Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP GET API Filter wonkiness #7167

Closed
Windyo opened this issue Aug 1, 2016 · 4 comments
Closed

HTTP GET API Filter wonkiness #7167

Windyo opened this issue Aug 1, 2016 · 4 comments

Comments

@Windyo
Copy link

Windyo commented Aug 1, 2016

Issue Summary

Making requests containing filters to the API endpoints via HTTP GET sometimes return strange things.

Steps to Reproduce

  1. Requesting $BlogAdress/ghost/api/v0.1/posts/?filter=(status:draft)
    returns the expected list of drafts.
  2. Requesting $BlogAdress/ghost/api/v0.1/posts/?filter=(author_id=2)
    returns the expected list of posts by an author.
  3. Requestion $BlogAdress/ghost/api/v0.1/posts/?filter=(status:draft,author_id=2)
    returns a seemingly random list of posts.

Additional information

  1. Using the + operator between filters returns a validation error : expected AND, RPAREN, RBRACKET, got PROP.
    Injecting the request using Firefox "edit and send" from the request does not return a validation error with "+", but instead returns a list of posts which do not respect the filters given.
  2. I'm having the same problem adding limit=all before the filter ($BlogAdress/ghost/api/v0.1/posts/?limit=all&filter=(status:draft,author_id=2) where the list of returned posts do not resepect the filters.

Technical details:

For the sake of completeness, the full request emitted :
curl --header "Authorization: Bearer $BearerToken" $BlogAdress/ghost/api/v0.1/posts/?filter=\(status:draft,author_id=2\)

  • Ghost Version: 0.9.0
  • Node Version: 2.14.7
  • Browser/OS: all tested.
  • Database: sqlite3
@kirrg001
Copy link
Contributor

kirrg001 commented Aug 6, 2016

Hey @Windyo Sorry to hear you're having trouble.
You need to urlencode your GET query parameters. (filters=urlencode(status:draft+author_id=2)
A , represents or in GQL. You can read more here: #5604

Would you mind swinging by our slack channel? We can provide better support there for this 😄 If it is actually a bug with Ghost we can reopen this.

@kirrg001 kirrg001 closed this as completed Aug 6, 2016
@Windyo
Copy link
Author

Windyo commented Aug 7, 2016

Hi @kirrg001,

I thoroughly read #5604 before posting, but thank you for the link.

When I say the returned post have no relation to the queried list, I mean the command list in the "Technical Details" section actually returns a list of posts which included posts in status published by author id 1, which has no relation to the query made, even considering a , signifies or. For reference, the requested query was "posts that are drafts or made by author id 2"

Same problem with the query listed in subsection "steps to reproduce", item 3.

Concerning the URLEncode, I modified the request to the following:

curl --trace-ascii trace.txt --header "Authorization: Bearer $BearerToken"  $BlogAdress/ghost/api/v0.1/posts/ -X GET --data-urlencode "filter=(status:draft+author_id=2)" 

but I still get the same
"Query Error: unexpected character in filter at char 14\n(status:draft+author_id=2)\n--------------^\nExpecting 'LPAREN', 'PROP', got 'LITERAL'","errorType":"ValidationError"

It's also worth noting that injecting the request using Firefox "edit and send" from the request does not return a validation error with "+", but instead returns a list of posts which do not respect the filters given.

I am frequently on your Slack channel, send me a line when you're online :)

Have a nice week-end,

@ErisDS
Copy link
Member

ErisDS commented Aug 8, 2016

Hey @Windyo, the lexer & parser behind filters are one of the main reasons why the Public API are still in beta 😉

The error you're getting is:

Query Error: unexpected character in filter at char 14
(status:draft+author_id=2)
--------------^
Expecting 'LPAREN', 'PROP', got 'LITERAL'","errorType":"ValidationError

In this case the error is in the wrong place, but it's because you have an = instead of a :.

Also please note the () is a group - the same as in SQL, which can be used for grouping filter statements together so that it is possible to express a full set of and/or logic. E.g. status:published+(image:-null,featured:true) means where status is published and there is either an image or a featured flag. Wrapping every filter in () is passing through the lexer as valid syntax but I wouldn't be surprised if the parser is not able to make sense of what you're asking & convert it to the expected query.

@Windyo
Copy link
Author

Windyo commented Aug 8, 2016

Hey @ErisDS ! Yeah I figured that what I was doing was unsupported at the moment, but I thought that documenting the pitholes I found in the process could be useful.

I edited the query after your comment and the validation error disappeared :)

However passing the filters as data (urlencoded or not) fails in cURL, which means the working query is

curl --trace-ascii trace.txt --header "Authorization: Bearer $BearerToken"  $BlogAdress/ghost/api/v0.1/posts/?filter=author_id:1%2Bstatus:draft

for anyone looking to do the same thing. The data-url-encoded failing part is probably on the cURL side of things.

On another note, the server responds positively with a full list of posts if the query is malformed, which is why I thought it threw a random list of posts.
For example using "filters" instead of "filter" should probably throw an error, as should any unsupported argument in the query.

And thanks! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants