update param keys

dbrest-io · Jan 2, 2023 · 6096d33 · 6096d33
1 parent b692722
commit 6096d33
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 36 deletions.
diff --git a/dbrest_cli.go b/dbrest_cli.go
@@ -287,6 +287,11 @@ func tokens(c *g.CliSC) (ok bool, err error) {
 		}
 		println(T.Render())
 	case "roles":
+		err = state.LoadRoles(true)
+		if err != nil {
+			return true, g.Error(err, "could not load roles")
+		}
+
 		columns := iop.Columns{
 			{Name: "Role", Type: iop.StringType},
 			{Name: "Connection", Type: iop.StringType},

diff --git a/server/request.go b/server/request.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/dbrest-io/dbrest/state"
+	"github.com/flarco/dbio/connection"
 	"github.com/flarco/dbio/database"
 	"github.com/flarco/dbio/filesys"
 	"github.com/flarco/dbio/iop"
@@ -27,11 +28,12 @@ type Request struct {
 	Procedure  string `json:"procedure" query:"procedure"`
 	Data       any    `json:"data" query:"data"`
 
-	Header      http.Header       `json:"-" query:"-"`
-	dbTable     database.Table    `json:"-" query:"-"`
-	Roles       state.RoleMap     `json:"-" query:"-"`
-	Permissions state.Permissions `json:"-" query:"-"`
-	echoCtx     echo.Context      `json:"-" query:"-"`
+	conn        connection.Connection `json:"-" query:"-"`
+	Header      http.Header           `json:"-" query:"-"`
+	dbTable     database.Table        `json:"-" query:"-"`
+	Roles       state.RoleMap         `json:"-" query:"-"`
+	Permissions state.Permissions     `json:"-" query:"-"`
+	echoCtx     echo.Context          `json:"-" query:"-"`
 }
 
 func NewRequest(c echo.Context) Request {
@@ -54,13 +56,12 @@ func NewRequest(c echo.Context) Request {
 	req.ID = lo.Ternary(req.ID == "", c.QueryParam("id"), req.ID)
 	req.Schema = lo.Ternary(req.Schema == "", c.QueryParam("schema"), req.Schema)
 
-	// load tokens, do not force, cached & throttled
-	state.LoadTokens(false)
-
 	// token -> roles -> grants
+	state.LoadTokens(false) // load tokens, do not force, cached & throttled
 	if authToken := c.Request().Header.Get("Authorization"); authToken != "" {
 		token, ok := state.ResolveToken(authToken)
 		if ok && !token.Disabled {
+			state.LoadRoles(false) // load roles, do not force, cached & throttled
 			req.Roles = state.GetRoleMap(token.Roles)
 			req.Permissions = req.Roles.GetPermissions(req.Connection)
 		}
@@ -80,6 +81,7 @@ func NewRequest(c echo.Context) Request {
 			req.Schema = t.Schema
 		}
 	}
+	req.conn = conn
 
 	return req
 }

diff --git a/server/routes.go b/server/routes.go
@@ -3,6 +3,8 @@ package server
 import (
 	"net/http"
 
+	"github.com/dbrest-io/dbrest/state"
+	"github.com/flarco/g"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/labstack/echo/v5"
 )
@@ -120,4 +122,7 @@ var standardRoutes = []echo.Route{
 	},
 }
 
-func getStatus(c echo.Context) (err error) { return c.String(http.StatusOK, "OK") }
+func getStatus(c echo.Context) (err error) {
+	out := g.F("dbREST %s", state.Version)
+	return c.String(http.StatusOK, out)
+}
diff --git a/server/routes_table.go b/server/routes_table.go
@@ -49,9 +49,31 @@ func getTableSelect(c echo.Context) (err error) {
 		var preOptions, postOptions string
 
 		// TODO: parse fields to ensure no SQL injection
-		fields := strings.Split(req.echoCtx.QueryParam("fields"), ",")
-		limit := cast.ToInt(req.echoCtx.QueryParam("limit"))
-		limit = lo.Ternary(limit == 0, 100, limit) // default to 100
+		var fields []string
+		var limit int
+		whereMap := map[string]string{}
+
+		for k, v := range req.echoCtx.QueryParams() {
+			switch k {
+			case ".columns":
+				fields = strings.Split(v[0], ",")
+			case ".limit":
+				limit = cast.ToInt(v[0])
+				limit = lo.Ternary(limit == 0, 100, limit)
+			default:
+				whereMap[k] = v[0]
+			}
+		}
+
+		makeWhere := func() (ws string) {
+			arr := []string{}
+			for k, v := range whereMap {
+				expr := g.F("%s=%s", k, v)
+				arr = append(arr, expr)
+			}
+			// TODO: SQL Injection is possible, need to use bind vars
+			return strings.Join(arr, " and ")
+		}
 
