const result: ValidatedColumnInfo = {
+          ...c,
+          label,
+          tsDataType: postgresToTsType(c.udt_name),
+          insert: insert && Boolean(p.insert?.fields?.includes(c.name)) && tableRules?.insert?.forcedData?.[c.name] === undefined && c.is_updatable,
+          select: select && Boolean(p.select?.fields?.includes(c.name)),
+          orderBy: select && Boolean(p.select?.fields && p.select.orderByFields.includes(c.name)) && !nonOrderableUD_Types.includes(c.udt_name),
+          filter: Boolean(p.select?.filterFields?.includes(c.name)),
+          update: update && Boolean(p.update?.fields?.includes(c.name)) && tableRules?.update?.forcedData?.[c.name] === undefined && c.is_updatable && dynamicUpdateFields.includes(c.name),
+          delete: _delete && Boolean(p.delete && p.delete.filterFields && p.delete.filterFields.includes(c.name)),
+          ...(prostgles?.tableConfigurator?.getColInfo({ table: this.name, col: c.name, lang }) || {}),
+          ...(fileConfig && { file: fileConfig })
+        }
+
+        return result;
+      }).filter(c => c.select || c.update || c.delete || c.insert)
+
+    await this._log({ command: "getColumns", localParams, data: { lang, params }, duration: Date.now() - start });
+    return columns;
+
+  } catch (e) {
+    await this._log({ command: "getColumns", localParams, data: { lang, params }, duration: Date.now() - start, error: getErrorAsObject(e) });
+    throw getSerializedClientErrorFromPGError(e, { type: "tableMethod", localParams, view: this });
+  }
+}
+
+
+
+
+function replaceNonAlphaNumeric(string: string, replacement = "_"): string {
+  return string.replace(/[\W_]+/g, replacement);
+}
+function capitalizeFirstLetter(string: string, nonalpha_replacement?: string) : string {
+  const str = replaceNonAlphaNumeric(string, nonalpha_replacement);
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}

package/lib/DboBuilder/getCondition.ts

@@ -0,0 +1,201 @@
+import { pickKeys } from "prostgles-types";
+import { parseFilterItem } from "../Filtering";
+import { TableRule } from "../PublishParser/PublishParser";
+import { ExistsFilterConfig, LocalParams, pgp } from "./DboBuilder";
+import { FUNCTIONS } from "./QueryBuilder/Functions";
+import { SelectItem } from "./QueryBuilder/QueryBuilder";
+import { ViewHandler } from "./ViewHandler/ViewHandler";
+import { getExistsCondition } from "./ViewHandler/getExistsCondition";
+import { getExistsFilters } from "./ViewHandler/getExistsFilters";
+import { parseComplexFilter } from "./ViewHandler/parseComplexFilter";
+
+const FILTER_FUNCS = FUNCTIONS.filter(f => f.canBeUsedForFilter);
+
+/**
+ * parses a single filter
+ * @example
+ *  { fff: 2 } => "fff" = 2
+ *  { fff: { $ilike: 'abc' } } => "fff" ilike 'abc'
+ */
+export async function getCondition(
+  this: ViewHandler, 
+  params: { 
+    filter: any, 
+    select: SelectItem[] | undefined, 
+    allowed_colnames: string[], 
+    tableAlias?: string, 
+    localParams?: LocalParams, 
+    tableRules?: TableRule,
+    isHaving?: boolean,
+  },
+): Promise<{ exists: ExistsFilterConfig[]; condition: string }> {
+  const { filter: rawFilter, select, allowed_colnames, tableAlias, localParams, tableRules, isHaving } = params;
+ 
+  const filter = { ... (rawFilter as any) } as any;
+
+  const existsConfigs = getExistsFilters(filter, this);
+
+  const funcConds: string[] = [];
+  const funcFilter = FILTER_FUNCS.filter(f => f.name in filter);
+
+  funcFilter.map(f => {
+    const funcArgs = filter[f.name];
+    if (!Array.isArray(funcArgs)) {
+      throw `A function filter must contain an array. E.g: { $funcFilterName: ["col1"] } \n but got: ${JSON.stringify(pickKeys(filter, [f.name]))} `;
+    }
+    const fields = this.parseFieldFilter(f.getFields(funcArgs), true, allowed_colnames);
+
+    const dissallowedCols = fields.filter(fname => !allowed_colnames.includes(fname))
+    if (dissallowedCols.length) {
+      throw `Invalid/disallowed columns found in function filter: ${dissallowedCols}`
+    }
+    funcConds.push(f.getQuery({ args: funcArgs, allColumns: this.columns, allowedFields: allowed_colnames, tableAlias }));
+  });
+
+
+  let existsCond = "";
+  if (existsConfigs.length) {
+    existsCond = (await Promise.all(existsConfigs.map(async existsConfig => await getExistsCondition.bind(this)(existsConfig, localParams)))).join(" AND ");
+  }
+
+  /* Computed field queries ($rowhash) */
+  const p = this.getValidatedRules(tableRules, localParams);
+  const computedFields = p.allColumns.filter(c => c.type === "computed");
+  const computedColConditions: string[] = [];
+  Object.keys(filter || {}).map(key => {
