From 2dab4d3f29dcf8d13216af818131e5f83011b7fb Mon Sep 17 00:00:00 2001 From: Spacelord Date: Sun, 2 Feb 2025 19:57:50 +0100 Subject: [PATCH] Fix crash when using FullTextSearch with more then two asterisks in sequence. min(3) validation des the rest --- src/handlers/db.ts | 14 -------------- src/routes/api/v1/alertContacts.ts | 6 +----- src/routes/api/v1/alertContacts_schema.ts | 2 +- 3 files changed, 2 insertions(+), 20 deletions(-) diff --git a/src/handlers/db.ts b/src/handlers/db.ts index 50ded9f..8ff3990 100644 --- a/src/handlers/db.ts +++ b/src/handlers/db.ts @@ -36,17 +36,3 @@ export function handlePrismaError(errorObj: any, res: Response, source: string) res.status(500).json({ status: 'ERROR', errorcode: 'DB_ERROR', message: 'If you can read this something went terribly wrong!' }); } } - - -/** - * Checks if the given query only contains stars - * - * @export - * @param {string} fts_query FullTextSearch query - * @returns {boolean} Does the query only contains *? - */ -export function FTS_starChecker(fts_query: string) { - return(new RegExp("^[*]+$").test(fts_query)); -} - -export default prisma; diff --git a/src/routes/api/v1/alertContacts.ts b/src/routes/api/v1/alertContacts.ts index b304f27..c88591b 100644 --- a/src/routes/api/v1/alertContacts.ts +++ b/src/routes/api/v1/alertContacts.ts @@ -1,5 +1,5 @@ import { Request, Response } from 'express'; -import db, { handlePrismaError, FTS_starChecker } from '../../../handlers/db.js'; // Database +import db, { handlePrismaError } from '../../../handlers/db.js'; // Database import log from '../../../handlers/log.js'; import { parseDynamicSortBy } from '../../../helpers/prisma_helpers.js'; import { schema_get, schema_post, schema_patch, schema_del } from './alertContacts_schema.js'; @@ -15,10 +15,6 @@ async function get(req: Request, res: Response) { // Query with FullTextSearch if (value.search !== undefined || value.id !== undefined) { - if (value.search !== undefined && FTS_starChecker(value.search)) { - res.status(400).json({ status: 'ERROR', errorcode: 'VALIDATION_ERROR', message: 'Search query cannot contain only asterisk/s (*)' }); - return; - } // with FullTextSearch if (!value.count) { // get all entrys diff --git a/src/routes/api/v1/alertContacts_schema.ts b/src/routes/api/v1/alertContacts_schema.ts index 76def15..a7ee1bf 100644 --- a/src/routes/api/v1/alertContacts_schema.ts +++ b/src/routes/api/v1/alertContacts_schema.ts @@ -9,7 +9,7 @@ const schema_get = validator.object({ skip: validator.number().min(0), - search: validator.string().min(3).max(20), // TODO: Check if * or ** or *** -> Due to crashes.. + search: validator.string().min(3).max(20).regex(new RegExp('^(?!.*\\*{2,}).*$')), // TODO: Check if * or ** or *** -> Due to crashes.. id: validator.number().positive().precision(0), count: validator.boolean() }).nand('id', 'search'); // Allow id or search. not both.