npm - sumba - Versions diffs - 2.30.0 → 2.31.0 - Mend

sumba 2.30.0 → 2.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/extend/bajo/hook.js +11 -12
package/extend/dobo/feature/lat-lng.js +6 -1
package/extend/dobo/feature/lat.js +1 -1
package/extend/dobo/feature/lng.js +1 -1
package/extend/dobo/model.json +1 -0
package/extend/waibuDb/schema/team-user.js +2 -2
package/index.js +149 -0
package/lib/get-site.js +1 -3
package/lib/get-user.js +2 -6
package/package.json +1 -1
package/wiki/CHANGES.md +5 -0
package/lib/util.js +0 -162

package/extend/bajo/hook.js CHANGED Viewed

@@ -1,4 +1,3 @@
-import { checkUserId, checkTeam, checkXSite, checkTheme, checkIconset } from '../../lib/util.js'
 import { removeRefs } from '../../lib/remove-site.js'
 import { getAllFixtures, createRefs } from '../../lib/create-new-site.js'
 import path from 'path'
@@ -338,30 +337,30 @@ async function hook () {
     level: 10,
     name: 'waibuMpa:preParsing',
     handler: async function (req, reply) {
-      await checkTheme.call(this, req, reply)
-      await checkIconset.call(this, req, reply)
-      const secure = await checkUserId.call(this, req, reply, 'waibuMpa')
+      await this.checkTheme(req, reply)
+      await this.checkIconset(req, reply)
+      const secure = await this.checkUser(req, reply, 'waibuMpa')
       if (!secure) return
-      await checkTeam.call(this, req, reply)
-      await checkXSite.call(this, req, reply)
+      await this.checkTeam(req, reply)
+      await this.checkXSite(req, reply)
     }
   }, {
     level: 10,
     name: 'waibuRestApi:preParsing',
     handler: async function (req, reply) {
-      const secure = await checkUserId.call(this, req, reply, 'waibuRestApi')
+      const secure = await this.checkUser(req, reply, 'waibuRestApi')
       if (!secure) return
-      await checkTeam.call(this, req, reply)
-      await checkXSite.call(this, req, reply)
+      await this.checkTeam(req, reply)
+      await this.checkXSite(req, reply)
     }
   }, {
     level: 10,
     name: 'waibuStatic:preParsing',
     handler: async function (req, reply) {
-      const secure = await checkUserId.call(this, req, reply, 'waibuStatic')
+      const secure = await this.checkUser(req, reply, 'waibuStatic')
       if (!secure) return
-      await checkTeam.call(this, req, reply)
-      await checkXSite.call(this, req, reply)
+      await this.checkTeam(req, reply)
+      await this.checkXSite(req, reply)
     }
   }, {
     name: 'waibu:afterAppBoot',

package/extend/dobo/feature/lat-lng.js CHANGED Viewed

@@ -1,4 +1,9 @@
-import { latLngHook } from '../../../lib/util.js'
+export async function latLngHook (body, options) {
+  const { isSet } = this.app.lib.aneka
+  const { round } = this.app.lib.aneka
+  if (!isSet(body[options.field])) return
+  body[options.field] = round(body[options.field], options.scale)
+}
 async function latLng (opts = {}) {
   const { merge } = this.app.lib._

package/extend/dobo/feature/lat.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { latLngHook } from '../../../lib/util.js'
+import { latLngHook } from './lat-lng.js'
 async function lat (opts = {}) {
   opts.field = opts.field ?? 'lat'

package/extend/dobo/feature/lng.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { latLngHook } from '../../../lib/util.js'
+import { latLngHook } from './lat-lng.js'
 async function lng (opts = {}) {
   opts.field = opts.field ?? 'lng'

package/extend/dobo/model.json CHANGED Viewed

@@ -125,6 +125,7 @@
     "sumba:siteId",
     "sumba:userId",
     "sumba:teamId",
+    "sumba:status",
     "dobo:immutable"
   ]
 }, {

package/extend/waibuDb/schema/team-user.js CHANGED Viewed

@@ -2,7 +2,7 @@ async function teamUser () {
   return {
     common: {
       layout: [
-        { name: 'meta', fields: ['id', 'createdAt', 'updatedAt'] },
+        { name: 'meta', fields: ['id:3-md', 'createdAt:3-md', 'updatedAt:3-md', 'status:3-md'] },
         { name: 'general', fields: ['userId:6-md', 'teamId:6-md'] }
       ],
       widget: {
@@ -20,7 +20,7 @@ async function teamUser () {
     },
     view: {
       list: {
-        fields: ['userId', 'teamId', 'createdAt', 'updatedAt'],
+        fields: ['userId', 'teamId', 'status', 'createdAt', 'updatedAt'],
         stat: {
           aggregate: [
             { fields: ['userId'], group: 'userId', aggregate: ['count'] },