+    const compCol = computedFields.find(cf => cf.name === key);
+    if (compCol) {
+      computedColConditions.push(
+        compCol.getQuery({
+          tableAlias,
+          allowedFields: p.select.fields,
+          allColumns: this.columns,
+
+          /* CTID not available in AFTER trigger */
+          // ctidField: this.is_view? undefined : "ctid"
+
+          ctidField: undefined,
+        }) + ` = ${pgp.as.format("$1", [(filter as any)[key]])}`
+      );
+      delete (filter as any)[key];
+    }
+  });
+
+  let allowedSelect: SelectItem[] = [];
+  /* Select aliases take precedence over col names. This is to ensure filters work correctly even on computed cols*/
+  if (select) {
+    /* Allow filtering by selected fields/funcs */
+    allowedSelect = select.filter(s => {
+      if (["function", "computed", "column"].includes(s.type) || isHaving && s.type === "aggregation") {
+        /** Selected computed cols are allowed for filtering without checking. Why not allow all?! */
+        if (s.type !== "column" || allowed_colnames.includes(s.alias)) {
+          return true;
+        }
+      }
+      return false;
+    })
+  }
+
+  /* Add remaining allowed fields */
+  const remainingNonSelectedColumns: SelectItem[] = p.allColumns.filter(c =>
+    allowed_colnames.includes(c.name) &&
+    !allowedSelect.find(s => s.alias === c.name)
+  ).map(f => ({
+    type: f.type,
+    alias: f.name,
+    columnName: f.type === "column"? f.name : undefined as any,
+    getQuery: (tableAlias) => f.getQuery({
+      tableAlias,
+      allColumns: this.columns,
+      allowedFields: allowed_colnames
+    }),
+    selected: false,
+    getFields: () => [f.name],
+    column_udt_type: f.type === "column" ? this.columns.find(c => c.name === f.name)?.udt_name : undefined
+  }))
+  allowedSelect = allowedSelect.concat(
+    remainingNonSelectedColumns
+  );
+  const complexFilters: string[] = [];
+  const complexFilterKey = "$filter";
+  if (complexFilterKey in filter) {
+
+    const complexFilterCondition = parseComplexFilter({
+      filter,
+      complexFilterKey,
+      tableAlias,
+      allowed_colnames,
+      columns: this.columns,
+    });
+    complexFilters.push(complexFilterCondition);
+  }
+
+  /* Parse join filters
+      { $joinFilter: { $ST_DWithin: [table.col, foreignTable.col, distance] } 
+      will make an exists filter
+  */
+
+  const filterKeys = Object.keys(filter)
+    .filter(k => 
+      k !== complexFilterKey && 
+      !funcFilter.find(ek => ek.name === k) && 
+      !computedFields.find(cf => cf.name === k) && 
+      !existsConfigs.find(ek => ek.existType === k)
+    );
+
+  const validFieldNames = allowedSelect.map(s => s.alias);
+  const invalidColumn = filterKeys
+    .find(fName => !validFieldNames.find(c =>
+      c === fName ||
+      (
+        fName.startsWith(c) && (
+          fName.slice(c.length).includes("->") ||
+          fName.slice(c.length).includes(".")
+        )
+      )
+    ));
+
+  if (invalidColumn) {
+    const selItem = select?.find(s => s.alias === invalidColumn);
+    let isComplexFilter = false;
+    if(selItem?.type === "aggregation"){
+      if(!params.isHaving){
+        throw new Error(`Filtering by ${invalidColumn} is not allowed. Aggregations cannot be filtered. Use HAVING clause instead.`);
+      } else {
+        isComplexFilter = true;
+      }
+    }
+
+    if(!isComplexFilter){
+      const allowedCols = allowedSelect.map(s => s.type === "column" ? s.getQuery() : s.alias).join(", ");
+      const errMessage = `Table: ${this.name} -> disallowed/inexistent columns in filter: ${invalidColumn} \n  Expecting one of: ${allowedCols}`;
+      throw errMessage;
+    }
+  }
+
+  /* TODO: Allow filter funcs */
+  // see isComplexFilter above where they are allowed
+  // const singleFuncs = FUNCTIONS.filter(f => f.singleColArg);
+
+  const f = pickKeys(filter, filterKeys);
+  const q = parseFilterItem({
+    filter: f,
+    tableAlias,
+    select: allowedSelect,
+    allowedColumnNames: !tableRules? this.column_names.slice(0) : this.parseFieldFilter(tableRules.select?.filterFields ?? tableRules.select?.fields),
+  });
+
+  let templates: string[] = [q].filter(q => q);
+
+  if (existsCond) templates.push(existsCond);
+  templates = templates.concat(funcConds);
+  templates = templates.concat(computedColConditions);
+  templates = templates.concat(complexFilters);
+
+  /*  sorted to ensure duplicate subscription channels are not created due to different condition order */
+  return { 
+    exists: existsConfigs, 
+    condition: templates.sort().join(" AND \n") 
+  };
+
+}