prostgles-server 4.2.346 → 4.2.348

package/lib/TableConfig/tableConfigSchemaUtils.ts

@@ -50,12 +50,11 @@ export const getSchemaUtils = async (prostgles: Pick<Prostgles, "db" | "opts">)
   const MAX_IDENTIFIER_LENGTH = +(
     await db.one<{ max_identifier_length: number }>("SHOW max_identifier_length;")
   ).max_identifier_length;
-
   if (!Number.isFinite(MAX_IDENTIFIER_LENGTH))
     throw `Could not obtain a valid max_identifier_length`;
   const asName = (v: string) => {
-    if (v.length > MAX_IDENTIFIER_LENGTH - 1) {
-      throw `The identifier name provided (${v}) is longer than the allowed limit (max_identifier_length - 1 = ${MAX_IDENTIFIER_LENGTH - 1} characters )\n Longest allowed: ${_asName(v.slice(0, MAX_IDENTIFIER_LENGTH - 1))} `;
+    if (v.length > MAX_IDENTIFIER_LENGTH) {
+      throw `The identifier name provided (${v}) is longer than the allowed limit (max_identifier_length = ${MAX_IDENTIFIER_LENGTH} characters )\n Longest allowed: ${_asName(v.slice(0, MAX_IDENTIFIER_LENGTH))} `;
     }
 
     return _asName(v);

package/lib/WebsocketAPI/getClientSchema.ts

@@ -62,7 +62,7 @@ export async function getClientSchema(
     const methodSchema: ClientSchema["methods"] =
       !methods ?
         []
-      : Object.entries(methods)
+      : Array.from(methods.entries())
           .map(([methodName, method]) => {
             if (isObject(method) && "run" in method) {
               return {

package/lib/WebsocketAPI/onSocketConnected.ts

@@ -1,5 +1,5 @@
-import type { AnyObject} from "prostgles-types";
-import { CHANNELS } from "prostgles-types";
+import type { AnyObject } from "prostgles-types";
+import { CHANNELS, getSerialisableError, isObject } from "prostgles-types";
 import type { Prostgles, TABLE_METHODS } from "../Prostgles";
 import type { PRGLIOSocket } from "../DboBuilder/DboBuilderTypes";
 import { runClientMethod, runClientRequest } from "../runClientRequest";
@@ -151,7 +151,8 @@ export async function onSocketConnected(this: Prostgles, socket: PRGLIOSocket) {
 }
 
 export function makeSocketError(cb: (err: AnyObject) => void, err: any) {
-  cb(getErrorAsObject(err));
+  const serializedError = getSerialisableError(err);
+  cb(isObject(serializedError) ? serializedError : { serializedError });
 }
 
 type SocketRequestParams = {

package/lib/initProstgles.ts

@@ -367,10 +367,6 @@ const getDbConnection = function ({
   pgp.pg.types.setTypeParser(pgp.pg.types.builtins.TIMESTAMPTZ, (v) => v); // timestamp with time zone
   pgp.pg.types.setTypeParser(pgp.pg.types.builtins.DATE, (v) => v); // date
 
-  // if (dbOptions) {
-  //   Object.assign(pgp.pg.defaults, dbOptions);
-  // }
-
   return {
     db: pgp(dbConnection),
     pgp,

package/lib/runClientRequest.ts

@@ -1,8 +1,6 @@
-import type {
-  SQLRequest,
-  TableHandler,
-  UserLike} from "prostgles-types";
+import type { SQLRequest, TableHandler, UserLike } from "prostgles-types";
 import {
+  getJSONBObjectSchemaValidationError,
   getKeys,
   pickKeys,
   type AnyObject,
@@ -13,7 +11,7 @@ import type { TableHandler as TableHandlerServer } from "./DboBuilder/TableHandl
 import { parseFieldFilter } from "./DboBuilder/ViewHandler/parseFieldFilter";
 import { canRunSQL } from "./DboBuilder/runSQL";
 import type { Prostgles } from "./Prostgles";
-import type { ParsedTableRule} from "./PublishParser/publishTypesAndUtils";
+import type { ParsedTableRule } from "./PublishParser/publishTypesAndUtils";
 import { type PermissionScope } from "./PublishParser/publishTypesAndUtils";
 
 const TABLE_METHODS = {
@@ -41,11 +39,11 @@ const SOCKET_ONLY_COMMANDS = [
 ] as const satisfies typeof TABLE_METHODS_KEYS;
 
 type Args = {
-  tableName: string;
-  command: string;
-  param1: any;
-  param2: any;
-  param3: any;
+  tableName: unknown;
+  command: unknown;
+  param1: unknown;
+  param2: unknown;
+  param3: unknown;
 };
 
 type TableMethodFunctionWithRulesAndLocalParams = (
@@ -58,7 +56,7 @@ type TableMethodFunctionWithRulesAndLocalParams = (
 
 export const runClientRequest = async function (
   this: Prostgles,
-  args: Args,
+  nonValidatedArgs: Args,
   clientReq: AuthClientRequest,
   scope: PermissionScope | undefined
 ) {
@@ -67,11 +65,22 @@ export const runClientRequest = async function (
     throw "socket/httpReq or authhandler missing";
   }
 
