npm - yaml-admin-api - Versions diffs - 0.0.3 → 0.0.8 - Mend

yaml-admin-api 0.0.3 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +243 -0
package/package.json +11 -1
package/src/common/util.js +58 -0
package/src/crud/entity-api-generator.js +437 -0
package/src/login/auth.js +24 -5
package/src/upload/localUpload.js +44 -0
package/src/upload/s3Upload.js +47 -0
package/src/upload/upload-api-generator.js +248 -0
package/src/yml-admin-api.js +44 -17
package/src/crud/api-generator.js +0 -118

package/README.md ADDED Viewed

@@ -0,0 +1,243 @@
+## yaml-admin-api
+Build an admin API from a single YAML file. The library reads `admin.yml`, connects to MongoDB, and automatically registers login/auth and CRUD routes to your Express app. It also supports file upload (S3/local) and Excel import/export.
+---
+### Install
+```bash
+npm i yaml-admin-api
+```
+Required environment variables
+- `MONGODB_URL`: MongoDB connection string
+- `JWT_SECRET`: JWT signing key
+Placeholders `${MONGODB_URL}` and `${JWT_SECRET}` inside YAML are resolved at runtime from the environment.
+---
+### Quick Start (Express)
+```js
+const express = require('express');
+const bodyParser = require('body-parser');
+const cookieParser = require('cookie-parser');
+const { registerRoutes } = require('yaml-admin-api');
+(async () => {
+  const app = express();
+  app.use(cookieParser());
+  app.use(bodyParser.urlencoded({ extended: true, limit: '30mb' }));
+  app.use(bodyParser.json({ limit: '30mb' }));
+  // Provide admin.yml path or a YAML string
+  await registerRoutes(app, { yamlPath: './admin.yml' });
+  app.listen(6911, () => console.log('API listening on 6911'));
+})();
+```
+Options
+```js
+await registerRoutes(app, {
+  yamlPath: './admin.yml',         // or yamlString: '<yml text>'
+  password: {
+    // Override password hashing for fields with type: password (default: sha512)
+    encrypt: (plain) => require('crypto').createHash('sha512').update(plain).digest('hex')
+  }
+});
+```
+---
+### admin.yml example
+```yaml
+login:
+  jwt-secret: ${JWT_SECRET}
+  id-password:
+    entity: admin
+    id-field: email
+    password-field: pass
+    password-encoding: bcrypt
+    bcrypt-salt: 10
+api-host:
+  uri: http://localhost:6911
+web-host:
+  uri: http://localhost:6900
+database:
+  mongodb:
+    uri: ${MONGODB_URL}
+upload:
+  # For S3
+  # s3:
+  #   access_key_id: ${S3_ACCESS_KEY_ID}
+  #   secret_access_key: ${S3_SECRET_ACCESS_KEY}
+  #   region: ${S3_REGION}
+  #   bucket: ${S3_BUCKET}
+  #   bucket_private: ${S3_BUCKET_PRIVATE}
+  #   base_url: http://localhost:6911/upload
+  #   base_url_private: http://localhost:6911/upload_private
+  # For local
+  local:
+    path: ./upload
+    path_private: ./upload_private
+    base_url: http://localhost:6911
+entity:
+  member:
+    category: 'User'
+    label: 'User'
+    fields:
+      - { name: email, type: string, required: true }
+      - { name: pass,  type: password, required: true }
+      - { name: name,  type: string, required: true }
+```
+Key field rules
+- Default key is `'_id'` (objectId).
+- To use a custom key, mark the field with `key: true`.
+  - `type: integer` + `autogenerate: true` → auto-incrementing ID
+  - `type: string` + `autogenerate: true` → UUID
+Search rules
+- Only fields declared under `entity.<name>.crud.list.search` are searchable in the list API.
+- When `exact: false`, a partial match (regex) is used; integers always compare exactly.
+---
+### Auth and tokens
+- A JWT is issued on successful login.
+- All protected requests must include header `x-access-token: <JWT>` (query `?token=` and cookie are also accepted).
+Login endpoints
+```http
+GET  /member/login?email={email}&pass={pass}
+POST /member/login    { email, pass }
+GET  /member/islogin  // token verification
+GET  /member/logout
+```
+Sample response
+```json
+{ "r": true, "token": "<JWT>", "member": { "id": "...", "email": "...", "name": "..." } }
+```
+---
+### Entity CRUD endpoints
+All endpoints require authentication.
+- List: `GET /<entity>`
+  - Paging: `_start`, `_end`
+  - Sort: `_sort`, `_order` (`ASC`|`DESC`)
+  - Field search: `?field=value` (see `crud.list.search` in the schema)
+  - Total count header: `X-Total-Count`
+- Show: `GET /<entity>/:id`
+- Create: `POST /<entity>`
+  - ID generation follows field definition (`key`, `type`, `autogenerate`).
+  - Response includes `id` (react-admin compatibility).
+- Update: `PUT /<entity>/:id`
+  - Key field is not updated.
+- Delete: `DELETE /<entity>/:id`
+  - Hard delete by default; customizable hook points exist.
+Sensitive fields and media
+- Fields with `type: password` are removed from responses and hashed on save.
+- Fields with `type: image|mp4|file` include preview URLs in the response.
+  - Private files return secure, short-lived URLs.
+---
+### File upload
+Depending on configuration, S3 or local upload APIs are enabled. All upload APIs require authentication.
+Local upload
+```http
+PUT /api/local/media/upload?ext=jpg           // public storage path
+PUT /api/local/media/upload/secure?ext=jpg    // private storage path
+```
+Response: `{ r: true, key }`
+Secure download
+- The server issues temporary URLs like `/local-secure-download?key=...&token=...`.
+- The token is a short-lived (5 min) JWT; clients can use the link directly.
+S3 upload (pre-signed)
+```http
+GET  /api/media/url/put/:ext                // public bucket
+GET  /api/media/url/secure/put/:ext         // private bucket
+POST /api/media/url/secure/init/:ext        // multipart init (private)
+POST /api/media/url/secure/part             // request part URL
+POST /api/media/url/secure/complete         // complete multipart
+POST /api/media/url/secure/abort            // abort multipart
+```
+Response includes `upload_url`, storage `key`, etc.
+Note: S3 usage requires `upload.s3.*` configuration.
+---
+### Excel export / import
+Declare in the schema to enable endpoints:
+```yaml
+entity:
+  member:
+    crud:
+      list:
+        export:
+          fields:
+            - { name: email }
+            - { name: name }
+        import:
+          fields:
+            - { name: email }
+            - { name: name }
+          upsert: true
+```
+Endpoints
+```http
+POST /excel/<entity>/export   // with body { filter }
+POST /excel/<entity>/import   // with body { base64 } (Excel file as Base64)
+```
+Export response
+```json
+{ "r": true, "url": "<secure-download-url>" }
+```
+Import response
+```json
+{ "r": true, "msg": "Import success - <n> rows effected" }
+```
+---
+### Serverless (Lambda) example
+Wrap with `serverless-http` to deploy easily. See `example/api1`.
+```js
+'use strict';
+const serverless = require('serverless-http');
+exports.handler = async (event, context) => {
+  const app = await require('./app');
+  const handler = serverless(app);
+  return await handler(event, context);
+};
+```
+The sample `serverless.yml` uses region `ap-northeast-2` and runtime `nodejs20.x`.
+---
+### FAQ
+- Auth fails: Ensure you send `x-access-token` header. Obtain it from `/member/login`.
+- Need CORS headers: Add an application-level CORS middleware as shown in the example app.
+- Media field has no URL: Response adds preview URLs (`..._preview`). Private files return signed URLs.
+---
+### License
+MIT

