filipriec/komp_ac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87b9f6ab8779550c2304038e942b500bfe2680ef
komp_ac/server/src/table_definition/handlers/post_table_definition.rs
filipriec 87b9f6ab87 more fixes
2025-06-21 21:43:39 +02:00

398 lines
13 KiB
Rust
Raw Blame History

// src/table_definition/handlers/post_table_definition.rs
use tonic::Status;
use sqlx::{PgPool, Transaction, Postgres};
use serde_json::json;
use common::proto::multieko2::table_definition::{PostTableDefinitionRequest, TableDefinitionResponse};
const PREDEFINED_FIELD_TYPES: &[(&str, &str)] = &[
("text", "TEXT"),
("string", "TEXT"),
("boolean", "BOOLEAN"),
("timestamp", "TIMESTAMPTZ"),
("time", "TIMESTAMPTZ"),
("money", "NUMERIC(14, 4)"),
("integer", "INTEGER"),
("date", "DATE"),
];
fn is_valid_identifier(s: &str) -> bool {
!s.is_empty() &&
s.chars().all(|c| c.is_ascii_alphanumeric() || c == '_') &&
!s.starts_with('_') &&
!s.chars().next().unwrap().is_ascii_digit()
}
fn sanitize_table_name(s: &str) -> String {
s.replace(|c: char| !c.is_ascii_alphanumeric() && c != '_', "")
.trim()
.to_lowercase()
}
fn sanitize_identifier(s: &str) -> String {
s.replace(|c: char| !c.is_ascii_alphanumeric() && c != '_', "")
.trim()
.to_lowercase()
}
fn map_field_type(field_type: &str) -> Result<String, Status> {
let lower_field_type = field_type.to_lowercase();
// Special handling for "decimal(precision, scale)"
if lower_field_type.starts_with("decimal(") && lower_field_type.ends_with(')') {
// Extract the part inside the parentheses, e.g., "10, 2"
let args = lower_field_type
.strip_prefix("decimal(")
.and_then(|s| s.strip_suffix(')'))
.unwrap_or(""); // Should always succeed due to the checks above
// Split into precision and scale parts
if let Some((p_str, s_str)) = args.split_once(',') {
// Parse precision, returning an error if it's not a valid number
let precision = p_str.trim().parse::<u32>().map_err(|_| {
Status::invalid_argument("Invalid precision in decimal type")
})?;
// Parse scale, returning an error if it's not a valid number
let scale = s_str.trim().parse::<u32>().map_err(|_| {
Status::invalid_argument("Invalid scale in decimal type")
})?;
// Add validation based on PostgreSQL rules
if precision < 1 {
return Err(Status::invalid_argument("Precision must be at least 1"));
}
if scale > precision {
return Err(Status::invalid_argument(
"Scale cannot be greater than precision",
));
}
// If everything is valid, build and return the NUMERIC type string
return Ok(format!("NUMERIC({}, {})", precision, scale));
} else {
// The format was wrong, e.g., "decimal(10)" or "decimal()"
return Err(Status::invalid_argument(
"Invalid decimal format. Expected: decimal(precision, scale)",
));
}
}
// If not a decimal, fall back to the predefined list
PREDEFINED_FIELD_TYPES
.iter()
.find(|(key, _)| *key == lower_field_type.as_str())
.map(|(_, sql_type)| sql_type.to_string()) // Convert to an owned String
.ok_or_else(|| {
Status::invalid_argument(format!(
"Invalid field type: {}",
field_type
))
})
}
fn is_invalid_table_name(table_name: &str) -> bool {
table_name.ends_with("_id") ||
table_name == "id" ||
table_name == "deleted" ||
table_name == "created_at"
}
fn is_reserved_schema(schema_name: &str) -> bool {
let lower = schema_name.to_lowercase();
lower == "public" ||
lower == "information_schema" ||
lower.starts_with("pg_")
}
pub async fn post_table_definition(
db_pool: &PgPool,
request: PostTableDefinitionRequest,
) -> Result<TableDefinitionResponse, Status> {
if request.profile_name.trim().is_empty() {
return Err(Status::invalid_argument("Profile name cannot be empty"));
}
// Apply same sanitization rules as table names
let sanitized_profile_name = sanitize_identifier(&request.profile_name);
// Add validation to prevent reserved schemas
if is_reserved_schema(&sanitized_profile_name) {
