filipriec/komp_ac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

table definitions are now forbidden for user to allocated rust autoallocated table columns

Browse Source
This commit is contained in:
filipriec
2025-06-03 18:46:57 +02:00
parent 6b5cbe854b
commit 9540d9ccb9
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/src/table_definition/handlers/post_table_definition.rs
View File

@@ -45,6 +45,13 @@ fn map_field_type(field_type: &str) -> Result<&str, Status> {
.ok_or_else(|| Status::invalid_argument(format!("Invalid field type: {}", field_type))) .ok_or_else(|| Status::invalid_argument(format!("Invalid field type: {}", field_type)))
} }
fn is_invalid_table_name(table_name: &str) -> bool {
table_name.ends_with("_id") ||
table_name == "id" ||
table_name == "deleted" ||
table_name == "created_at"
}
pub async fn post_table_definition( pub async fn post_table_definition(
db_pool: &PgPool, db_pool: &PgPool,
request: PostTableDefinitionRequest, request: PostTableDefinitionRequest,
@@ -55,6 +62,13 @@ pub async fn post_table_definition(
.trim_matches('_') .trim_matches('_')
.to_lowercase(); .to_lowercase();
// New validation check
if is_invalid_table_name(&user_part_cleaned) {
return Err(Status::invalid_argument(
"Table name cannot be 'id', 'deleted', 'created_at' or end with '_id'"
));
}
if !user_part_cleaned.is_empty() && !is_valid_identifier(&user_part_cleaned) { if !user_part_cleaned.is_empty() && !is_valid_identifier(&user_part_cleaned) {
return Err(Status::invalid_argument("Invalid table name")); return Err(Status::invalid_argument("Invalid table name"));
} else if user_part_cleaned.is_empty() { } else if user_part_cleaned.is_empty() {