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "yaml-admin-api",
-  "version": "0.0.3",
+  "version": "0.0.8",
   "description": "YAML Admin API package",
   "type": "commonjs",
   "main": "src/index.js",
@@ -8,11 +8,21 @@
     "src"
   ],
   "license": "MIT",
+  "scripts": {
+    "publish": "npm publish -w yaml-admin-api --access public"
+  },
   "dependencies": {
+    "@aws-sdk/client-s3": "^3.596.0",
+    "@aws-sdk/client-ses": "^3.855.0",
+    "@aws-sdk/s3-presigned-post": "^3.596.0",
+    "@aws-sdk/s3-request-presigner": "^3.596.0",
     "bcryptjs": "^3.0.2",
     "jsonwebtoken": "^9.0.2",
+    "moment": "^2.30.1",
     "mongodb": "^6.18.0",
     "request": "^2.88.2",
+    "uuid": "^11.1.0",
+    "xlsx": "^0.18.5",
     "yaml": "^2.8.1"
   }
 }

package/src/common/util.js ADDED Viewed

@@ -0,0 +1,58 @@
+const genEntityId = async function(db){
+    let ret = await db.collection('counters').findOneAndUpdate(
+        { _id: 'seq' },
+        {$inc:{seq:1}},
+        {
+            new :true,
+            upsert:true,
+            returnNewDocument:true
+        }
+    );
+    if(!ret?.seq){
+        ret = await db.collection('counters').findOneAndUpdate(
+            { _id: 'seq' },
+            {$inc:{seq:1}},
+            {
+                new :true,
+                upsert:true,
+                returnNewDocument:true
+            }
+        );
+    }
+    return ret.seq
+}
+const genEntityIdWithKey = async function(db, key){
+    let ret = await db.collection('counters').findOneAndUpdate(
+        { _id: key },
+        {$inc:{seq:1}},
+        {
+            new :true,
+            upsert:true,
+            returnNewDocument:true
+        }
+    );
+    if(!ret?.seq){
+        ret = await db.collection('counters').findOneAndUpdate(
+            { _id: key },
+            {$inc:{seq:1}},
+            {
+                new :true,
+                upsert:true,
+                returnNewDocument:true
+            }
+        );
+    }
+    return ret.seq
+}
+module.exports = {
+    genEntityId,
+    genEntityIdWithKey
+};