return Err(Status::invalid_argument("Profile name is reserved and cannot be used"));
}
if !is_valid_identifier(&sanitized_profile_name) {
return Err(Status::invalid_argument("Invalid profile name"));
}
const MAX_IDENTIFIER_LENGTH: usize = 63;
if sanitized_profile_name.len() > MAX_IDENTIFIER_LENGTH {
return Err(Status::invalid_argument(format!(
"Profile name '{}' exceeds the {} character limit.",
sanitized_profile_name,
MAX_IDENTIFIER_LENGTH
)));
}
let base_name = sanitize_table_name(&request.table_name);
if base_name.len() > MAX_IDENTIFIER_LENGTH {
return Err(Status::invalid_argument(format!(
"Identifier '{}' exceeds the {} character limit.",
base_name,
MAX_IDENTIFIER_LENGTH
)));
}
let user_part_cleaned = request.table_name
.replace(|c: char| !c.is_ascii_alphanumeric() && c != '_', "")
.trim_matches('_')
.to_lowercase();
// New validation check
if is_invalid_table_name(&user_part_cleaned) {
return Err(Status::invalid_argument(
"Table name cannot be 'id', 'deleted', 'created_at' or end with '_id'"
));
}
if !user_part_cleaned.is_empty() && !is_valid_identifier(&user_part_cleaned) {
return Err(Status::invalid_argument("Invalid table name"));
} else if user_part_cleaned.is_empty() {
return Err(Status::invalid_argument("Table name cannot be empty"));
}
let mut tx = db_pool.begin().await
.map_err(|e| Status::internal(format!("Failed to start transaction: {}", e)))?;
match execute_table_definition(&mut tx, request, base_name, sanitized_profile_name).await {
Ok(response) => {
tx.commit().await
.map_err(|e| Status::internal(format!("Failed to commit transaction: {}", e)))?;
Ok(response)
},
Err(e) => {
let _ = tx.rollback().await;
Err(e)
}
}
}
async fn execute_table_definition(
tx: &mut Transaction<'_, Postgres>,
mut request: PostTableDefinitionRequest,
table_name: String,
profile_name: String,
) -> Result<TableDefinitionResponse, Status> {
// CHANGED: Use schemas table instead of profiles table
let schema = sqlx::query!(
"INSERT INTO schemas (name) VALUES ($1)
ON CONFLICT (name) DO UPDATE SET name = EXCLUDED.name
RETURNING id",
request.profile_name
)
.fetch_one(&mut **tx)
.await
.map_err(|e| Status::internal(format!("Schema error: {}", e)))?;
// Create PostgreSQL schema if it doesn't exist
let create_schema_sql = format!("CREATE SCHEMA IF NOT EXISTS \"{}\"", profile_name);
sqlx::query(&create_schema_sql)
.execute(&mut **tx)
.await
.map_err(|e| Status::internal(format!("Schema creation failed: {}", e)))?;
let mut links = Vec::new();
let mut seen_tables = std::collections::HashSet::new();
for link in request.links.drain(..) {
// Check for duplicate link
if !seen_tables.insert(link.linked_table_name.clone()) {
return Err(Status::invalid_argument(format!(
"Duplicate link to table '{}'",
link.linked_table_name
)));
}
let linked_table = sqlx::query!(
"SELECT id FROM table_definitions
WHERE schema_id = $1 AND table_name = $2",
schema.id,
link.linked_table_name
)
.fetch_optional(&mut **tx)
.await
.map_err(|e| Status::internal(format!("Linked table lookup failed: {}", e)))?;
let linked_id = linked_table.ok_or_else(||
Status::not_found(format!("Linked table {} not found", link.linked_table_name))
)?.id;
links.push((linked_id, link.required));
}
let mut columns = Vec::new();
for col_def in request.columns.drain(..) {
let col_name = sanitize_identifier(&col_def.name);
if !is_valid_identifier(&col_def.name) {
return Err(Status::invalid_argument("Invalid column name"));
}
if col_name.ends_with("_id") || col_name == "id" || col_name == "deleted" || col_name == "created_at" {
return Err(Status::invalid_argument("Column name cannot be 'id', 'deleted', 'created_at' or end with '_id'"));
}
let sql_type = map_field_type(&col_def.field_type)?;
columns.push(format!("\"{}\" {}", col_name, sql_type));
}
let mut indexes = Vec::new();
for idx in request.indexes.drain(..) {
let idx_name = sanitize_identifier(&idx);
