"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.default = checks; const lodash_1 = __importDefault(require("lodash")); function checks(_a) { return __awaiter(this, arguments, void 0, function* ({ table, allowedTables, query, body, method, getMiddleware, postMiddleware, putMiddleware, deleteMiddleware, crudMiddleware, }) { var _b, _c, _d, _e; const allowedTable = allowedTables.find((tbl) => tbl.table == table); if (!allowedTable) { throw new Error(`Can't Access this table: \`${table}\``); } let newQuery = lodash_1.default.cloneDeep(query); let newBody = lodash_1.default.cloneDeep(body); const searchFields = Object.keys(((_b = newQuery === null || newQuery === void 0 ? void 0 : newQuery.searchQuery) === null || _b === void 0 ? void 0 : _b.query) || {}); const selectFields = (_d = (((_c = newQuery === null || newQuery === void 0 ? void 0 : newQuery.searchQuery) === null || _c === void 0 ? void 0 : _c.selectFields) ? newQuery.searchQuery.selectFields.map((f) => typeof f == "string" ? f : typeof f == "object" ? f.fieldName : undefined) : undefined)) === null || _d === void 0 ? void 0 : _d.filter((f) => typeof f == "string"); const targetFields = [...(searchFields || []), ...(selectFields || [])]; if (method == "GET" && allowedTable.allowedFields) { for (let i = 0; i < targetFields.length; i++) { const fld = targetFields[i]; const allowedFld = allowedTable.allowedFields.find((f) => typeof f == "string" ? f == fld : fld.match(f)); if (!allowedFld) { throw new Error(`\`${allowedFld}\` field not allowed`); } } } if (method == "GET" && allowedTable.disallowedFields) { for (let i = 0; i < targetFields.length; i++) { const fld = targetFields[i]; const disallowedFld = allowedTable.disallowedFields.find((f) => typeof f == "string" ? f == fld : fld.match(f)); if (disallowedFld) { throw new Error(`\`${disallowedFld}\` field not allowed`); } } } if (method == "GET" && getMiddleware) { newQuery = yield getMiddleware({ query: newQuery || {} }); } if (method !== "GET" && crudMiddleware) { const middRes = yield crudMiddleware({ body: newBody || {}, query: newQuery || {}, }); newBody = lodash_1.default.merge(newBody, middRes); } if (method == "POST" && postMiddleware) { const middRes = yield postMiddleware({ body: newBody || {}, query: newQuery || {}, }); newBody = lodash_1.default.merge(newBody, middRes); } if (method == "PUT" && putMiddleware) { const middRes = yield putMiddleware({ body: newBody || {}, query: newQuery || {}, }); newBody = lodash_1.default.merge(newBody, middRes); } if (method == "DELETE" && deleteMiddleware) { const middRes = yield deleteMiddleware({ body: newBody || {}, query: newQuery || {}, }); newBody = lodash_1.default.merge(newBody, middRes); } if ((_e = newQuery === null || newQuery === void 0 ? void 0 : newQuery.searchQuery) === null || _e === void 0 ? void 0 : _e.join) { for (let i = 0; i < newQuery.searchQuery.join.length; i++) { const join = newQuery.searchQuery.join[i]; const joinTableName = join.tableName; const selectFields = join.selectFields; if (allowedTables === null || allowedTables === void 0 ? void 0 : allowedTables[0]) { const allowedJoinTable = allowedTables.find((t) => t.table == joinTableName); if (!(allowedJoinTable === null || allowedJoinTable === void 0 ? void 0 : allowedJoinTable.table)) { throw new Error(`Can't joint \`${joinTableName}\` table`); } const allowedFields = allowedJoinTable.allowedFields; const disallowedFields = allowedJoinTable.disallowedFields; if (selectFields === null || selectFields === void 0 ? void 0 : selectFields[0]) { for (let j = 0; j < selectFields.length; j++) { const selectField = selectFields[j]; const selectFieldName = typeof selectField == "object" ? selectField.field : String(selectField); if ((allowedFields === null || allowedFields === void 0 ? void 0 : allowedFields[0]) && !allowedFields.find((f) => String(f) == selectFieldName)) { throw new Error(`Can't Select this Field!`); } if ((disallowedFields === null || disallowedFields === void 0 ? void 0 : disallowedFields[0]) && disallowedFields.find((f) => String(f) == selectFieldName)) { throw new Error(`Disallowed Field Selected!`); } } } } } } return { query: newQuery, body: newBody, allowedTable, }; }); }