package/src/crud/entity-api-generator.js ADDED Viewed

@@ -0,0 +1,437 @@
+const { withConfig } = require('../login/auth.js');
+const { genEntityIdWithKey } = require('../common/util.js');
+const { v4: uuidv4 } = require('uuid');
+const { ObjectId } = require('mongodb');
+const crypto = require('crypto');
+const XLSX = require('xlsx');
+const moment = require('moment');
+const { withConfigLocal } = require('../upload/localUpload.js');
+const { withConfigS3 } = require('../upload/s3Upload.js');
+const generateCrud = async ({ app, db, entity_name, yml_entity, yml, options }) => {
+    const auth = withConfig({ db, jwt_secret: yml.login["jwt-secret"] });
+    const api_host = yml["api-host"].uri;
+    let isS3 = yml.upload.s3
+    let host_image = isS3 ? yml.upload.s3.base_url : yml.upload.local.base_url
+    const uploader = yml.upload.s3 ? withConfigS3({
+        access_key_id: yml.upload.s3.access_key_id,
+        secret_access_key: yml.upload.s3.secret_access_key,
+        bucket: yml.upload.s3.bucket,
+        bucket_private: yml.upload.s3.bucket_private,
+        base_url: yml.upload.s3.base_url,
+    }) : withConfigLocal({
+        path: yml.upload.local.path,
+        path_private: yml.upload.local.path_private,
+        base_url: yml.upload.local.base_url,
+        api_host,
+    })
+    let key_field = yml_entity.fields?.find(field => field.key)
+    if (!key_field) {
+        key_field = {
+            name: '_id',
+            type: 'objectId',
+            key: true,
+            autogenerate: true
+        }
+    }
+    const generateKey = async () => {
+        if (key_field.type == 'integer')
+            return await genEntityIdWithKey(db, key_field.name)
+        else if (key_field.type == 'string')
+            return uuidv4()
+        return null
+    }
+    const getKeyFromEntity = (entity) => {
+        const keyValue = entity[key_field.name]
+        if (key_field.type == 'objectId' && keyValue)
+            return keyValue.toString()
+        return keyValue
+    }
+    const parseKey = (key) => {
+        if (key_field.type == 'integer')
+            return parseInt(key)
+        else if (key_field.type == 'string')
+            return key
+        else if (key_field.type == 'objectId')
+            return ObjectId.isValid(key) ? new ObjectId(key) : key
+        return key
+    }
+    const parseValueByType = (value, field) => {
+        const { type, reference_entity, reference_field } = field
+        if (type == 'reference') {
+            const referenceEntity = yml.entity[reference_entity]
+            const referenceField = referenceEntity.fields.find(f => f.name == reference_field)
+            console.log('referenceField', referenceField)
+            return parseValueByTypeCore(value, referenceField)
+        } else {
+            return parseValueByTypeCore(value, field)
+        }
+    }
+    const parseValueByTypeCore = (value, field) => {
+        const { type } = field
+        if (type == 'integer')
+            return parseInt(value)
+        else if (type == 'string')
+            return value
+        else if (type == 'objectId')
+            return ObjectId.isValid(value) ? new ObjectId(value) : value
+        return value
+    }
+    const passwordEncrypt = (value) => {
+        if (options?.password?.encrypt) {
+            return options.password.encrypt(value)
+        } else {
+            return crypto.createHash('sha512').update(value).digest('hex')
+        }
+    }
+    const addInfo = async (db, list) => {
+        let passwordFields = yml_entity.fields.filter(f => f.type == 'password').map(f => f.name)
+        list.forEach(m => {
+            passwordFields.forEach(f => {
+                delete m[f]
+            })
+        })
+        let mediaFields = yml_entity.fields.filter(f => ['image', 'mp4', 'file'].includes(f.type))
+        for(let m of list) {
+            for(let field of mediaFields) {
+                m[field.name] = await mediaToFront(m[field.name], field.private)
+            }
+        }
+    }
+    const mediaKeyToFullUrl = async (key, private) => {
+        let url = key
+        if(url && !url.startsWith('http'))
+            url= host_image + '/' + url
+        if(private) {
+            url = await uploader.getUrlSecure(key, auth);
+        }
+        return url
+    }
+    const mediaToFront = async (media, private) => {
+        if (media && typeof media == 'string') {
+            media= { src: url }
+            media.image_preview = await mediaKeyToFullUrl(url, private)
+        } else if (media && typeof media == 'object') {
+            let { image, video, src } = media
+            let url = image || src
+            media.image_preview = await mediaKeyToFullUrl(url, private)
+            if (video) {
+                media.video_preview = await mediaKeyToFullUrl(video, private)
+            }
+        }
+        return media
+    }
+    //list
+    app.get(`/${entity_name}`, auth.isAuthenticated, async (req, res) => {
+        var s = {};
+        var _sort = req.query._sort;
+        var _order = req.query._order;
+        if (_sort != null)
+            s[_sort] = (_order == 'ASC' ? 1 : -1);
+        var _end = req.query._end;
+        var _start = req.query._start;
+        var l = _end - _start;
+        //검색 파라미터
+        const f = {};
+        yml_entity.fields?.forEach(field => {
+            const q = req.query[field.name];
+            if (q) {
+                const search = yml_entity.crud?.list?.search?.find(m => m.name == field.name)
+                if (Array.isArray(q)) {
+                    f[field.name] = { $in: q.map(v => parseValueByType(v, field)) };
+                } else {
+                    if (search?.exact != false || field.type == 'integer')
+                        f[field.name] = parseValueByType(q, field)
+                    else
+                        f[field.name] = { $regex: ".*" + q + ".*" };
+                }
+            }
+        })
+        console.log('f', f, req.query)
+        var name = req.query.name;
+        if (name == null && req.query.q)
+            name = req.query.q;
+        if (name != null)
+            f['name'] = { $regex: ".*" + name + ".*" };
+        f.remove = { $ne: true }
+        //Custom f list Start
+        //Custom f list End
+        const projection = (key_field.name == '_id' ? {} : { _id: false })
+        var count = await db.collection(entity_name).find(f).project(projection).sort(s).count();
+        let list = await db.collection(entity_name).find(f).project(projection).sort(s).skip(parseInt(_start)).limit(l).toArray()
+        list.map(m => {
+            m.id = getKeyFromEntity(m)
+        })
+        //Custom list Start
+        //Custom list End
+        await addInfo(db, list)
+        res.header('X-Total-Count', count);
+        res.json(list);
+    });
+    const constructEntity = async (req, entityId) => {
+        var entity = {};
+        if (entityId)
+            entity[key_field.name] = entityId
+        yml_entity.fields.forEach(field => {
+            if (!field.key)
+                entity[field.name] = req.body[field.name]
+        })
+        entity['update_date'] = new Date()
+        let passwordFields = yml_entity.fields.filter(f => f.type == 'password').map(f => f.name)
+        passwordFields.forEach(f => {
+            entity[f] = passwordEncrypt(req.body[f])
+        })
+        //Custom ConstructEntity Start
+        //Custom ConstructEntity End
+        return entity;
+    };
