Project-Name-Here/atas
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix crash when using FullTextSearch with more then two asterisks in sequence. min(3) validation des the rest

Browse Source
This commit is contained in:
Leon Meier 2025-02-02 19:57:50 +01:00
parent 7674653eec
commit 2dab4d3f29
3 changed files with 2 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/handlers/db.ts
View File

@ -36,17 +36,3 @@ export function handlePrismaError(errorObj: any, res: Response, source: string)
res.status(500).json({ status: 'ERROR', errorcode: 'DB_ERROR', message: 'If you can read this something went terribly wrong!' }); res.status(500).json({ status: 'ERROR', errorcode: 'DB_ERROR', message: 'If you can read this something went terribly wrong!' });
} }
} }
/**
* Checks if the given query only contains stars
*
* @export
* @param {string} fts_query FullTextSearch query
* @returns {boolean} Does the query only contains *?
*/
export function FTS_starChecker(fts_query: string) {
return(new RegExp("^[*]+$").test(fts_query));
}
export default prisma;

6
src/routes/api/v1/alertContacts.ts
View File

@ -1,5 +1,5 @@
import { Request, Response } from 'express'; import { Request, Response } from 'express';
import db, { handlePrismaError, FTS_starChecker } from '../../../handlers/db.js'; // Database import db, { handlePrismaError } from '../../../handlers/db.js'; // Database
import log from '../../../handlers/log.js'; import log from '../../../handlers/log.js';
import { parseDynamicSortBy } from '../../../helpers/prisma_helpers.js'; import { parseDynamicSortBy } from '../../../helpers/prisma_helpers.js';
import { schema_get, schema_post, schema_patch, schema_del } from './alertContacts_schema.js'; import { schema_get, schema_post, schema_patch, schema_del } from './alertContacts_schema.js';
@ -15,10 +15,6 @@ async function get(req: Request, res: Response) {
// Query with FullTextSearch // Query with FullTextSearch
if (value.search !== undefined || value.id !== undefined) { if (value.search !== undefined || value.id !== undefined) {
if (value.search !== undefined && FTS_starChecker(value.search)) {
res.status(400).json({ status: 'ERROR', errorcode: 'VALIDATION_ERROR', message: 'Search query cannot contain only asterisk/s (*)' });
return;
}
// with FullTextSearch // with FullTextSearch
if (!value.count) { if (!value.count) {
// get all entrys // get all entrys

2
src/routes/api/v1/alertContacts_schema.ts
View File

@ -9,7 +9,7 @@ const schema_get = validator.object({
skip: validator.number().min(0), skip: validator.number().min(0),
search: validator.string().min(3).max(20), // TODO: Check if * or ** or *** -> Due to crashes.. search: validator.string().min(3).max(20).regex(new RegExp('^(?!.*\\*{2,}).*$')), // TODO: Check if * or ** or *** -> Due to crashes..
id: validator.number().positive().precision(0), id: validator.number().positive().precision(0),
count: validator.boolean() count: validator.boolean()
}).nand('id', 'search'); // Allow id or search. not both. }).nand('id', 'search'); // Allow id or search. not both.