Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(core,build): add sanitizer and parameterizer
- passing context to filter runner - add santizier filter builder and runner - add TemplateInput class to control parameterize logics - update req runner to inject parameterizers
- Loading branch information
1 parent
390df54
commit 0bbedc7
Showing
20 changed files
with
266 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,3 +5,5 @@ request: | |
description: constituent id | ||
validators: | ||
- required | ||
exampleParameter: | ||
id: "1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,3 +5,5 @@ request: | |
description: constituent id | ||
validators: | ||
- required | ||
exampleParameter: | ||
id: '1' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 8 additions & 2 deletions
10
packages/core/src/lib/template-engine/built-in-extensions/query-builder/executorRunner.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
packages/core/src/lib/template-engine/built-in-extensions/query-builder/parameterizer.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import { DataSource } from '@vulcan-sql/core/models'; | ||
|
||
export class Parameterizer { | ||
private parameterIndex = 1; | ||
private sealed = false; | ||
// We MUST not use pure object here because we care about the order of the keys. | ||
// https://stackoverflow.com/questions/5525795/does-javascript-guarantee-object-property-order | ||
// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map#description | ||
private idToValueMapping = new Map<string, any>(); | ||
private dataSource: DataSource; | ||
|
||
constructor(dataSource: DataSource) { | ||
this.dataSource = dataSource; | ||
} | ||
|
||
public async generateIdentifier(value: any): Promise<string> { | ||
if (this.sealed) | ||
throw new Error( | ||
`This parameterizer has been sealed, we might use the parameterizer from a wrong request scope.` | ||
); | ||
const id = await this.dataSource.prepare({ | ||
parameterIndex: this.parameterIndex++, | ||
value, | ||
}); | ||
this.idToValueMapping.set(id, value); | ||
return id; | ||
} | ||
|
||
public seal() { | ||
this.sealed = true; | ||
} | ||
|
||
public getBinding() { | ||
return this.idToValueMapping; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
78 changes: 78 additions & 0 deletions
78
packages/core/src/lib/template-engine/built-in-extensions/query-builder/sanitizerBuilder.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
import { | ||
FilterBuilder, | ||
VulcanInternalExtension, | ||
} from '@vulcan-sql/core/models'; | ||
import * as nunjucks from 'nunjucks'; | ||
import { visitChildren } from '../../extension-utils'; | ||
import { | ||
REFERENCE_SEARCH_MAX_DEPTH, | ||
SANITIZER_NAME, | ||
SANITIZE_SOURCES, | ||
} from './constants'; | ||
|
||
@VulcanInternalExtension() | ||
export class SanitizerBuilder extends FilterBuilder { | ||
public filterName = SANITIZER_NAME; | ||
public override onVisit(node: nunjucks.nodes.Node): void { | ||
if (node instanceof nunjucks.nodes.Root) this.addSanitizer(node); | ||
} | ||
|
||
private addSanitizer(node: nunjucks.nodes.Node, parentHasOutputNode = false) { | ||
visitChildren(node, (child, replace) => { | ||
if (child instanceof nunjucks.nodes.LookupVal) { | ||
const source = this.findSourceOfLookUpNode(child); | ||
if (SANITIZE_SOURCES.includes(source.value)) { | ||
const filter = new nunjucks.nodes.Filter(node.lineno, node.colno); | ||
filter.name = new nunjucks.nodes.Symbol( | ||
node.lineno, | ||
node.colno, | ||
SANITIZER_NAME | ||
); | ||
const args = new nunjucks.nodes.NodeList(node.lineno, node.colno); | ||
// The first argument is the target of the filter | ||
args.addChild(child); | ||
// The second argument indicates whether it should be parameterized, we only parameterize parameters when once of parent nodes is a Output node. | ||
const shouldBeParameterized = new nunjucks.nodes.Literal( | ||
node.lineno, | ||
node.colno, | ||
`${parentHasOutputNode || node instanceof nunjucks.nodes.Output}` | ||
); | ||
args.addChild(shouldBeParameterized); | ||
filter.args = args; | ||
replace(filter); | ||
} | ||
} else { | ||
this.addSanitizer( | ||
child, | ||
parentHasOutputNode || node instanceof nunjucks.nodes.Output | ||
); | ||
} | ||
}); | ||
} | ||
|
||
private findSourceOfLookUpNode( | ||
node: nunjucks.nodes.LookupVal | ||
): nunjucks.nodes.Symbol { | ||
let depth = 0; | ||
let source: typeof node.target = node.target; | ||
while (!(source instanceof nunjucks.nodes.Symbol)) { | ||
depth++; | ||
if (depth > REFERENCE_SEARCH_MAX_DEPTH) { | ||
throw new Error('Max depth reached'); | ||
} | ||
|
||
if (source instanceof nunjucks.nodes.LookupVal) { | ||
// LookupVal: parent.source | ||
source = source.target; | ||
} else { | ||
// FunCall: parent().source | ||
source = source.name; | ||
} | ||
|
||
if (!source) { | ||
throw new Error(`Can find the source of node ${node}`); | ||
} | ||
} | ||
return source; | ||
} | ||
} |
31 changes: 31 additions & 0 deletions
31
packages/core/src/lib/template-engine/built-in-extensions/query-builder/sanitizerRunner.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
import { | ||
FilterRunner, | ||
FilterRunnerTransformOptions, | ||
VulcanInternalExtension, | ||
} from '@vulcan-sql/core/models'; | ||
import { PARAMETERIZER_VAR_NAME, SANITIZER_NAME } from './constants'; | ||
import { TemplateInput } from './templateInput'; | ||
|
||
@VulcanInternalExtension() | ||
export class SanitizerRunner extends FilterRunner { | ||
public filterName = SANITIZER_NAME; | ||
|
||
public async transform({ | ||
value, | ||
args, | ||
context, | ||
}: FilterRunnerTransformOptions): Promise<any> { | ||
let input: TemplateInput; | ||
// Wrap the value to template input to parameterized | ||
if (value instanceof TemplateInput) input = value; | ||
else { | ||
input = new TemplateInput(value); | ||
} | ||
|
||
const parameterizer = context.lookup(PARAMETERIZER_VAR_NAME); | ||
if (!parameterizer) throw new Error(`No parameterizer found`); | ||
return args[0] === 'true' | ||
? await input.parameterize(parameterizer) | ||
: input.raw(); | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
packages/core/src/lib/template-engine/built-in-extensions/query-builder/templateInput.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
import { Parameterizer } from './parameterizer'; | ||
|
||
export class TemplateInput { | ||
private rawValue: any; | ||
|
||
constructor(rawValue: any) { | ||
this.rawValue = rawValue; | ||
} | ||
|
||
public raw() { | ||
return this.rawValue; | ||
} | ||
|
||
public parameterize(parameterizer: Parameterizer) { | ||
return parameterizer.generateIdentifier(this.rawValue); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.