+    //create
+    app.post(`/${entity_name}`, auth.isAuthenticated, async (req, res) => {
+        let entityId
+        if (key_field.autogenerate)
+            entityId = await generateKey()
+        else
+            entityId = parseKey(req.body[key_field.name])
+        if (entityId) {
+            let f = {}
+            f[key_field.name] = entityId
+            let already = await db.collection(entity_name).findOne(f)
+            if (already)
+                return res.status(400).json({ status: 400, statusText: 'error', message: "duplicate key [" + entityId + "]" });
+        }
+        const entity = await constructEntity(req, entityId);
+        entity['update_date'] = entity['create_date'] = new Date()
+        entity['create_admin_id'] = req.user.id
+        //Custom Create Start
+        //Custom Create End
+        var r = await db.collection(entity_name).insertOne(entity);
+        //Custom Create Tail Start
+        //Custom Create Tail End
+        const generatedId = entityId || r.insertedId
+        entity.id = (key_field.type == 'objectId') ? generatedId?.toString() : generatedId;
+        res.json(entity);
+    });
+    //edit
+    app.put(`/${entity_name}/:id`, auth.isAuthenticated, async (req, res) => {
+        let entityId = parseKey(req.params.id)
+        const entity = await constructEntity(req, entityId);
+        entity['update_date'] = new Date()
+        // Do not attempt to set the key field during update (immutable `_id` etc.)
+        if (entity[key_field.name] !== undefined)
+            delete entity[key_field.name]
+        //Custom Create Start
+        //Custom Create End
+        let f = {}
+        f[key_field.name] = entityId
+        for(let field of yml_entity.fields) {
+            if(['mp4', 'image', 'file'].includes(field.type)) {
+                let a = entity[field.name]
+                delete a.image_preview
+                delete a.video_preview
+            }
+        }
+        await db.collection(entity_name).updateOne(f, { $set: entity });
+        //Custom Create Tail Start
+        //Custom Create Tail End
+        // Ensure React-Admin receives an `id` in the response
+        entity.id = (key_field.type == 'objectId') ? entityId?.toString() : entityId
+        res.json(entity);
+    });
+    //view
+    app.get(`/${entity_name}/:id`, auth.isAuthenticated, async (req, res) => {
+        let f = {}
+        f[key_field.name] = parseKey(req.params.id)
+        const m = await db.collection(entity_name).findOne(f);
+        if (!m)
+            return res.status(404).send('Not found');
+        m.id = getKeyFromEntity(m)
+        await addInfo(db, [m])
+        res.json(m);
+    })
+    //delete
+    app.delete(`/${entity_name}/:id`, auth.isAuthenticated, async function (req, res) {
+        let f = {}
+        f[key_field.name] = parseKey(req.params.id)
+        const entity = await db.collection(entity_name).findOne(f);
+        if (!entity)
+            return res.status(404).send('Not found');
+        entity.id = getKeyFromEntity(entity)
+        let customDelete = false
+        let softDelete = false
+        //Custom Delete Api Start
+        //Custom Delete Api End
+        if (customDelete)
+            ;
+        else if (softDelete)
+            await db.collection(entity_name).updateOne(f, { $set: { remove: true } });
+        else
+            await db.collection(entity_name).deleteOne(f);
+        res.json(entity);
+    });
+    if (yml_entity.crud?.list?.export) {
+        app.post(`/excel/${entity_name}/export`, auth.isAuthenticated, async (req, res) => {
+            const filename = `${entity_name}_`
+            const fields = yml_entity.crud.list.export.fields.map(field => ({
+                label: field.name,
+                value: field.name,
+            }))
+            //{ label: '상품', value: row => row.product_list?.map(m=>m.total_name).join(',') },
+            let f = req.body.filter || {}
+            const list = await db.collection(entity_name).find(f).project({
+                _id: false,
+            }).toArray();
+            if (list.length == 0)
+                return res.json({ r: false, msg: 'No Data' });
+            await addInfo(db, list)
+            const data = list.map(row => {
+                let obj = {};
+                fields.forEach(field => {
+                    obj[field.label] = typeof field.value === 'function' ? field.value(row) : row[field.value];
+                });
+                return obj;
+            });
+            const worksheet = XLSX.utils.json_to_sheet(data);
+            const workbook = XLSX.utils.book_new();
+            XLSX.utils.book_append_sheet(workbook, worksheet, 'Sheet1');
+            const excelBuffer = XLSX.write(workbook, { bookType: 'xlsx', type: 'buffer' });
+            const currentTime = moment().format('YYYYMMDD_HHmmss');
+            const key = `${filename}${currentTime}.xlsx`;
+            await uploader.uploadSecure(key, excelBuffer);
+            let url = await uploader.getUrlSecure(key, auth);
+            return res.json({ r: true, url });
+        })
+    }
+    if (yml_entity.crud?.list?.import) {
+        app.post(`/excel/${entity_name}/import`, auth.isAuthenticated, async (req, res) => {
+            const { base64 } = req.body
+            const buf = Buffer.from(base64, 'base64');
+            const workbook = XLSX.read(buf, { type: 'buffer' });
+            const sheet = workbook.Sheets[workbook.SheetNames[0]];
+            let list = XLSX.utils.sheet_to_json(sheet, { header: 1 });
+            //엑셀 첫번째 행 타이틀 데이터 제거
+            let header = list[0]
+            list.shift();
+            let upsert = yml_entity.crud.list.import.upsert || true
+            const fields = yml_entity.crud.list.import.fields.map(m => m)
+            fields.map(field => {
+                let original = yml_entity.fields.find(f => f.name == field.name)
+                field.type = original.type
+            })
+            let key_field = yml_entity.fields.find(f => f.key)
+            let bulk = []
+            list.map(m => {
+                let f = {}
+                let m_obj = {}
+                header.map((h, index) => {
+                    m_obj[h] = m[index]
+                })
+                f[key_field.name] = getKeyFromEntity(m_obj)
+                if (!f[key_field.name])
+                    return
+                let entity = {}
+                fields.forEach(field => {
+                    if (field.type == 'integer')
+                        entity[field.name] = parseInt(m_obj[field.name])
+                    else if (field.type == 'password')
+                        entity[field.name] = passwordEncrypt(m_obj[field.name] + '')
+                    else
+                        entity[field.name] = m_obj[field.name] + ''
+                })
+                bulk.push({
+                    updateOne: {
+                        filter: f,
+                        update: { $set: entity },
+                        upsert: upsert
+                    }
+                })
+            })
+            let result = await db.collection('delivery').bulkWrite(bulk);
+            res.json({ r: true, msg: 'Import success - ' + result.upsertedCount + ' rows effected' });
+        })
+    }
+}
+const generateEntityApi = async ({ app, db, entity_name, entity, yml, options }) => {
+    await generateCrud({ app, db, entity_name, yml_entity: entity, yml, options })
+}
+module.exports = {
+    generateEntityApi
+}

