gowthaman/readymixerp_modules_api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

verify keys before doing anything

Browse Source
This commit is contained in:
gowthaman 2024-05-23 13:52:13 +05:30
parent 8b3af1adc0
commit 470893165a
2 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api.http
View File

@ -61,9 +61,12 @@ Content-Type: application/json
Authorization: {{auth-token}} Authorization: {{auth-token}}
{ {
"dateRange": ["2024-05-01", "2024-05-24"],
"params": {
"number": "KA01HD6677", "number": "KA01HD6677",
"owner": "gowthaman" "owner": "gowthaman"
} }
}
### update field ### update field
PATCH http://localhost:9001/api/vehicle/KA01HD6667 PATCH http://localhost:9001/api/vehicle/KA01HD6667

31
src/main/kotlin/com/restapi/controllers/Entities.kt
View File

@ -95,6 +95,8 @@ object Entities {
fun patch(ctx: Context) { fun patch(ctx: Context) {
val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id")) val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id"))
val pv = ctx.bodyAsClass<Map<String, Any>>() val pv = ctx.bodyAsClass<Map<String, Any>>()
verifyKeys(pv)
pv.forEach { (key, value) -> pv.forEach { (key, value) ->
e.data[key] = value; e.data[key] = value;
} }
@ -107,6 +109,7 @@ object Entities {
val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id")) val e = database.findDataModelByEntityAndUniqId(ctx.pathParam("entity"), ctx.pathParam("id"))
val newData = ctx.bodyAsClass<Map<String, Any>>() val newData = ctx.bodyAsClass<Map<String, Any>>()
verifyKeys(newData)
if (purgeExisting) { if (purgeExisting) {
e.data.clear(); e.data.clear();
} }
@ -115,9 +118,16 @@ object Entities {
e.update() e.update()
} }
private fun verifyKeys(newData: Map<String, Any>) {
newData.keys.forEach { key ->
if (!SafeStringDeserializer.isSafe(key)) throw IllegalArgumentException("$key is invalid from $newData ")
}
}
fun search(ctx: Context) { fun search(ctx: Context) {
val sql = ctx.bodyAsClass<SearchParams>() val sql = ctx.bodyAsClass<SearchParams>()
verifyKeys(sql.params)
val entity = ctx.pathParam("entity") val entity = ctx.pathParam("entity")
ctx.json( ctx.json(
@ -125,11 +135,14 @@ object Entities {
.where() .where()
.eq("entityName", entity) .eq("entityName", entity)
.apply { .apply {
sql.forEach { (t, u) -> if (sql.dateRange.isNotEmpty()) {
ge("createdAt", sql.dateRange.first())
if (!SafeStringDeserializer.isSafe(t)) { if (sql.dateRange.size > 1) {
throw IllegalArgumentException() lt("createdAt", sql.dateRange.last().plusDays(1))
} }
}
sql.params.forEach { (t, u) ->
eq("data->>'$t'", u.getValue()) eq("data->>'$t'", u.getValue())
} }
} }
@ -171,6 +184,7 @@ object Entities {
} }
this.approvalStatus = ApprovalStatus.APPROVED this.approvalStatus = ApprovalStatus.APPROVED
} }
verifyKeys(dataModel.data)
database.save( database.save(
dataModel.apply { dataModel.apply {
@ -244,9 +258,9 @@ object Entities {
database.save( database.save(
AuditLog().apply { AuditLog().apply {
auditType = AuditType.CREATE this.auditType = AuditType.CREATE
this.entity = entity this.entity = entity
uniqueIdentifier = dataModel.uniqueIdentifier this.uniqueIdentifier = dataModel.uniqueIdentifier
this.data = dataModel.data this.data = dataModel.data
} }
) )
@ -274,7 +288,10 @@ object Entities {
} }
} }
typealias SearchParams = Map<String, QueryParam> data class SearchParams(
val params: Map<String, QueryParam> = mapOf(),
val dateRange: List<LocalDate> = emptyList()
)
data class SequenceNumber(val number: String) data class SequenceNumber(val number: String)