New Listings view (#192)

* completing found listings

---------

Co-authored-by: Christian Kellner <Christian.Kellner1@ibm.com>

lib/api/api.js

@@ -3,11 +3,11 @@ import { authInterceptor, cookieSession, adminInterceptor } from './security.js'
 import { generalSettingsRouter } from './routes/generalSettingsRoute.js';
 import { analyticsRouter } from './routes/analyticsRouter.js';
 import { providerRouter } from './routes/providerRouter.js';
+import { versionRouter } from './routes/versionRouter.js';
 import { loginRouter } from './routes/loginRoute.js';
-import { config } from '../utils.js';
 import { userRouter } from './routes/userRoute.js';
 import { jobRouter } from './routes/jobRouter.js';
-import { versionRouter } from './routes/versionRouter.js';
+import { config } from '../utils.js';
 import bodyParser from 'body-parser';
 import restana from 'restana';
 import files from 'serve-static';
@@ -15,6 +15,7 @@ import path from 'path';
 import { getDirName } from '../utils.js';
 import { demoRouter } from './routes/demoRouter.js';
 import logger from '../services/logger.js';
+import { listingsRouter } from './routes/listingsRouter.js';
 const service = restana();
 const staticService = files(path.join(getDirName(), '../ui/public'));
 const PORT = config.port || 9998;
@@ -25,6 +26,8 @@ service.use(staticService);
 service.use('/api/admin', authInterceptor());
 service.use('/api/jobs', authInterceptor());
 service.use('/api/version', authInterceptor());
+service.use('/api/listings', authInterceptor());
+
 // /admin can only be accessed when user is having admin permissions
 service.use('/api/admin', adminInterceptor());
 service.use('/api/jobs/notificationAdapter', notificationAdapterRouter);
@@ -35,6 +38,7 @@ service.use('/api/admin/users', userRouter);
 service.use('/api/version', versionRouter);
 service.use('/api/jobs', jobRouter);
 service.use('/api/login', loginRouter);
+service.use('/api/listings', listingsRouter);
 //this route is unsecured intentionally as it is being queried from the login page
 service.use('/api/demo', demoRouter);
 

lib/api/routes/listingsRouter.js

@@ -0,0 +1,23 @@
+import restana from 'restana';
+import * as listingStorage from '../../services/storage/listingsStorage.js';
+import { isAdmin as isAdminFn } from '../security.js';
+const service = restana();
+
+const listingsRouter = service.newRouter();
+
+listingsRouter.get('/table', async (req, res) => {
+  const { page, pageSize = 50, filter, sortfield = null, sortdir = 'asc' } = req.query || {};
+
+  const result = listingStorage.queryListings({
+    page: page ? parseInt(page, 10) : 1,
+    pageSize: pageSize ? parseInt(pageSize, 10) : 50,
+    filter: filter || undefined,
+    sortField: sortfield || null,
+    sortDir: sortdir === 'desc' ? 'desc' : 'asc',
+    userId: req.session.currentUser,
+    isAdmin: isAdminFn(req),
+  });
+  res.body = result;
+  res.send();
+});
+export { listingsRouter };

lib/services/storage/listingsStorage.js

@@ -166,3 +166,88 @@ export const storeListings = (jobId, providerId, listings) => {
     return str.replace(/\s*\([^)]*\)/g, '');
   }
 };
+
+/**
+ * Query listings with pagination, filtering and sorting.
+ *
+ * @param {Object} params
+ * @param {number} [params.pageSize=50]
+ * @param {number} [params.page=1]
+ * @param {string} [params.filter]
+ * @param {string|null} [params.sortField=null] - One of: 'created_at','price','size','provider','title'.
+ * @param {('asc'|'desc')} [params.sortDir='asc']
+ * @param {string} [params.userId] - Current user id used to scope listings (ignored for admins).
+ * @param {boolean} [params.isAdmin=false] - When true, returns all listings.
+ * @returns {{ totalNumber:number, page:number, result:Object[] }}
+ */
+export const queryListings = ({
+  pageSize = 50,
+  page = 1,
+  filter,
+  sortField = null,
+  sortDir = 'asc',
+  userId = null,
+  isAdmin = false,
+} = {}) => {
+  // sanitize inputs
+  const safePageSize = Number.isFinite(pageSize) && pageSize > 0 ? Math.min(500, Math.floor(pageSize)) : 50;
+  const safePage = Number.isFinite(page) && page > 0 ? Math.floor(page) : 1;
+  const offset = (safePage - 1) * safePageSize;
+
+  // build WHERE filter across common text columns
+  const whereParts = [];
+  const params = { limit: safePageSize, offset };
+  // user scoping (non-admin only): restrict to listings whose job belongs to user
+  if (!isAdmin) {
+    params.userId = userId || '__NO_USER__';
+    whereParts.push(`(j.user_id = @userId)`);
+  }
+  if (filter && String(filter).trim().length > 0) {
+    params.filter = `%${String(filter).trim()}%`;
+    whereParts.push(`(title LIKE @filter OR address LIKE @filter OR provider LIKE @filter OR link LIKE @filter)`);
+  }
+  const whereSql = whereParts.length ? `WHERE ${whereParts.join(' AND ')}` : '';
+  const whereSqlWithAlias = whereSql
+    .replace(/\btitle\b/g, 'l.title')
+    .replace(/\bdescription\b/g, 'l.description')
+    .replace(/\baddress\b/g, 'l.address')
+    .replace(/\bprovider\b/g, 'l.provider')
+    .replace(/\blink\b/g, 'l.link')
+    .replace(/\bj\.user_id\b/g, 'j.user_id');
+
+  // whitelist sortable fields to avoid SQL injection
+  const sortable = new Set(['created_at', 'price', 'size', 'provider', 'title', 'job_name', 'is_active']);
+  const safeSortField = sortField && sortable.has(sortField) ? sortField : null;
+  const safeSortDir = String(sortDir).toLowerCase() === 'desc' ? 'DESC' : 'ASC';
+  const orderSql = safeSortField ? `ORDER BY ${safeSortField} ${safeSortDir}` : 'ORDER BY created_at DESC';
+  const orderSqlWithAlias = orderSql
+    .replace(/\bcreated_at\b/g, 'l.created_at')
+    .replace(/\bprice\b/g, 'l.price')
+    .replace(/\bsize\b/g, 'l.size')
+    .replace(/\bprovider\b/g, 'l.provider')
+    .replace(/\btitle\b/g, 'l.title')
+    .replace(/\bjob_name\b/g, 'j.name');
+
+  // count total with same WHERE
+  const countRow = SqliteConnection.query(
+    `SELECT COUNT(1) as cnt
+     FROM listings l
+     LEFT JOIN jobs j ON j.id = l.job_id
+     ${whereSqlWithAlias}`,
+    params,
+  );
+  const totalNumber = countRow?.[0]?.cnt ?? 0;
+
+  // fetch page
+  const rows = SqliteConnection.query(
+    `SELECT l.*, j.name AS job_name
+     FROM listings l
+     LEFT JOIN jobs j ON j.id = l.job_id
+     ${whereSqlWithAlias}
+     ${orderSqlWithAlias}
+     LIMIT @limit OFFSET @offset`,
+    params,
+  );
+
+  return { totalNumber, page: safePage, result: rows };
+};