package/src/login/auth.js CHANGED Viewed

@@ -12,7 +12,25 @@ const withConfig = (config) => {
     });
   };
-  const authenticateSuccess = function (req, res, user, next) {
+  const genenrateShortToken = () => {
+    return new Promise((resolve, reject) => {
+      jwt.sign(
+        {},
+        jwt_secret,
+        {
+          expiresIn: '5m',
+          subject: 'shortToken'
+        }, (err, token) => {
+          if (err)
+            reject(err);
+          else
+            resolve(token);
+        }
+      );
+    })
+  }
+  const authenticateSuccess = (req, res, user, next) => {
     jwt.sign(
       user,
       jwt_secret,
@@ -30,15 +48,15 @@ const withConfig = (config) => {
     );
   };
-  const isAuthenticated = function (req, res, next) {
-    const token = req.headers['x-access-token'] || req.query.token || req.cookies.token;
+  const isAuthenticated = (req, res, next) => {
+    const token = req.headers['x-access-token'] || req.query.token || req.cookies.token;
     if (token == null)
-      res.json({ r: false, err: { code: 666 }, msg: '로그인 필요' });
+      res.json({ r: false, err: { code: 666 }, msg: 'No authentication' });
     else
       jwt.verify(token, jwt_secret, (err, decoded) => {
         if (err) {
-          res.json({ r: false, err: { code: 666 }, msg: '로그인 필요' });
+          res.json({ r: false, err: { code: 666 }, msg: 'No authentication' });
           return;
         }
         req.user = decoded;
@@ -78,6 +96,7 @@ const withConfig = (config) => {
   return {
     isAuthenticated,
     authenticate,
+    genenrateShortToken,
   }
 }

package/src/upload/localUpload.js ADDED Viewed

@@ -0,0 +1,44 @@
+const moment = require('moment')
+const fs = require('fs')
+const getUrl = async (Key) => {
+    //console.log('getSignedUrl')
+    let r = await s3.getSignedUrl('getObject', {
+        Bucket:aws_bucket_private,
+        Key,
+    })
+    //console.log(r)
+    return r
+}
+const withConfigLocal = ({path, path_private, base_url, api_host}) => {
+    const upload = async (key, stream) => {
+        return await fs.writeFileSync(path + '/' + key, stream)
+    }
+    const uploadSecure = async (key, stream) => {
+        return await fs.writeFileSync(path_private + '/' + key, stream)
+    }
+    const getUrlSecure = async (Key, auth) => {
+        let r = `${api_host}/local-secure-download?key=${Key}`
+        let shortToken = await auth.genenrateShortToken()
+        r += `&token=${shortToken}`
+        return r
+    }
+    return {
+        upload,
+        uploadSecure,
+        getUrl: async (key) => {
+            return await getUrl(key)
+        },
+        getUrlSecure,
+    }
+}
+module.exports = {
+    withConfigLocal
+};

package/src/upload/s3Upload.js ADDED Viewed

@@ -0,0 +1,47 @@
+const moment = require('moment')
+const { S3Client, PutObjectCommand, GetObjectCommand, DeleteObjectCommand } = require('@aws-sdk/client-s3')
+const { getSignedUrl } = require('@aws-sdk/s3-request-presigner')
+const upload = async (key, stream) => {
+    if(!key){
+        throw new Error('필수값이 없습니다')
+    }
+    //console.log('uploadExcel')
+    return await s3.upload({
+        Bucket: aws_bucket_private,
+        Key: key,
+        Body: stream,
+        ACL: 'private',
+        Expires: moment().add(10, 'minute').toISOString(),
+        ContentType: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+    }).promise()
+}
+const getUrl = async (Key) => {
+    //console.log('getSignedUrl')
+    let r = await s3.getSignedUrl('getObject', {
+        Bucket:aws_bucket_private,
+        Key,
+    })
+    //console.log(r)
+    return r
+}
+const getSecureUrl = async (Key) => {
+    //console.log('getSignedUrl')
+    let r = await s3.getSignedUrl('getObject', {
+        Bucket:aws_bucket_private,
+        Key,
+    })
+    //console.log(r)
+    return r
+}
+module.exports = {
+    upload,
+    getUrl,
+    getSecureUrl,
+};

