Skip to content

Commit

Permalink
feat(api): Support query to select all authorized columns
Browse files Browse the repository at this point in the history
Check and replace `*` in the select query to all authorized columns separated by comma

Close #8
  • Loading branch information
YingHan-Chen committed May 21, 2020
1 parent 7faf1a0 commit c64ea68
Showing 1 changed file with 33 additions and 8 deletions.
41 changes: 33 additions & 8 deletions controller/db/select.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,8 @@ package controller
import (
"encoding/json"
"io/ioutil"

"strings"
"net/http"

"github.com/DropKit/DropKit-Adapter/constants"
"github.com/DropKit/DropKit-Adapter/logger"
"github.com/DropKit/DropKit-Adapter/package/crypto/account"
Expand All @@ -18,6 +17,25 @@ import (
"github.com/spf13/viper"
)

func chekSelectAll(sqlCommand string, columnsCanSelect []string) string {

This comment has been minimized.

Copy link
@junwei0117

junwei0117 May 21, 2020

Contributor

Is chek a typo issue?

This comment has been minimized.

Copy link
@YingHan-Chen

YingHan-Chen May 21, 2020

Author

Yes, it is a typo.

var idx int = -1;
for i, v := range sqlCommand {
if(v == '*'){
idx = i
break
}
}
if(idx == -1){
return sqlCommand
}

sqlSlice := []byte(sqlCommand[0:idx])
columnsStr := strings.Join(columnsCanSelect, ",")
sqlSlice = append(sqlSlice, []byte(columnsStr)...)
sqlSlice = append(sqlSlice, []byte(sqlCommand[idx+1:])...)
return string(sqlSlice)
}

func HandleDBSelection(w http.ResponseWriter, r *http.Request) {
body, err := ioutil.ReadAll(r.Body)
if err != nil {
Expand All @@ -39,6 +57,7 @@ func HandleDBSelection(w http.ResponseWriter, r *http.Request) {
}

sqlCommand := newStatement.Statement

callerPriavteKey := newStatement.PrivateKey
callerAddress, err := account.PrivateKeyToPublicKey(callerPriavteKey)
if err != nil {
Expand All @@ -51,12 +70,7 @@ func HandleDBSelection(w http.ResponseWriter, r *http.Request) {
services.NormalResponse(w, response.SQLResponseBadSQLStatement())
return
}

columnsNames, err := columns.GetSelectColumns(sqlCommand)
if err != nil {
services.NormalResponse(w, response.SQLResponseBadSQLStatement())
return
}


result, err := services.HasTableUserRole(callerPriavteKey, callerAddress, tableName)
if err != nil {
Expand All @@ -66,11 +80,22 @@ func HandleDBSelection(w http.ResponseWriter, r *http.Request) {

switch result {
case true:

columnsCanSelect, err := services.GetColumnsRole(callerPriavteKey, callerAddress, tableName)

if err != nil {
services.NormalResponse(w, response.ResponseInternalError())
return
}

sqlCommand = chekSelectAll(sqlCommand, columnsCanSelect)

columnsNames, err := columns.GetSelectColumns(sqlCommand)
if err != nil {
services.NormalResponse(w, response.SQLResponseBadSQLStatement())
return
}

columnsAuth := utils.CompareColumns(columnsCanSelect, columnsNames)

switch columnsAuth {
Expand Down

2 comments on commit c64ea68

@jserv
Copy link
Contributor

@jserv jserv commented on c64ea68 May 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we enforce code indention for Go programs?

@YingHan-Chen
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we enforce code indention for Go programs?

The official recommendation is formatting codes with go fmt.
go fmt sets tabs for indentation.

Please sign in to comment.