query_helper 0.0.0

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "query_helper"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/query_helper/associations.rb

@@ -0,0 +1,33 @@
+class QueryHelper
+  class Associations
+    def self.process_association_params(associations)
+      associations ||= []
+      associations.class == String ? [associations.to_sym] : associations
+    end
+
+    def self.load_associations(payload:, associations: [], as_json_options: {})
+      as_json_options ||= {}
+      as_json_options[:include] = as_json_options[:include] || json_associations(associations)
+      ActiveRecord::Associations::Preloader.new.preload(payload, associations)
+      payload.as_json(as_json_options)
+    end
+
+    def self.json_associations(associations)
+      associations ||= []
+      associations = associations.is_a?(Array) ? associations : [associations]
+      associations.inject([]) do |translated, association|
+        if association.is_a?(Symbol) || association.is_a?(String)
+          translated << association.to_sym
+        elsif association.is_a?(Array)
+          translated << association.map(&:to_sym)
+        elsif association.is_a?(Hash)
+          translated_hash = {}
+          association.each do |key, value|
+            translated_hash[key.to_sym] = { include: json_associations(value) }
+          end
+          translated << translated_hash
+        end
+      end
+    end
+  end
+end

data/lib/query_helper/column_map.rb

@@ -0,0 +1,56 @@
+require "query_helper/sql_parser"
+
+class QueryHelper
+  class ColumnMap
+
+    def self.create_column_mappings(custom_mappings:, query:, model:)
+      parser = SqlParser.new(query)
+      maps = create_from_hash(custom_mappings)
+
+      parser.find_aliases.each do |m|
+        maps << m if maps.select{|x| x.alias_name == m.alias_name}.empty?
+      end
+
+      model.attribute_names.each do |attribute|
+        if maps.select{|x| x.alias_name == attribute}.empty?
+          maps << ColumnMap.new(alias_name: attribute, sql_expression: "#{model.to_s.downcase.pluralize}.#{attribute}")
+        end
+      end
+
+      maps
+    end
+
+    def self.create_from_hash(hash)
+      map = []
+      hash.each do |k,v|
+        alias_name = k
+        aggregate = false
+        if v.class == String
+          sql_expression = v
+        elsif v.class == Hash
+          sql_expression = v[:sql_expression]
+          aggregate = v[:aggregate]
+        end
+        map << self.new(
+          alias_name: alias_name,
+          sql_expression: sql_expression,
+          aggregate: aggregate
+        )
+      end
+      map
+    end
+
+    attr_accessor :alias_name, :sql_expression, :aggregate
+
+    def initialize(
+      alias_name:,
+      sql_expression:,
+      aggregate: false
+    )
+      @alias_name = alias_name
+      @sql_expression = sql_expression
+      @aggregate = aggregate
+    end
+
+  end
+end

data/lib/query_helper/filter.rb

@@ -0,0 +1,112 @@
+require "query_helper/invalid_query_error"
+
+class QueryHelper
+  class Filter
+
+    attr_accessor :operator, :criterion, :comparate, :operator_code, :bind_variable, :aggregate
+
+    def initialize(
+      operator_code:,
+      criterion:,
+      comparate:,
+      aggregate: false
+    )
+      @operator_code = operator_code
+      @criterion = criterion # Converts to a string to be inserted into sql.
+      @comparate = comparate
+      @aggregate = aggregate
+      @bind_variable = ('a'..'z').to_a.shuffle[0,20].join.to_sym
+
+      translate_operator_code()
+      mofify_criterion()
+      modify_comparate()
+      validate_criterion()
+    end
+
+    def sql_string
+      case operator_code
+      when "in", "notin"
+        "#{comparate} #{operator} (:#{bind_variable})"
+      when "null"
+        "#{comparate} #{operator}"
+      else
+        "#{comparate} #{operator} :#{bind_variable}"
+      end
+
+    end
+
+    private
+
+    def translate_operator_code
+      @operator = case operator_code
+        when "gte"
+          ">="
+        when "lte"
+          "<="
+        when "gt"
+          ">"
+        when "lt"
+          "<"
+        when "eql"
+          "="
+        when "noteql"
+          "!="
+        when "in"
+          "in"
+        when "like"
+          "like"
+        when "notin"
+          "not in"
+        when "null"
+          if criterion.to_s == "true"
+            "is null"
+          else
+            "is not null"
+          end
+        else
+          raise InvalidQueryError.new("Invalid operator code: '#{operator_code}'")
+      end
+    end
+
+    def mofify_criterion
+      # lowercase strings for comparison
+      @criterion.downcase! if criterion.class == String && criterion.scan(/[a-zA-Z]/).any?
+
+      # turn the criterion into an array for in and notin comparisons
+      @criterion = criterion.split(",") if ["in", "notin"].include?(operator_code) && criterion.class == String
+    end
+
+    def modify_comparate
+      # lowercase strings for comparison
+      @comparate = "lower(#{@comparate})" if criterion.class == String && criterion.scan(/[a-zA-Z]/).any? && !["true", "false"].include?(criterion)
+    end
+
+    def validate_criterion
+      case operator_code
+        when "gte", "lte", "gt", "lt"
+          begin
+            Time.parse(criterion.to_s)
+          rescue
+            begin
+              Date.parse(criterion.to_s)
+            rescue
+              begin
+                Float(criterion.to_s)
+              rescue
+                invalid_criterion_error()
+              end
+            end
+          end
+        when "in", "notin"
+          invalid_criterion_error() unless criterion.class == Array
+        when "null"
+          invalid_criterion_error() unless ["true", "false"].include?(criterion.to_s)
+      end
+      true
+    end
+
+    def invalid_criterion_error
+      raise InvalidQueryError.new("'#{criterion}' is not a valid criterion for the '#{@operator}' operator")
+    end
+  end
+end

data/lib/query_helper/invalid_query_error.rb

@@ -0,0 +1,3 @@
+class QueryHelper
+  class InvalidQueryError < StandardError; end
+end 

data/lib/query_helper/query_helper_concern.rb

@@ -0,0 +1,41 @@
+require 'active_support/concern'
+require "query_helper/sql_filter"
+
+class QueryHelper
+  module QueryHelperConcern
+    extend ActiveSupport::Concern
+
+    included do
+      def query_helper
+        @query_helper
+      end
+
+      def create_query_helper
+        @query_helper = QueryHelper.new(**query_helper_params, api_payload: true)
+      end
+
+      def create_query_helper_filter
+        filter_values = params[:filter].permit!.to_h
+        QueryHelper::SqlFilter.new(filter_values: filter_values)
+      end
+
+      def create_query_helper_sort
+        QueryHelper::SqlSort.new(sort_string: params[:sort])
+      end
+
+      def create_query_helper_associations
+
+      end
+
+      def query_helper_params
+        helpers = {}
+        helpers[:page] = params[:page] if params[:page]
+        helpers[:per_page] = params[:per_page] if params[:per_page]
+        helpers[:sql_filter] = create_query_helper_filter() if params[:filter]
+        helpers[:sql_sort] = create_query_helper_sort() if params[:sort]
+        helpers[:associations] = create_query_helper_associations() if params[:include]
+        helpers
+      end
+    end
+  end
+end

data/lib/query_helper/sql_filter.rb

@@ -0,0 +1,43 @@
+require "query_helper/invalid_query_error"
+
+class QueryHelper
+  class SqlFilter
+
+    attr_accessor :filter_values, :column_maps
+
+    def initialize(filter_values: [], column_maps: [])
+      @column_maps = column_maps
+      @filter_values = filter_values
+    end
+
+    def create_filters
+      @filters = []
+
+      @filter_values.each do |comparate_alias, criteria|
+        # Find the sql mapping if it exists
+        map = @column_maps.find { |m| m.alias_name == comparate_alias }
+        raise InvalidQueryError.new("cannot filter by #{comparate_alias}") unless map
+
+        # create the filter
+        @filters << QueryHelper::Filter.new(
+          operator_code: criteria.keys.first,
+          criterion: criteria.values.first,
+          comparate: map.sql_expression,
+          aggregate: map.aggregate
+        )
+      end
+    end
+
+    def where_clauses
+      @filters.select{ |f| f.aggregate == false }.map(&:sql_string)
+    end
+
+    def having_clauses
+      @filters.select{ |f| f.aggregate == true }.map(&:sql_string)
+    end
+
+    def bind_variables
+      Hash[@filters.collect { |f| [f.bind_variable, f.criterion] }]
+    end
+  end
+end