package/src/upload/upload-api-generator.js ADDED Viewed

@@ -0,0 +1,248 @@
+const { withConfig } = require('../login/auth.js');
+const { PutObjectCommand, CreateMultipartUploadCommand, UploadPartCommand, CompleteMultipartUploadCommand, AbortMultipartUploadCommand } = require('@aws-sdk/client-s3')
+const { getSignedUrl } = require('@aws-sdk/s3-request-presigner')
+const { genEntityIdWithKey } = require('../common/util.js');
+const { S3Client } = require('@aws-sdk/client-s3')
+const fs = require('fs')
+const getContentType = (ext) => {
+    let contentType = 'image/jpeg'
+    if(ext == 'mp4')
+        contentType = 'video/mp4'
+    else if(ext == 'mov')
+        contentType = 'video/quicktime'
+    else if(ext == 'png')
+        contentType = 'image/png'
+    return contentType
+}
+const generateS3UploadApi = async ({ app, db, yml, options }) => {
+    const auth = withConfig({ db, jwt_secret: yml.login["jwt-secret"] });
+    const { region, access_key_id, secret_access_key, bucket, bucket_private } = yml.upload.s3;
+    const getS3 = () => {
+        let s3 = new S3Client({
+            region: region,
+            credentials: {
+                accessKeyId: access_key_id,
+                secretAccessKey: secret_access_key
+            }
+        })
+        return s3
+    }
+    app.get('/api/media/url/put/:ext', auth.isAuthenticated, async function(req, res){
+        let s3 = getS3()
+        let {member_no} = req.user;
+        let fileName = await genEntityIdWithKey(db, 'file');
+        let ext = req.params.ext;
+        let contentType = getContentType(ext)
+        let key = `media/${member_no}/${fileName}.${ext}`
+        const uploadUrl = await getSignedUrl(s3, new PutObjectCommand({Bucket: aws_bucket_image,
+            ContentType: contentType,
+            Key: key}), { expiresIn: 300 });
+        let r = {upload_url:uploadUrl, key, fileName:`${fileName}.${ext}`, member_no, contentType}
+        console.log(r)
+        res.json(r);
+    });
+    app.get('/api/media/url/secure/put/:ext', auth.isAuthenticated, async function(req, res){
+        let s3 = getS3()
+        let {member_no} = req.user;
+        let fileName = await genEntityIdWithKey(db, 'file');
+        let ext = req.params.ext;
+        let contentType = getContentType(ext)
+        let key = `media/${member_no}/${fileName}.${ext}`
+        const uploadUrl = await getSignedUrl(s3, new PutObjectCommand({Bucket: aws_bucket_private,
+            ContentType: contentType,
+            Key: key}), { expiresIn: 300 });
+        let r = {upload_url:uploadUrl, key, fileName:`${fileName}.${ext}`, member_no, contentType}
+        res.json(r);
+    });
+    // request uploadId
+    app.get('/api/media/url/secure/init/:ext', auth.isAuthenticated, async function (req, res) {
+        let s3 = getS3();
+        let member_no = req.user.member_no || req.user.id;
+        let fileName = await genEntityIdWithKey(db, 'file');
+        let ext = req.params.ext;
+        let key = `media/${member_no}/${fileName}.${ext}`;
+        let contentType = getContentType(ext);
+        const createMultipartUpload = await s3.send(new CreateMultipartUploadCommand({
+            Bucket: aws_bucket_private,
+            Key: key,
+            ContentType: contentType
+        }));
+        res.json({ uploadId: createMultipartUpload.UploadId, key, contentType });
+    });
+    // request presigned url
+    app.post('/api/media/url/secure/part', auth.isAuthenticated, async function (req, res) {
+        let s3 = getS3();
+        let { key, uploadId, partNumber } = req.body;
+        const command = new UploadPartCommand({
+            Bucket: aws_bucket_private,
+            Key: key,
+            UploadId: uploadId,
+            PartNumber: partNumber
+        });
+        const uploadUrl = await getSignedUrl(s3, command, { expiresIn: 300*10 });
+        res.json({ uploadUrl });
+    });
+    // merge file
+    app.post('/api/media/url/secure/complete', auth.isAuthenticated, async function (req, res) {
+        let s3 = getS3();
+        let { key, uploadId, parts } = req.body;
+        parts.sort((a, b) => a.PartNumber - b.PartNumber);
+        await s3.send(new CompleteMultipartUploadCommand({
+            Bucket: aws_bucket_private,
+            Key: key,
+            UploadId: uploadId,
+            MultipartUpload: { Parts: parts }
+        }));
+        res.json({ key });
+    });
+    // 청크파일 삭제
+    app.post('/api/media/url/secure/abort', auth.isAuthenticated, async (req, res) => {
+        try {
+            const { key, uploadId } = req.body;
+            const s3 = getS3();
+            await s3.send(new AbortMultipartUploadCommand({
+                Bucket: aws_bucket_private,
+                Key: key,
+                UploadId: uploadId
+            }));
+            res.json({ r: true });
+        } catch (error) {
+            console.log(error);
+            res.status(500).json({ r: false });
+        }
+    });
+    app.post('/api/media/url/put', auth.isAuthenticated, async function(req, res) {
+        let s3 = getS3()
+        let {member_no} = req.user
+        const {ext_list} = req.body
+        let r = {list:[], r:true}
+        for(let ext of ext_list) {
+            let fileName = await genEntityIdWithKey(db, 'file')
+            let key = `media/${member_no}/${fileName}.${ext}`
+            let contentType = getContentType(ext)
+            const upload_url = await getSignedUrl(s3, new PutObjectCommand({Bucket: aws_bucket_image,
+                ContentType: contentType,
+                Key: key}), { expiresIn: 300 });
+            r.list.push({upload_url, key, fileName:`${fileName}.${ext}`, member_no, contentType})
+        }
+        res.json(r);
+    })
+    app.post('/api/media/url/secure/put', auth.isAuthenticated, async function(req, res) {
+        let s3 = getS3()
+        let {member_no} = req.user
+        const {ext_list} = req.body
+        let r = {list:[], r:true}
+        for(let ext of ext_list) {
+            let fileName = await genEntityIdWithKey(db, 'file')
+            let key = `media/${member_no}/${fileName}.${ext}`
+            let contentType = getContentType(ext)
+            const upload_url = await getSignedUrl(s3, new PutObjectCommand({Bucket: aws_bucket_private,
+                ContentType: contentType,
+                Key: key}), { expiresIn: 300 });
+            r.list.push({upload_url, key, fileName:`${fileName}.${ext}`, member_no, contentType})
+        }
+        res.json(r);
+    })
+}
+const generateLocalUploadApi = async ({ app, db, yml, options }) => {
+    const auth = withConfig({ db, jwt_secret: yml.login["jwt-secret"] });
+    const { path, path_private } = yml.upload.local;
+    // Accept raw binary for local upload and stream to disk
+    app.put('/api/local/media/upload', auth.isAuthenticated, async function(req, res) {
+        let member_no = req.user.member_no || req.user.id;
+        let {ext, name} = req.query
+        let fileName = await genEntityIdWithKey(db, 'file')
+        let key = `media/${member_no}/${fileName}.${ext}`
+        // Ensure directory exists
+        const fullPath = `${path}/${key}`;
+        fs.mkdirSync(require('path').dirname(fullPath), { recursive: true });
+        const writeStream = fs.createWriteStream(fullPath);
+        req.pipe(writeStream);
+        writeStream.on('finish', () => {
+            res.json({ r: true, key })
+        });
+        writeStream.on('error', (err) => {
+            console.error(err);
+            res.status(500).json({ r: false, msg:err.message })
+        });
+    })
+    app.put('/api/local/media/upload/secure', auth.isAuthenticated, async function(req, res) {
+        let member_no = req.user.member_no || req.user.id;
+        let {ext, name} = req.query
+        let fileName = await genEntityIdWithKey(db, 'file')
+        let key = `media/${member_no}/${fileName}.${ext}`
+        try {
+            // Ensure directory exists
+            const fullPath = `${path_private}/${key}`;
+            fs.mkdirSync(require('path').dirname(fullPath), { recursive: true });
+            const writeStream = fs.createWriteStream(fullPath);
+            req.pipe(writeStream);
+            writeStream.on('finish', () => {
+                res.json({ r: true, key })
+            });
+            writeStream.on('error', (err) => {
+                console.error(err);
+                res.status(500).json({ r: false, msg:err.message })
+            });
+        } catch (e) {
+            console.error(e)
+            res.status(500).json({ r:false })
+        }
+    })
+}
+const generateUploadApi = async ({ app, db, yml, options }) => {
+    if(yml.upload.s3) {
+        await generateS3UploadApi({ app, db, yml, options })
+    }
+    if(yml.upload.local) {
+        await generateLocalUploadApi({ app, db, yml, options })
+    }
+}
+module.exports = {
+    generateUploadApi
+}