package/index.js CHANGED Viewed

@@ -682,6 +682,155 @@ async function factory (pkgName) {
       return asValue ? values.map(item => ({ value: item, text: item })) : values
     }
+    pathsToCheck = (req) => {
+      const { uniq, without } = this.app.lib._
+      const items = [req.routeOptions.url, req.url].map(url => url.split('?')[0].split('#')[0])
+      return uniq(without(items, undefined, null))
+    }
+    checkIconset = async (req, reply) => {
+      const { get, isString } = this.app.lib._
+      const mpa = this.app.waibuMpa
+      if (!req.site) return
+      const siteIconset = get(req, 'site.setting.waibuMpa.iconset')
+      req.iconset = siteIconset ?? get(mpa, 'config.iconset.set', 'default')
+      const hiconset = req.headers['x-iconset']
+      if (isString(hiconset) && mpa.getIconset(hiconset)) req.iconset = hiconset
+      req.iconset = req.iconset ?? 'default'
+    }
+    checkTheme = async (req, reply) => {
+      const { get, isString } = this.app.lib._
+      const mpa = this.app.waibuMpa
+      if (!req.site) return
+      const siteTheme = get(req, 'site.setting.waibuMpa.theme')
+      req.theme = siteTheme ?? get(mpa, 'config.theme.set', 'default')
+      const htheme = req.headers['x-theme']
+      if (isString(htheme) && mpa.getTheme(htheme)) req.theme = htheme
+      req.theme = req.theme ?? 'default'
+    }
+    checkTeam = async (req, reply) => {
+      const { includes } = this.app.lib.aneka
+      const { outmatch } = this.app.lib
+      if (req.user.isAdmin) return
+      if (req.routeOptions.config.xSite && req.user.isXSiteAdmin) return
+      const teamIds = req.user.teams.map(item => item.id + '')
+      if (req.user.teams.map(item => item.alias).length === 0) throw this.error('accessDenied', { statusCode: 403 })
+      const paths = this.pathsToCheck(req)
+      const results = (await this.getSecureGuards()).filter(item => {
+        if (item.siteId !== req.site.id + '' || item.path[0] === '!') return false
+        return paths.some(outmatch([item.path]))
+      })
+      for (const result of results) {
+        if (result.allTeams) continue
+        if (!includes(teamIds, result.teamIds)) throw this.error('accessDenied', { statusCode: 403 })
+      }
+      // passed
+    }
+    checkUser = async (req, reply, source) => {
+      const { merge, isEmpty, camelCase, get } = this.app.lib._
+      const { routePath } = this.app.waibu
+      const userId = get(req, 'session.userId')
+      const setUser = async () => {
+        if (!userId) return
+        try {
+          const user = await this.getUserById(userId, req)
+          if (user) req.user = user
+          else req.session.userId = null
+        } catch (err) {
+          console.log(err)
+          req.session.userId = null
+        }
+      }
+      if (req.session) req.session.siteId = req.site.id
+      const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
+      if (!req.routeOptions.url) {
+        if (!req.session) return
+        await setUser()
+        return
+      }
+      const paths = this.pathsToCheck(req)
+      let guards = (await this.getAnonymousGuards()).filter(item => item.siteId === req.site.id + '')
+      const anonymous = this.checkRouteGuard(guards, paths)
+      if (anonymous) {
+        if (!userId) return false
+        req.session.ref = req.url
+        return reply.redirectTo(routePath(this.config.redirect.signout))
+      }
+      guards = (await this.getSecureGuards()).filter(item => item.siteId === req.site.id + '')
+      const secure = this.checkRouteGuard(guards, paths)
+      if (!secure) {
+        if (userId) await setUser()
+        return false // regular, unguarded path. Not secure & not anonymous path
+      }
+      if (userId) {
+        await setUser()
+        return secure
+      }
+      const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
+      const payload = silentOnError ? { noContent: true } : undefined
+      const authMethods = this.config.auth[webApp].methods ?? []
+      if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
+      let success
+      for (const m of authMethods) {
+        const handler = this[camelCase(`verify ${m}`)]
+        if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
+        const check = await handler(req, reply, source, payload)
+        if (check) {
+          success = check
+          break
+        }
+      }
+      if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
+      return secure
+    }
+    checkXSite = async (req, reply) => {
+      const { get } = this.app.lib._
+      if (!this.config.multiSite.enabled) return
+      if (!get(req, 'routeOptions.config.xSite')) return
+      if (!get(req, 'user.isXSiteAdmin')) throw this.error('accessDenied', { statusCode: 403 })
+    }
+    parseNsSettings = (ns, setting, items) => {
+      const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
+      const { parseObject, dayjs } = this.app.lib
+      for (const item of items) {
+        if (item.ns === '_var' || ns === '_var') continue
+        let value = trim([item.value] ?? '')
+        if (value[0] === '#' && value[value.length - 1] === '#') {
+          const val = value.slice(1, -1)
+          const newValue = find(items, { ns: '_var', key: val })
+          if (newValue) value = newValue.value
+        }
+        if (['[', '{'].includes(value[0]) && [']', '}'].includes(value[value.length - 1])) {
+          try {
+            value = parseObject(JSON.parse(value))
+          } catch (err) {}
+        } else if (Number(value)) value = Number(value)
+        else if (['true', 'false'].includes(value)) value = value === 'true'
+        else if (item.key.endsWith('$in')) value = value.split('\n').map(v => v.trim())
+        else {
+          const dt = dayjs(value)
+          if (dt.isValid()) value = dt.toDate()
+        }
+        if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
+        set(setting, `${ns}.${item.key}`, value)
+      }
+    }
     createNewSite = createNewSite
     removeSite = removeSite
     getSite = getSite

