From 470893165a1cea5ae36cb56163aabf352e85cde3 Mon Sep 17 00:00:00 2001
From: gowthaman <gowthaman.b@m2pfintech.com>
Date: Thu, 23 May 2024 13:52:13 +0530
Subject: [PATCH] verify keys before doing anything

---
 api.http                                      |  7 +++--
 .../com/restapi/controllers/Entities.kt       | 31 ++++++++++++++-----
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/api.http b/api.http
index 1e6a02c..aa3ebcb 100644
--- a/api.http
+++ b/api.http
@@ -61,8 +61,11 @@ Content-Type: application/json
 Authorization: {{auth-token}}
 
 {
-  "number": "KA01HD6677",
-  "owner": "gowthaman"
+  "dateRange": ["2024-05-01", "2024-05-24"],
+  "params": {
+    "number": "KA01HD6677",
+    "owner": "gowthaman"
+  }
 }
 
 ### update field
diff --git a/src/main/kotlin/com/restapi/controllers/Entities.kt b/src/main/kotlin/com/restapi/controllers/Entities.kt
index ecb57d5..b78972e 100644
--- a/src/main/kotlin/com/restapi/controllers/Entities.kt
+++ b/src/main/kotlin/com/restapi/controllers/Entities.kt
@@ -95,6 +95,8 @@ object Entities {
     fun patch(ctx: Context) {
         val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id"))
         val pv = ctx.bodyAsClass<Map<String, Any>>()
+        verifyKeys(pv)
+
         pv.forEach { (key, value) ->
             e.data[key] = value;
         }
@@ -107,6 +109,7 @@ object Entities {
         val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id"))
 
         val newData = ctx.bodyAsClass<Map<String, Any>>()
+        verifyKeys(newData)
         if (purgeExisting) {
             e.data.clear();
         }
@@ -115,9 +118,16 @@ object Entities {
         e.update()
     }
 
+    private fun verifyKeys(newData: Map<String, Any>) {
+        newData.keys.forEach { key ->
+            if (!SafeStringDeserializer.isSafe(key)) throw IllegalArgumentException("$key is invalid from $newData  ")
+        }
+    }
+
 
     fun search(ctx: Context) {
         val sql = ctx.bodyAsClass<SearchParams>()
+        verifyKeys(sql.params)
 
         val entity = ctx.pathParam("entity")
         ctx.json(
@@ -125,11 +135,14 @@ object Entities {
                 .where()
                 .eq("entityName", entity)
                 .apply {
-                    sql.forEach { (t, u) ->
-
-                        if (!SafeStringDeserializer.isSafe(t)) {
-                            throw IllegalArgumentException()
+                    if (sql.dateRange.isNotEmpty()) {
+                        ge("createdAt", sql.dateRange.first())
+                        if (sql.dateRange.size > 1) {
+                            lt("createdAt", sql.dateRange.last().plusDays(1))
                         }
+                    }
+                    sql.params.forEach { (t, u) ->
+
                         eq("data->>'$t'", u.getValue())
                     }
                 }
@@ -171,6 +184,7 @@ object Entities {
             }
             this.approvalStatus = ApprovalStatus.APPROVED
         }
+        verifyKeys(dataModel.data)
 
         database.save(
             dataModel.apply {
@@ -244,9 +258,9 @@ object Entities {
 
         database.save(
             AuditLog().apply {
-                auditType = AuditType.CREATE
+                this.auditType = AuditType.CREATE
                 this.entity = entity
-                uniqueIdentifier = dataModel.uniqueIdentifier
+                this.uniqueIdentifier = dataModel.uniqueIdentifier
                 this.data = dataModel.data
             }
         )
@@ -274,7 +288,10 @@ object Entities {
     }
 }
 
-typealias SearchParams = Map<String, QueryParam>
+data class SearchParams(
+    val params: Map<String, QueryParam> = mapOf(),
+    val dateRange: List<LocalDate> = emptyList()
+)
 
 data class SequenceNumber(val number: String)