 		if limit > 0 { // For unlimited, specify -1
 			switch conn.Type {
@@ -66,11 +88,13 @@ func getTableSelect(c echo.Context) (err error) {
 		}
 
 		noFields := len(fields) == 0 || (len(fields) == 1 && fields[0] == "")
+		noWhere := len(whereMap) == 0
 
 		req.Query = g.R(
-			"select{preOptions} {fields} from {table}{postOptions}",
+			"select{preOptions} {fields} from {table} where {where} {postOptions}",
 			"fields", lo.Ternary(noFields, "*", strings.Join(fields, ", ")),
 			"table", req.dbTable.FullName(),
+			"where", lo.Ternary(noWhere, "1=1", makeWhere()),
 			"preOptions", lo.Ternary(preOptions != "", " "+preOptions, ""),
 			"postOptions", lo.Ternary(postOptions != "", " "+postOptions, ""),
 		)
@@ -134,8 +158,7 @@ func postTableInsert(c echo.Context) (err error) {
 
 	rf := func(c database.Connection, req Request) (data iop.Dataset, err error) {
 
-		bulk := req.echoCtx.QueryParam("bulk")
-		strategy := req.echoCtx.QueryParam("strategy")
+		bulk := req.echoCtx.QueryParam(".bulk")
 
 		ds, err := req.GetDatastream()
 		if err != nil {
@@ -160,15 +183,10 @@ func postTableInsert(c echo.Context) (err error) {
 			return
 		}
 
-		var count uint64
-		if strategy == "upsert" {
-			// TODO: add c.UpsertBatchStream
-		} else {
-			count, err = c.InsertBatchStream(req.dbTable.FullName(), ds)
-			if err != nil {
-				err = g.Error(err, "could not insert into table")
-				return
-			}
+		count, err := c.InsertBatchStream(req.dbTable.FullName(), ds)
+		if err != nil {
+			err = g.Error(err, "could not insert into table")
+			return
 		}
 
 		err = c.Commit()
@@ -207,7 +225,6 @@ func postTableUpsert(c echo.Context) (err error) {
 	rf := func(c database.Connection, req Request) (data iop.Dataset, err error) {
 
 		bulk := req.echoCtx.QueryParam("bulk")
-		strategy := req.echoCtx.QueryParam("strategy")
 
 		ds, err := req.GetDatastream()
 		if err != nil {
@@ -232,15 +249,11 @@ func postTableUpsert(c echo.Context) (err error) {
 			return
 		}
 
-		var count uint64
-		if strategy == "upsert" {
-			// TODO: add c.UpsertBatchStream
-		} else {
-			count, err = c.InsertBatchStream(req.dbTable.FullName(), ds)
-			if err != nil {
-				err = g.Error(err, "could not insert into table")
-				return
-			}
+		// TODO: add c.UpsertBatchStream
+		count, err := c.InsertBatchStream(req.dbTable.FullName(), ds)
+		if err != nil {
+			err = g.Error(err, "could not insert into table")
+			return
 		}
 
 		err = c.Commit()
@@ -303,8 +316,12 @@ func patchTableUpdate(c echo.Context) (err error) {
 			return
 		}
 
-		var count uint64
 		// TODO: add c.UpdateBatchStream
+		count, err := c.InsertBatchStream(req.dbTable.FullName(), ds)
+		if err != nil {
+			err = g.Error(err, "could not insert into table")
+			return
+		}
 
 		err = c.Commit()
 		if err != nil {

diff --git a/server/server_test.go b/server/server_test.go
@@ -89,7 +89,7 @@ func TestServer(t *testing.T) {
 			resp, respBytes, err := net.ClientDo(route.Method, url, nil, headers)
 			assert.NoError(t, err, msg)
 			assert.Less(t, resp.StatusCode, 300, msg)
-			assert.Equal(t, "OK", string(respBytes), msg)
+			assert.Equal(t, "dbREST dev", string(respBytes), msg)
 		case "getConnections", "getConnectionDatabases", "getConnectionSchemas", "getConnectionTables", "getConnectionColumns", "getSchemaTables", "getSchemaColumns", "getTableColumns", "getTableSelect", "getTableKeys":
 			resp, respBytes, err := net.ClientDo(route.Method, url, nil, headers)
 			g.Unmarshal(string(respBytes), &respArr)