verify keys before doing anything

2024-05-23 13:52:13 +05:30 · 2024-05-23 13:52:13 +05:30 · 470893165a
commit 470893165a
parent 8b3af1adc0
2 changed files with 29 additions and 9 deletions
--- a/api.http
+++ b/api.http
@ -61,8 +61,11 @@ Content-Type: application/json
 Authorization: {{auth-token}}

 {
-  "number": "KA01HD6677",
-  "owner": "gowthaman"
+  "dateRange": ["2024-05-01", "2024-05-24"],
+  "params": {
+    "number": "KA01HD6677",
+    "owner": "gowthaman"
+  }
 }

 ### update field
--- a/src/main/kotlin/com/restapi/controllers/Entities.kt
+++ b/src/main/kotlin/com/restapi/controllers/Entities.kt
@ -95,6 +95,8 @@ object Entities {
    fun patch(ctx: Context) {
        val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id"))
        val pv = ctx.bodyAsClass<Map<String, Any>>()
+        verifyKeys(pv)
+
        pv.forEach { (key, value) ->
            e.data[key] = value;
        }
@ -107,6 +109,7 @@ object Entities {
        val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id"))

        val newData = ctx.bodyAsClass<Map<String, Any>>()
+        verifyKeys(newData)
        if (purgeExisting) {
            e.data.clear();
        }
@ -115,9 +118,16 @@ object Entities {
        e.update()
    }

+    private fun verifyKeys(newData: Map<String, Any>) {
+        newData.keys.forEach { key ->
+            if (!SafeStringDeserializer.isSafe(key)) throw IllegalArgumentException("$key is invalid from $newData  ")
+        }
+    }
+

    fun search(ctx: Context) {
        val sql = ctx.bodyAsClass<SearchParams>()
+        verifyKeys(sql.params)

        val entity = ctx.pathParam("entity")
        ctx.json(
@ -125,11 +135,14 @@ object Entities {
                .where()
                .eq("entityName", entity)
                .apply {
-                    sql.forEach { (t, u) ->
-
-                        if (!SafeStringDeserializer.isSafe(t)) {
-                            throw IllegalArgumentException()
+                    if (sql.dateRange.isNotEmpty()) {
+                        ge("createdAt", sql.dateRange.first())
+                        if (sql.dateRange.size > 1) {
+                            lt("createdAt", sql.dateRange.last().plusDays(1))
                        }
+                    }
+                    sql.params.forEach { (t, u) ->
+
                        eq("data->>'$t'", u.getValue())
                    }
                }
@ -171,6 +184,7 @@ object Entities {
            }
            this.approvalStatus = ApprovalStatus.APPROVED
        }
+        verifyKeys(dataModel.data)

        database.save(
            dataModel.apply {
@ -244,9 +258,9 @@ object Entities {

        database.save(
            AuditLog().apply {
-                auditType = AuditType.CREATE
+                this.auditType = AuditType.CREATE
                this.entity = entity
-                uniqueIdentifier = dataModel.uniqueIdentifier
+                this.uniqueIdentifier = dataModel.uniqueIdentifier
                this.data = dataModel.data
            }
        )
@ -274,7 +288,10 @@ object Entities {
    }
 }

-typealias SearchParams = Map<String, QueryParam>
+data class SearchParams(
+    val params: Map<String, QueryParam> = mapOf(),
+    val dateRange: List<LocalDate> = emptyList()
+)

 data class SequenceNumber(val number: String)