data/lib/query_helper/sql_manipulator.rb

@@ -0,0 +1,62 @@
+require "query_helper/sql_parser"
+
+class QueryHelper
+  class SqlManipulator
+
+    attr_accessor :sql
+
+    def initialize(
+      sql:,
+      where_clauses: nil,
+      having_clauses: nil,
+      order_by_clauses: nil,
+      include_limit_clause: false
+    )
+      @parser = SqlParser.new(sql)
+      @sql = @parser.sql.dup
+      @where_clauses = where_clauses
+      @having_clauses = having_clauses
+      @order_by_clauses = order_by_clauses
+      @include_limit_clause = include_limit_clause
+    end
+
+    def build
+      insert_having_clauses()
+      insert_where_clauses()
+      insert_total_count_select_clause()
+      insert_order_by_and_limit_clause()
+      @sql.squish
+    end
+
+    private
+
+    def insert_total_count_select_clause
+      return unless @include_limit_clause
+      total_count_clause = " ,count(*) over () as _query_full_count "
+      @sql.insert(@parser.insert_select_index, total_count_clause)
+      # Potentially update parser here
+    end
+
+    def insert_where_clauses
+      return unless @where_clauses.length > 0
+      begin_string = @parser.where_included? ? "and" : "where"
+      filter_string = @where_clauses.join(" and ")
+      "  #{begin_string} #{filter_string}  "
+      @sql.insert(@parser.insert_where_index, " #{begin_string} #{filter_string} ")
+    end
+
+    def insert_having_clauses
+      return unless @having_clauses.length > 0
+      begin_string = @parser.having_included? ? "and" : "having"
+      filter_string = @having_clauses.join(" and ")
+      @sql.insert(@parser.insert_having_index, " #{begin_string} #{filter_string} ")
+    end
+
+    def insert_order_by_and_limit_clause
+      @sql.slice!(@parser.limit_clause) if @parser.limit_included? # remove existing limit clause
+      @sql.slice!(@parser.order_by_clause) if @parser.order_by_included? # remove existing order by clause
+      @sql += " order by #{@order_by_clauses.join(", ")} " if @order_by_clauses.length > 0
+      @sql += " limit :limit offset :offset " if @include_limit_clause
+    end
+  end
+end