-  const { tableName, command: nonValidatedCommand, param1, param2, param3 } = args;
-  if (!TABLE_METHODS_KEYS.some((v) => v === nonValidatedCommand)) {
-    throw `Invalid command: ${nonValidatedCommand}. Expecting one of: ${TABLE_METHODS_KEYS.join(", ")};`;
+  const validation = getJSONBObjectSchemaValidationError(
+    {
+      tableName: { type: "string" },
+      command: { enum: TABLE_METHODS_KEYS },
+      param1: { type: "any", optional: true },
+      param2: { type: "any", optional: true },
+      param3: { type: "any", optional: true },
+    },
+    nonValidatedArgs,
+    "tableName"
+  );
+  if (validation.error !== undefined) {
+    throw validation.error;
   }
-  const command = nonValidatedCommand as keyof TableHandler;
+  const { tableName, command, param1, param2, param3 } = validation.data;
+
   if (!clientReq.socket && SOCKET_ONLY_COMMANDS.some((v) => v === command)) {
     throw (
       "The following commands cannot be completed over a non-websocket connection: " +
@@ -79,6 +88,10 @@ export const runClientRequest = async function (
     );
   }
 
+  if (!this.dboBuilder.dboMap.has(tableName)) {
+    throw `tableName ${tableName} is invalid or not allowed`;
+  }
+
   const clientInfo = await this.authHandler?.getSidAndUserFromRequest(clientReq);
   if (clientInfo === "new-session-redirect") {
     throw clientInfo;
@@ -159,7 +172,7 @@ export const clientCanRunSqlRequest = async function (
 
 export const runClientSqlRequest = async function (
   this: Prostgles,
-  reqData: SQLRequest,
+  unvalidatedArgs: SQLRequest,
   clientReq: AuthClientRequest
 ) {
   const { allowed } = await clientCanRunSqlRequest.bind(this)(clientReq);
@@ -167,23 +180,48 @@ export const runClientSqlRequest = async function (
     throw "Not allowed to execute sql";
   }
   if (!this.dbo?.sql) throw "Internal error: sql handler missing";
+  const validation = getJSONBObjectSchemaValidationError(
+    {
+      query: { type: "string" },
+      params: { type: "any", optional: true },
+      options: { type: "any", optional: true },
+    },
+    unvalidatedArgs,
+    "query"
+  );
+  if (validation.error !== undefined) {
+    throw validation.error;
+  }
+  const reqData = validation.data;
   const { query, params, options } = reqData;
   return this.dbo.sql(query, params, options, { clientReq });
 };
 
 type ArgsMethod = {
-  method: string;
+  method: unknown;
   params?: any[];
 };
 export const runClientMethod = async function (
   this: Prostgles,
-  reqArgs: ArgsMethod,
+  unvalidatedArgs: ArgsMethod,
   clientReq: AuthClientRequest
 ) {
+  const validation = getJSONBObjectSchemaValidationError(
+    {
+      method: { type: "string" },
+      params: { type: "any[]", optional: true },
+    },
+    unvalidatedArgs,
+    "method"
+  );
+  if (validation.error !== undefined) {
+    throw validation.error;
+  }
+  const reqArgs = validation.data;
   const { method, params = [] } = reqArgs;
   const methods = await this.publishParser?.getAllowedMethods(clientReq, undefined);
 
-  const methodDef = methods?.[method];
+  const methodDef = methods?.get(method);
   if (!methods || !methodDef) {
     throw "Disallowed/missing method " + JSON.stringify(method);
   }

package/lib/shortestPath.ts

@@ -25,7 +25,7 @@ export const findShortestPath = (
   // establish object for recording distances from the start node
   let distances: AnyObject = {};
   distances[endNode] = "Infinity";
-  distances = Object.assign(distances, graph[startNode]);
+  distances = { ...distances, ...graph[startNode] };
 
   // track paths
   const parents: AnyObject = { endNode: null };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prostgles-server",
-  "version": "4.2.346",
+  "version": "4.2.348",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -57,7 +57,7 @@
     "pg": "^8.15.6",
     "pg-cursor": "^2.14.6",
     "pg-promise": "^11.13.0",
-    "prostgles-types": "^4.0.182"
+    "prostgles-types": "^4.0.183"
   },
   "devDependencies": {
     "@eslint/js": "^9.22.0",