package/lib/get-site.js CHANGED Viewed

@@ -1,5 +1,3 @@
-import { parseNsSettings } from './util.js'
 async function getSite (input, byId = false) {
   const { omit } = this.app.lib._
   const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
@@ -21,7 +19,7 @@ async function getSite (input, byId = false) {
       const item = get(this, `app.${ns}.config.siteSetting`)
       if (isSet(item)) defSetting[ns] = item
       const items = filter(all, { ns })
-      parseNsSettings.call(this, ns, nsSetting, items)
+      this.parseNsSettings(ns, nsSetting, items)
     }
     site.setting = defaultsDeep({}, nsSetting, defSetting)
     // additional fields

package/lib/get-user.js CHANGED Viewed

@@ -1,22 +1,18 @@
-import { parseNsSettings } from './util.js'
 export async function mergeTeam (user, req) {
   const { map, pick } = this.app.lib._
   const { getModel } = this.app.dobo
   user.teams = []
-  const query = { userId: user.id, siteId: user.siteId }
+  const query = { userId: user.id, siteId: user.siteId, status: 'ACTIVE' }
   let mdl = getModel('SumbaTeamUser')
   const userTeam = await mdl.findAllRecord({ query })
   if (userTeam.length === 0) return
   delete query.userId
   query.id = { $in: map(userTeam, 'teamId') }
-  query.status = 'ACTIVE'
   mdl = getModel('SumbaTeam')
   const teams = await mdl.findAllRecord({ query })
   if (teams.length > 0) {
     delete query.id
     delete query.status
-    query.siteId = user.siteId
     query.teamId = { $in: teams.map(t => t.id + '') }
     mdl = getModel('SumbaTeamSetting')
     const items = await mdl.findAllRecord({ query })
@@ -25,7 +21,7 @@ export async function mergeTeam (user, req) {
       const item = pick(team, ['id', 'alias'])
       item.setting = {}
       for (const ns of names) {
-        parseNsSettings.call(this, ns, item.setting, items.filter(s => s.teamId === (team.id + '')))
+        this.parseNsSettings(ns, item.setting, items.filter(s => s.teamId === (team.id + '')))
       }
       user.teams.push(item)
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.30.0",
+  "version": "2.31.0",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md CHANGED Viewed

@@ -1,5 +1,10 @@
 # Changes
+## 2026-06-11
+- [2.31.0] Add ```status``` field on ```SumbaTeamUser```
+- [2.31.0] Remove ```util.js``` as all functions now moved to base class
 ## 2026-06-10
 - [2.30.0] Refactoring all guards