package/src/yml-admin-api.js CHANGED Viewed

@@ -1,23 +1,37 @@
 const { MongoClient } = require('mongodb');
 const fs = require('fs').promises;
 const yaml = require('yaml');
-const { generateEntityApi } = require('./crud/api-generator');
+const { generateEntityApi } = require('./crud/entity-api-generator');
 const { generateLoginApi } = require('./crud/login-api-generator');
+const { withConfig } = require('./login/auth.js');
+const { generateUploadApi } = require('./upload/upload-api-generator');
+const changeEnv = (yamlString, env = {}) => {
+  if (!yamlString) return yamlString;
+  const mergedEnv = { ...process.env, ...env };
+  return yamlString.replace(/\$\{([A-Z0-9_\.\-]+)\}/g, (match, varName) => {
+    console.log('env', varName, mergedEnv[varName]);
+    const value = mergedEnv[varName];
+    return value !== undefined && value !== null ? String(value) : match;
+  });
+}
 async function registerRoutes(app, options = {}) {
-  const { yamlPath, yamlString } = options;
+  const { yamlPath, yamlString, env } = options;
   let yml;
   if(yamlPath) {
-    yml = await readYml(yamlPath);
+    yml = await readYml(yamlPath, env);
   } else if(yamlString) {
-    yml = yaml.parse(yamlString);
+    const replaced = changeEnv(yamlString, env);
+    yml = yaml.parse(replaced);
   } else {
     let yamlString = await fs.readFile('./admin.yml', 'utf8');
     if(!yamlString) {
       throw new Error('admin.yml is not found. yamlPath or yamlString is required.')
     }
-    yamlString = yamlString.replace('${JWT_SECRET}', process.env.JWT_SECRET);
-    yamlString = yamlString.replace('${MONGODB_URL}', process.env.MONGODB_URL);
+    yamlString = changeEnv(yamlString, env);
     yml = yaml.parse(yamlString);
   }
@@ -31,27 +45,40 @@ async function registerRoutes(app, options = {}) {
       console.log('db connected')
     }
   }
-  const jwt_secret = yml.login["jwt-secret"]
-  app.set('jwt-secret', jwt_secret);
   await generateLoginApi(app, db, yml)
-  entity && Object.keys(entity).forEach(async (entityName) => {
+  entity && Object.keys(entity).forEach(async (entity_name) => {
     await generateEntityApi({
       app, db,
-      name:entityName,
-      entity:entity[entityName],
-      jwt_secret
+      entity_name,
+      entity:entity[entity_name],
+      yml,
+      options,
     })
   })
+  await generateUploadApi({
+    app, db,
+    yml,
+    options,
+  })
+  //local secure download api
+  const auth = withConfig({ db, jwt_secret: yml.login["jwt-secret"] });
+  app.get('/local-secure-download', auth.isAuthenticated, async (req, res) => {
+    const {key} = req.query;
+    const a = `${yml.upload.local.path_private}/${key}`
+    const file = await fs.readFile(a)
+    res.setHeader('Content-Disposition', `attachment; filename=${key}`);
+    res.setHeader('Content-Type', 'application/octet-stream');
+    res.send(file);
+  })
 }
-async function readYml(path) {
+async function readYml(path, env = {}) {
   let yml = await fs.readFile(path, 'utf8');
-  yml = yml.replace('${JWT_SECRET}', process.env.JWT_SECRET);
-  yml = yml.replace('${MONGODB_URL}', process.env.MONGODB_URL);
+  yml = changeEnv(yml, env);
   return yaml.parse(yml);
 }
 module.exports = registerRoutes;

