triptyk / nfw Goto Github PK

Add memory and environment options

remove loading relations on login , can cause OUT OF MEMORY with TypeORM

Remove support for multiple applications
Main application must be a static class

self document end-point

Use an ACL module to authorize GET / LIST / CREATE / DELETE / UPDATE for resources

When I try to download with your explanations, the link is'nt correct

typeorm/typeorm#2912

Workaround : don't escape string / use parent alias before attribute

File : https://github.com/TRIPTYK/nfw/blob/develop/src/core/repositories/base.repository.ts

query parameter sort=name

if (allowSorting && query.sort) {
            const sortFields = splitAndFilter(query.sort, ","); // split parameters and filter empty strings

            // need to use SqlString.escapeId in order to prevent SQL injection on orderBy()
            for (const field of sortFields) {
                if (field[0] === "-") {  // JSON-API convention , when sort field starts with '-' order is DESC
                    queryBuilder.orderBy(SqlString.escapeId(field.substr(1)), "DESC");
                } else {
                    queryBuilder.orderBy(SqlString.escapeId(field), "ASC");
                }
            }
        }

TO

query parameter sort=<entity>.name

        if (allowSorting && query.sort) {
            const sortFields = splitAndFilter(query.sort, ","); // split parameters and filter empty string

            // need to use SqlString.escapeId in order to prevent SQL injection on orderBy()
            for (const field of sortFields)
            {
                if (field[0] === "-") {  // JSON-API convention , when sort field starts with '-' order is DESC
                    queryBuilder.addOrderBy(field.substr(1), "DESC");
                } else {
                    queryBuilder.addOrderBy(field, "ASC");
                }
            }
        }

We should consider improving the serializing/de-serializing process. They are not generic enough

global service container

• OAuth
• Cache

config classify

• Passport
• Multer
• Logger
• Env

With forms with multiples patch/delete/create operations, roll backing errors is a nightmare.
This jsonapi extension will add some transactional behavior.
https://jsonapi.org/ext/atomic/

Implement related/relationships links in repository and serializers

add total to serializer meta for pagination

Class inhritance from @nfw-core / override

Reproduce issue:

  @JsonApiGet()
  async get (@Param('id') id: string, query: JsonApiQuery, @CurrentUser() currentUser: UserModel) {
    const document = await this.documentService.getOneOrFail(id, query);
    await canOrFail(this.authorizer, currentUser, 'read', [document])
    return this.registry.getSerializerFor<DocumentResource>('documents').serializeOne(document);
  }

This create an error because query become currentUser.

  @JsonApiGet()
  async get (@Param('id') id: string, @JsonApiQueryDecorator(RESOURCE_NAME) query: JsonApiQuery, @CurrentUser() currentUser: UserModel) {
    const document = await this.documentService.getOneOrFail(id, query);
    await canOrFail(this.authorizer, currentUser, 'read', [document])
    return this.registry.getSerializerFor<DocumentResource>('documents').serializeOne(document);
  }

This does not create an error because currentUser is correctly assigned

Expected:

Decorator to assign the param assigned to it and not the param before

cache for resources with ?include are not flushed

rework OAuth for Google , FB , Outlook