package/lib/util.js DELETED Viewed

@@ -1,162 +0,0 @@
-export function parseNsSettings (ns, setting, items) {
-  const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
-  const { parseObject, dayjs } = this.app.lib
-  for (const item of items) {
-    if (item.ns === '_var' || ns === '_var') continue
-    let value = trim([item.value] ?? '')
-    if (value[0] === '#' && value[value.length - 1] === '#') {
-      const val = value.slice(1, -1)
-      const newValue = find(items, { ns: '_var', key: val })
-      if (newValue) value = newValue.value
-    }
-    if (['[', '{'].includes(value[0]) && [']', '}'].includes(value[value.length - 1])) {
-      try {
-        value = parseObject(JSON.parse(value))
-      } catch (err) {}
-    } else if (Number(value)) value = Number(value)
-    else if (['true', 'false'].includes(value)) value = value === 'true'
-    else if (item.key.endsWith('$in')) value = value.split('\n').map(v => v.trim())
-    else {
-      const dt = dayjs(value)
-      if (dt.isValid()) value = dt.toDate()
-    }
-    if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
-    set(setting, `${ns}.${item.key}`, value)
-  }
-}
-export function pathsToCheck (req) {
-  const { uniq, without } = this.app.lib._
-  const items = [req.routeOptions.url, req.url].map(url => url.split('?')[0].split('#')[0])
-  return uniq(without(items, undefined, null))
-}
-export async function checkIconset (req, reply) {
-  const { get, isString } = this.app.lib._
-  const mpa = this.app.waibuMpa
-  if (!req.site) return
-  const siteIconset = get(req, 'site.setting.waibuMpa.iconset')
-  req.iconset = siteIconset ?? get(mpa, 'config.iconset.set', 'default')
-  const hiconset = req.headers['x-iconset']
-  if (isString(hiconset) && mpa.getIconset(hiconset)) req.iconset = hiconset
-  req.iconset = req.iconset ?? 'default'
-}
-export async function checkTheme (req, reply) {
-  const { get, isString } = this.app.lib._
-  const mpa = this.app.waibuMpa
-  if (!req.site) return
-  const siteTheme = get(req, 'site.setting.waibuMpa.theme')
-  req.theme = siteTheme ?? get(mpa, 'config.theme.set', 'default')
-  const htheme = req.headers['x-theme']
-  if (isString(htheme) && mpa.getTheme(htheme)) req.theme = htheme
-  req.theme = req.theme ?? 'default'
-}
-export async function checkTeam (req, reply) {
-  const { includes } = this.app.lib.aneka
-  const { outmatch } = this.app.lib
-  if (req.user.isAdmin) return
-  if (req.routeOptions.config.xSite && req.user.isXSiteAdmin) return
-  const teamIds = req.user.teams.map(item => item.id + '')
-  if (req.user.teams.map(item => item.alias).length === 0) throw this.error('accessDenied', { statusCode: 403 })
-  const paths = pathsToCheck.call(this, req)
-  const results = (await this.getSecureGuards()).filter(item => {
-    if (item.siteId !== req.site.id + '' || item.path[0] === '!') return false
-    return paths.some(outmatch([item.path]))
-  })
-  for (const result of results) {
-    if (result.allTeams) continue
-    if (!includes(teamIds, result.teamIds)) throw this.error('accessDenied', { statusCode: 403 })
-  }
-  // passed
-}
-export async function checkUserId (req, reply, source) {
-  const { merge, isEmpty, camelCase, get } = this.app.lib._
-  const { routePath } = this.app.waibu
-  const userId = get(req, 'session.userId')
-  const setUser = async () => {
-    if (!userId) return
-    try {
-      const user = await this.getUserById(userId, req)
-      if (user) req.user = user
-      else req.session.userId = null
-    } catch (err) {
-      console.log(err)
-      req.session.userId = null
-    }
-  }
-  if (req.session) req.session.siteId = req.site.id
-  const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
-  if (!req.routeOptions.url) {
-    if (!req.session) return
-    await setUser()
-    return
-  }
-  const paths = pathsToCheck.call(this, req)
-  let guards = (await this.getAnonymousGuards()).filter(item => item.siteId === req.site.id + '')
-  const anonymous = this.checkRouteGuard(guards, paths)
-  if (anonymous) {
-    if (!userId) return false
-    req.session.ref = req.url
-    return reply.redirectTo(routePath(this.config.redirect.signout))
-  }
-  guards = (await this.getSecureGuards()).filter(item => item.siteId === req.site.id + '')
-  const secure = this.checkRouteGuard(guards, paths)
-  if (!secure) {
-    if (userId) await setUser()
-    return false // regular, unguarded path. Not secure & not anonymous path
-  }
-  if (userId) {
-    await setUser()
-    return secure
-  }
-  const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
-  const payload = silentOnError ? { noContent: true } : undefined
-  const authMethods = this.config.auth[webApp].methods ?? []
-  if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
-  let success
-  for (const m of authMethods) {
-    const handler = this[camelCase(`verify ${m}`)]
-    if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
-    const check = await handler(req, reply, source, payload)
-    if (check) {
-      success = check
-      break
-    }
-  }
-  if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
-  return secure
-}
-export async function latLngHook (body, options) {
-  const { isSet } = this.app.lib.aneka
-  const { round } = this.app.lib.aneka
-  if (!isSet(body[options.field])) return
-  body[options.field] = round(body[options.field], options.scale)
-}
-/**
- * If current route is an inter site route user is an inter site admin, then let it passed
- *
- * @param {Object} req - Request object
- * @param {Object} reply - Reply object
- * @returns
- */
-export async function checkXSite (req, reply) {
-  const { get } = this.app.lib._
-  if (!this.config.multiSite.enabled) return
-  if (!get(req, 'routeOptions.config.xSite')) return
-  if (!get(req, 'user.isXSiteAdmin')) throw this.error('accessDenied', { statusCode: 403 })
-}