wdevs/ResolveSpec
3
0
Fork 0
mirror of https://github.com/bitechdev/ResolveSpec.git synced 2026-01-27 04:54:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(sql): Enhance SQL clause handling with parentheses

Browse Source 
* Add EnsureOuterParentheses function to wrap clauses in parentheses.
* Implement logic to preserve outer parentheses for OR conditions.
* Update SanitizeWhereClause to utilize new function for better query safety.
* Introduce tests for EnsureOuterParentheses and containsTopLevelOR functions.
* Refactor filter application in handler to group OR filters correctly.
This commit is contained in:
Hein
2026-01-26 09:14:17 +02:00
parent c12c045db1
commit 09f2256899
4 changed files with 420 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/resolvespec/handler.go
View File

@@ -318,6 +318,8 @@ func (h *Handler) handleRead(ctx context.Context, w common.ResponseWriter, id st
if cursorFilter != "" {
logger.Debug("Applying cursor filter: %s", cursorFilter)
sanitizedCursor := common.SanitizeWhereClause(cursorFilter, reflection.ExtractTableNameOnly(tableName), &options)
// Ensure outer parentheses to prevent OR logic from escaping
sanitizedCursor = common.EnsureOuterParentheses(sanitizedCursor)
if sanitizedCursor != "" {
query = query.Where(sanitizedCursor)
}
@@ -1656,6 +1658,8 @@ func (h *Handler) applyPreloads(model interface{}, query common.SelectQuery, pre
// Build RequestOptions with all preloads to allow references to sibling relations
preloadOpts := &common.RequestOptions{Preload: preloads}
sanitizedWhere := common.SanitizeWhereClause(preload.Where, reflection.ExtractTableNameOnly(preload.Relation), preloadOpts)
// Ensure outer parentheses to prevent OR logic from escaping
sanitizedWhere = common.EnsureOuterParentheses(sanitizedWhere)
if len(sanitizedWhere) > 0 {
sq = sq.Where(sanitizedWhere)
}