Skip to content

Commit

Permalink
Fix issues with malformed query and _id
Browse files Browse the repository at this point in the history
  • Loading branch information
vkuznet committed Oct 7, 2023
1 parent 28ee209 commit 1287594
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 7 deletions.
9 changes: 7 additions & 2 deletions web/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,11 +222,16 @@ func SearchHandler(w http.ResponseWriter, r *http.Request) {
}
// we store all values as lower case and will use lower case in searches
query := r.FormValue("query")
// query = strings.ToLower(query)
spec := ParseQuery(query)
// query = strings.ToLower(query)
spec, err := ParseQuery(query)
if Config.Verbose > 0 {
log.Printf("search query='%s' spec=%+v user=%v", query, spec, user)
}
if err != nil {
msg := "unable to parse user query"
handleError(w, r, msg, err)
return
}

// check if we use web or cli
if client := r.FormValue("client"); client == "cli" {
Expand Down
6 changes: 6 additions & 0 deletions web/mongo.go
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,9 @@ func MongoUpsert(dbname, collname string, records []Record) error {

// MongoGet records from MongoDB
func MongoGet(dbname, collname string, spec bson.M, idx, limit int) []Record {
if Config.Verbose > 1 {
log.Printf("MongoGet spec=%s idx=%d limit=%d", spec, idx, limit)
}
out := []Record{}
s := _Mongo.Connect()
defer s.Close()
Expand Down Expand Up @@ -267,6 +270,9 @@ func MongoUpdate(dbname, collname string, spec, newdata bson.M) {

// MongoCount gets number records from MongoDB
func MongoCount(dbname, collname string, spec bson.M) int {
if Config.Verbose > 1 {
log.Printf("MongoCount spec=%s", spec)
}
s := _Mongo.Connect()
defer s.Close()
c := s.DB(dbname).C(collname)
Expand Down
23 changes: 18 additions & 5 deletions web/query.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ package main

import (
"encoding/json"
"errors"
"fmt"
"log"
"strconv"
Expand Down Expand Up @@ -50,20 +51,27 @@ func convertType(val interface{}) interface{} {

// ParseQuery function provides basic parser for user queries and return
// results in bson dictionary
func ParseQuery(query string) bson.M {
func ParseQuery(query string) (bson.M, error) {
spec := make(bson.M)
if strings.TrimSpace(query) == "" {
log.Println("WARNING: empty query string")
return nil
return nil, errors.New("empty query")
}
// support MongoDB specs
if strings.Contains(query, "{") {
if err := json.Unmarshal([]byte(query), &spec); err == nil {
err := json.Unmarshal([]byte(query), &spec)
if err == nil {
if Config.Verbose > 0 {
log.Printf("found bson spec %+v", spec)
}
return spec
// adjust query _id to object id type
if val, ok := spec["_id"]; ok {
spec["_id"] = bson.ObjectIdHex(val.(string))
}
return spec, nil
}
log.Printf("ERROR: unable to parse input query '%s' error %v", query, err)
return nil, err
}

// query as key:value
Expand Down Expand Up @@ -98,7 +106,7 @@ func ParseQuery(query string) bson.M {
// or, query as free text
spec["$text"] = bson.M{"$search": query}
}
return adjustQuery(spec)
return adjustQuery(spec), nil
}

// helper function to adjust query keys
Expand All @@ -109,6 +117,11 @@ func adjustQuery(spec bson.M) bson.M {
if strings.HasPrefix(kkk, "$") {
continue
}
// adjust query _id to object id type
if kkk == "_id" {
nspec["_id"] = bson.ObjectIdHex(val.(string))
continue
}
// look-up appropriate schema key
if key, ok := _schemaKeys[strings.ToLower(kkk)]; ok {
// create regex for value if it is the string
Expand Down

0 comments on commit 1287594

Please sign in to comment.