if !is_valid_identifier(&idx) {
return Err(Status::invalid_argument(format!("Invalid index name: {}", idx)));
}
if !columns.iter().any(|c| c.starts_with(&format!("\"{}\"", idx_name))) {
return Err(Status::invalid_argument(format!("Index column {} not found", idx_name)));
}
indexes.push(idx_name);
}
let (create_sql, index_sql) = generate_table_sql(tx, &profile_name, &table_name, &columns, &indexes, &links).await?;
// CHANGED: Use schema_id instead of profile_id
let table_def = sqlx::query!(
r#"INSERT INTO table_definitions
(schema_id, table_name, columns, indexes)
VALUES ($1, $2, $3, $4)
RETURNING id"#,
schema.id,
&table_name,
json!(columns),
json!(indexes)
)
.fetch_one(&mut **tx)
.await
.map_err(|e| {
if let Some(db_err) = e.as_database_error() {
// CHANGED: Update constraint name to match new schema
if db_err.constraint() == Some("idx_table_definitions_schema_table") {
return Status::already_exists("Table already exists in this profile");
}
}
Status::internal(format!("Database error: {}", e))
})?;
for (linked_id, is_required) in links {
sqlx::query!(
"INSERT INTO table_definition_links
(source_table_id, linked_table_id, is_required)
VALUES ($1, $2, $3)",
table_def.id,
linked_id,
is_required
)
.execute(&mut **tx)
.await
.map_err(|e| Status::internal(format!("Failed to save link: {}", e)))?;
}
sqlx::query(&create_sql)
.execute(&mut **tx)
.await
.map_err(|e| Status::internal(format!("Table creation failed: {}", e)))?;
for sql in &index_sql {
sqlx::query(sql)
.execute(&mut **tx)
.await
.map_err(|e| Status::internal(format!("Index creation failed: {}", e)))?;
}
Ok(TableDefinitionResponse {
success: true,
sql: format!("{}\n{}", create_sql, index_sql.join("\n")),
})
}
async fn generate_table_sql(
tx: &mut Transaction<'_, Postgres>,
profile_name: &str,
table_name: &str,
columns: &[String],
indexes: &[String],
links: &[(i64, bool)],
) -> Result<(String, Vec<String>), Status> {
// CHANGE: Quote the schema name
let qualified_table = format!("\"{}\".\"{}\"", profile_name, table_name);
let mut system_columns = vec![
"id BIGSERIAL PRIMARY KEY".to_string(),
"deleted BOOLEAN NOT NULL DEFAULT FALSE".to_string(),
];
for (linked_id, required) in links {
let linked_table = get_table_name_by_id(tx, *linked_id).await?;
// CHANGE: Quote the schema name here too
let qualified_linked_table = format!("\"{}\".\"{}\"", profile_name, linked_table);
let base_name = linked_table.split_once('_')
.map(|(_, rest)| rest)
.unwrap_or(&linked_table)
.to_string();
let null_clause = if *required { "NOT NULL" } else { "" };
system_columns.push(
format!("\"{0}_id\" BIGINT {1} REFERENCES {2}(id)",
base_name, null_clause, qualified_linked_table
)
);
}
let all_columns = system_columns
.iter()
.chain(columns.iter())
.cloned()
.collect::<Vec<_>>();
let create_sql = format!(
"CREATE TABLE {} (\n {},\n created_at TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP\n)",
qualified_table,
all_columns.join(",\n ")
);
let mut all_indexes = Vec::new();
for (linked_id, _) in links {
let linked_table = get_table_name_by_id(tx, *linked_id).await?;
let base_name = linked_table.split_once('_')
.map(|(_, rest)| rest)
.unwrap_or(&linked_table)
.to_string();
all_indexes.push(format!(
"CREATE INDEX \"idx_{}_{}_fk\" ON {} (\"{}_id\")",
table_name, base_name, qualified_table, base_name
));
}
for idx in indexes {
all_indexes.push(format!(
"CREATE INDEX \"idx_{}_{}\" ON {} (\"{}\")",
table_name, idx, qualified_table, idx
));
}
Ok((create_sql, all_indexes))
}
async fn get_table_name_by_id(
tx: &mut Transaction<'_, Postgres>,
table_id: i64,
) -> Result<String, Status> {
let record = sqlx::query!(
"SELECT table_name FROM table_definitions WHERE id = $1",
table_id
)
.fetch_one(&mut **tx)
.await
.map_err(|e| Status::internal(format!("Table lookup failed: {}", e)))?;
Ok(record.table_name)
}
Reference in New Issue View Git Blame Copy Permalink