archetecture security fix
This commit is contained in:
+103
@@ -0,0 +1,103 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.findMany = findMany;
|
||||
exports.findById = findById;
|
||||
exports.findByIdSimple = findByIdSimple;
|
||||
exports.create = create;
|
||||
exports.updateMany = updateMany;
|
||||
exports.updateById = updateById;
|
||||
exports.findUniqueOrThrow = findUniqueOrThrow;
|
||||
const prisma_1 = require("../../lib/prisma");
|
||||
let customerLicenseImageColumnSupported = null;
|
||||
async function hasCustomerLicenseImageColumn() {
|
||||
if (customerLicenseImageColumnSupported !== null) {
|
||||
return customerLicenseImageColumnSupported;
|
||||
}
|
||||
const rows = await prisma_1.prisma.$queryRawUnsafe("select exists(select 1 from information_schema.columns where table_schema = 'public' and table_name = 'customers' and column_name = 'licenseImageUrl') as exists");
|
||||
customerLicenseImageColumnSupported = Boolean(rows[0]?.exists);
|
||||
return customerLicenseImageColumnSupported;
|
||||
}
|
||||
function buildCustomerSelect(includeLicenseImageUrl) {
|
||||
return {
|
||||
id: true,
|
||||
companyId: true,
|
||||
renterId: true,
|
||||
firstName: true,
|
||||
lastName: true,
|
||||
email: true,
|
||||
phone: true,
|
||||
driverLicense: true,
|
||||
dateOfBirth: true,
|
||||
nationality: true,
|
||||
address: true,
|
||||
notes: true,
|
||||
flagged: true,
|
||||
flagReason: true,
|
||||
licenseExpiry: true,
|
||||
licenseIssuedAt: true,
|
||||
licenseCountry: true,
|
||||
licenseNumber: true,
|
||||
licenseCategory: true,
|
||||
licenseExpired: true,
|
||||
licenseExpiringSoon: true,
|
||||
licenseValidationStatus: true,
|
||||
licenseApprovedBy: true,
|
||||
licenseApprovedAt: true,
|
||||
licenseApprovalNote: true,
|
||||
...(includeLicenseImageUrl ? { licenseImageUrl: true } : {}),
|
||||
createdAt: true,
|
||||
updatedAt: true,
|
||||
};
|
||||
}
|
||||
async function getCustomerSelect() {
|
||||
return buildCustomerSelect(await hasCustomerLicenseImageColumn());
|
||||
}
|
||||
async function sanitizeCustomerData(data) {
|
||||
if (await hasCustomerLicenseImageColumn()) {
|
||||
return data;
|
||||
}
|
||||
const { licenseImageUrl, ...rest } = data;
|
||||
void licenseImageUrl;
|
||||
return rest;
|
||||
}
|
||||
async function findMany(where, skip, take) {
|
||||
const select = await getCustomerSelect();
|
||||
return Promise.all([
|
||||
prisma_1.prisma.customer.findMany({ where, skip, take, orderBy: { createdAt: 'desc' }, select }),
|
||||
prisma_1.prisma.customer.count({ where }),
|
||||
]);
|
||||
}
|
||||
async function findById(id, companyId) {
|
||||
const select = await getCustomerSelect();
|
||||
return prisma_1.prisma.customer.findFirst({
|
||||
where: { id, companyId },
|
||||
select: {
|
||||
...select,
|
||||
reservations: { include: { vehicle: true }, orderBy: { createdAt: 'desc' }, take: 20 },
|
||||
},
|
||||
});
|
||||
}
|
||||
async function findByIdSimple(id, companyId) {
|
||||
return prisma_1.prisma.customer.findFirst({ where: { id, companyId }, select: await getCustomerSelect() });
|
||||
}
|
||||
async function create(data) {
|
||||
return prisma_1.prisma.customer.create({ data: (await sanitizeCustomerData(data)), select: await getCustomerSelect() });
|
||||
}
|
||||
async function updateMany(id, companyId, data) {
|
||||
return prisma_1.prisma.customer.updateMany({ where: { id, companyId }, data });
|
||||
}
|
||||
async function updateById(id, data) {
|
||||
return prisma_1.prisma.customer.update({
|
||||
where: { id },
|
||||
data: (await sanitizeCustomerData(data)),
|
||||
select: await getCustomerSelect(),
|
||||
});
|
||||
}
|
||||
async function findUniqueOrThrow(id, companyId) {
|
||||
const select = await getCustomerSelect();
|
||||
if (companyId) {
|
||||
return prisma_1.prisma.customer.findFirstOrThrow({ where: { id, companyId }, select });
|
||||
}
|
||||
return prisma_1.prisma.customer.findUniqueOrThrow({ where: { id }, select });
|
||||
}
|
||||
//# sourceMappingURL=customer.repo.js.map
|
||||
Reference in New Issue
Block a user