package/src/crud/api-generator.js DELETED Viewed

@@ -1,118 +0,0 @@
-const isAuthenticated = (jwt_secret) => {
-    return async (req, res, next) => {
-        const token = req.headers['x-access-token'] || req.query.token || req.cookies.token;
-        if (token == null)
-            res.json({ r: false, err: { code: 666 }, msg: '로그인 필요' });
-        else {
-            jwt.verify(token, jwt_secret, (err, decoded) => {
-                if (err) {
-                    res.json({ r: false, err: { code: 666 }, msg: '로그인 필요' });
-                    return;
-                }
-                req.user = decoded;
-                delete req.user.password;
-                next();
-            })
-        }
-    }
-}
-const generateList = async ({app, db, name, entity, jwt_secret}) => {
-    //list
-    app.get(`/${name}`, isAuthenticated(jwt_secret), async function (req, res) {
-        var s = {};
-        var _sort = req.query._sort;
-        var _order = req.query._order;
-        if (_sort != null)
-            s[_sort] = (_order == 'ASC' ? 1 : -1);
-        var _end = req.query._end;
-        var _start = req.query._start;
-        var l = _end - _start;
-        //검색 파라미터
-        var f = {};
-        var id = req.query.id;
-        if (id) {
-            if (Array.isArray(id))
-                f['id'] = { $in: id.map(m => parseInt(m)) };
-            else
-                f['id'] = parseInt(id);
-        }
-        // ${
-        //     entity.property.filter(f=>f.search && f.type != 'divider').map(m=>{
-        //         if(m.type == 'bool') {
-        //             return `
-        //             if (req.query.${m.name})
-        //                 f['${m.name}'] = req.query.${m.name} == 'true'
-        //             `
-        //         } else if(m.type == 'text') {
-        //             return `
-        //             if (req.query.${m.name})
-        //                 f['${m.name}'] = { $regex: ".*" + req.query.${m.name} + ".*" }
-        //             `
-        //         } else if(m.type == 'reference') {
-        //             //reference의 키는 integer인지 string인지 모른다. 그리고 member_no같이 string으로 취급되어야할 integer도 있다
-        //             return `
-        //             if (req.query.${m.name})
-        //                 f['${m.name}'] = isNaN(Number(req.query.${m.name}))|| parseInt(req.query.${m.name}) > 1569340492095?req.query.${m.name}:parseInt(req.query.${m.name})
-        //             `
-        //         } else if(m.type == 'date') {
-        //             return `
-        //             if (req.query.date) {
-        //                 if(req.query.date.replace(/-/g, '').length == 8) {
-        //                     //해당 날짜의 시작Date와 끝Date로 검색
-        //                     f['date'] = {
-        //                         $gte: moment(req.query.date).startOf('day').toDate(),
-        //                         $lte: moment(req.query.date).endOf('day').toDate()
-        //                     }
-        //                 }
-        //             }
-        //             `
-        //         } else {
-        //             return `
-        //             if (req.query.${m.name})
-        //                 f['${m.name}'] = req.query.${m.name}
-        //             `
-        //         }
-        //     }).join('\n')
-        // }
-        var name = req.query.name;
-        if (name == null && req.query.q)
-            name = req.query.q;
-        if (name != null)
-            f['name'] = { $regex: ".*" + name + ".*" };
-        f.remove = { $ne: true }
-        //Custom f list Start
-        //Custom f list End
-        var count = await db.collection('${name}').find(f).project({ _id: false }).sort(s).count();
-        let list = await db.collection('${name}').find(f).project({ _id: false }).sort(s).skip(parseInt(_start)).limit(l).toArray()
-        console.log('entity', entity)
-        list.map(m => {
-            m.id = entity.key
-        })
-        //Custom list Start
-        //Custom list End
-        await addInfo(db, list)
-        res.header('X-Total-Count', count);
-        res.json(list);
-    });
-}
-const generateEntityApi = async ({app, db, name, entity, jwt_secret}) => {
-    const { fields } = entity;
-    console.log('generateEntityApi', name)
-    await generateList({app, db, name, entity, jwt_secret})
-}
-module.exports = {
-    generateEntityApi
-}