UNPKG

fastify-at-postgres

Version:

Fastify Postgress to prevent SQL injection attacks

github.com/mateonunez/fastify-at-postgres

mateonunez/fastify-at-postgres

97 lines (78 loc) 2.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
'use strict' const fp = require('fastify-plugin') const createConnectionPool = require('@databases/pg') const { buildConnectionString, validateConnectionString } = require('./lib/connection-string') function validateOptions (options) { if (options.connectionString) { if (!validateConnectionString(options.connectionString)) { throw new Error('Invalid connection string') } } else if (!options.host || !options.user || !options.password || !options.database) { throw new Error('Missing required options') } } async function fastifyAtPostgres (fastify, options, next) { const { sql } = createConnectionPool const results = [] async function executeTransaction (cb) { if (Array.isArray(cb)) { for (const tx of cb) { if (typeof tx !== 'function') { throw new Error('Transaction must be a function') } const result = await executeTransaction(tx) results.push(result) } return results } else if (typeof cb !== 'function') { throw new Error('Transaction must be a function') } return db.tx(cb) } const { host, user, password, database, port = 5432, connectionString, name, ...opts } = options validateOptions({ host, user, password, database, port, connectionString }) const db = createConnectionPool({ connectionString: connectionString || buildConnectionString({ host, user, password, database, port }), ...opts }) fastify.addHook('onClose', (_, done) => { db.dispose().then(done) }) const decoratorObject = { query: (queryString, options = {}) => { const { type = 'raw' } = options if (type === 'raw') { return db.query(sql(queryString)) } else if (type === 'iterable') { return db.queryStream(sql(queryString)) } else if (type === 'stream') { return db.queryNodeStream(sql(queryString)) } throw new Error(`Invalid result type: ${type}`) }, transaction: (...args) => executeTransaction(...args), task: (...args) => db.task(...args), sql, db } if (name) { if (!fastify.pg) { fastify.decorate('pg', {}) } if (fastify.pg[name]) { return next(new Error(`fastify-postgres has already been registered with name '${name}'`)) } fastify.pg[name] = decoratorObject } else { if (fastify.pg) { throw new Error('fastify-postgres or another pg plugin has already been registered') } fastify.decorate('pg', decoratorObject) } } module.exports = fp(fastifyAtPostgres, { fastify: '4.x', name: 'fastify-at-postgres' }) module.exports.default = fastifyAtPostgres module.exports.fastifyAtPostgres = fastifyAtPostgres