data/lib/query_helper/sql_parser.rb

@@ -0,0 +1,189 @@
+require "query_helper/invalid_query_error"
+require "query_helper/column_map"
+
+class QueryHelper
+  class SqlParser
+
+    attr_accessor :sql
+
+    def initialize(sql)
+      update(sql)
+    end
+
+    def update(sql)
+      @sql = sql
+      remove_comments()
+      white_out()
+    end
+
+    def remove_comments
+      # Remove SQL inline comments (/* */) and line comments (--)
+      @sql = @sql.gsub(/\/\*(.*?)\*\//, '').gsub(/--(.*)$/, '')
+      @sql.squish!
+    end
+
+    def white_out
+      # Replace everything between () and '' and ""
+      # This will allow us to ignore subqueries, common table expressions,
+      # regex, custom strings, etc. when determining injection points
+      # and performing other manipulations
+      @white_out_sql = @sql.dup
+      while @white_out_sql.scan(/\"[^""]*\"|\'[^'']*\'|\([^()]*\)/).length > 0 do
+        @white_out_sql.scan(/\"[^""]*\"|\'[^'']*\'|\([^()]*\)/).each { |s| @white_out_sql.gsub!(s,s.gsub(/./, '*')) }
+      end
+    end
+
+    def select_index(position=:start)
+      regex = /( |^)[Ss][Ee][Ll][Ee][Cc][Tt] / # space or new line at beginning of select
+      find_index(regex, position)
+    end
+
+    def from_index(position=:start)
+      regex = / [Ff][Rr][Oo][Mm] /
+      find_index(regex, position)
+    end
+
+    def where_index(position=:start)
+      regex = / [Ww][Hh][Ee][Rr][Ee] /
+      find_index(regex, position)
+    end
+
+    def group_by_index(position=:start)
+      regex = / [Gg][Rr][Oo][Uu][Pp] [Bb][Yy] /
+      find_index(regex, position)
+    end
+
+    def having_index(position=:start)
+      regex = / [Hh][Aa][Vv][Ii][Nn][Gg] /
+      find_index(regex, position)
+    end
+
+    def order_by_index(position=:start)
+      regex = / [Oo][Rr][Dd][Ee][Rr] [Bb][Yy] /
+      find_index(regex, position)
+    end
+
+    def limit_index(position=:start)
+      regex = / [Ll][Ii][Mm][Ii][Tt] /
+      find_index(regex, position)
+    end
+
+    def select_included?
+      !select_index.nil?
+    end
+
+    def from_included?
+      !from_index.nil?
+    end
+
+    def where_included?
+      !where_index.nil?
+    end
+
+    def group_by_included?
+      !group_by_index.nil?
+    end
+
+    def having_included?
+      !having_index.nil?
+    end
+
+    def order_by_included?
+      !order_by_index.nil?
+    end
+
+    def limit_included?
+      !limit_index.nil?
+    end
+
+    def insert_select_index
+      from_index() || where_index() || group_by_index() || order_by_index() || limit_index() || @sql.length
+    end
+
+    def insert_join_index
+      where_index() || group_by_index() || order_by_index() || limit_index() || @sql.length
+    end
+
+    def insert_where_index
+      group_by_index() || order_by_index() || limit_index() || @sql.length
+    end
+
+    def insert_having_index
+      # raise InvalidQueryError.new("Cannot calculate insert_having_index because the query has no group by clause") unless group_by_included?
+      order_by_index() || limit_index() || @sql.length
+    end
+
+    def insert_order_by_index
+      # raise InvalidQueryError.new("This query already includes an order by clause") if order_by_included?
+      limit_index() || @sql.length
+    end
+
+    def insert_limit_index
+      # raise InvalidQueryError.new("This query already includes a limit clause") if limit_included?
+      @sql.length
+    end
+
+    def select_clause
+      @sql[select_index()..insert_select_index()].strip if select_included?
+    end
+
+    def from_clause
+      @sql[from_index()..insert_join_index()].strip if from_included?
+    end
+
+    def where_clause
+      @sql[where_index()..insert_where_index()].strip if where_included?
+    end
+
+    # def group_by_clause
+    #   @sql[group_by_index()..insert_group_by_index()] if group_by_included?
+    # end
+
+    def having_clause
+      @sql[having_index()..insert_having_index()].strip if having_included?
+    end
+
+    def order_by_clause
+      @sql[order_by_index()..insert_order_by_index()].strip if order_by_included?
+    end
+
+    def limit_clause
+      @sql[limit_index()..insert_limit_index()].strip if limit_included?
+    end
+
+    def find_aliases
+      # Determine alias expression combos.  White out sql used in case there
+      # are any custom strings or subqueries in the select clause
+      white_out_selects = @white_out_sql[select_index(:end)..from_index()]
+      selects = @sql[select_index(:end)..from_index()]
+      comma_split_points = white_out_selects.each_char.with_index.map{|char, i| i if char == ','}.compact
+      comma_split_points.unshift(-1) # We need the first select clause to start out with a 'split'
+      column_maps = white_out_selects.split(",").each_with_index.map do |x,i|
+        sql_alias = x.squish.split(" as ")[1] || x.squish.split(" AS ")[1] || x.squish.split(".")[1] # look for custom defined aliases or table.column notation
+        # sql_alias = nil unless /^[a-zA-Z_]+$/.match?(sql_alias) # only allow aliases with letters and underscores
+        sql_expression = if x.split(" as ")[1]
+          expression_length = x.split(" as ")[0].length
+          selects[comma_split_points[i] + 1, expression_length]
+        elsif x.squish.split(" AS ")[1]
+          expression_length = x.split(" AS ")[0].length
+          selects[comma_split_points[i] + 1, expression_length]
+        elsif x.squish.split(".")[1]
+          selects[comma_split_points[i] + 1, x.length]
+        end
+        ColumnMap.new(
+          alias_name: sql_alias,
+          sql_expression: sql_expression.squish,
+          aggregate: /(array_agg|avg|bit_and|bit_or|bool_and|bool_or|count|every|json_agg|jsonb_agg|json_object_agg|jsonb_object_agg|max|min|string_agg|sum|xmlagg)\((.*)\)/.match?(sql_expression)
+        ) if sql_alias
+      end
+      column_maps.compact
+    end
+
+    private
+
+    def find_index(regex, position=:start)
+      start_position = @white_out_sql.rindex(regex)
+      return position == :start ? start_position : start_position + @white_out_sql[regex].size()
+    end
+  end
+end