stairwell 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +10 -0
- data/.travis.yml +6 -0
- data/Gemfile +8 -0
- data/Gemfile.lock +29 -0
- data/LICENSE.txt +21 -0
- data/README.md +101 -0
- data/Rakefile +10 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/stairwell.rb +14 -0
- data/lib/stairwell/bind_transformer.rb +44 -0
- data/lib/stairwell/core_extensions/core.rb +73 -0
- data/lib/stairwell/core_extensions/types.rb +9 -0
- data/lib/stairwell/query.rb +45 -0
- data/lib/stairwell/type_validator.rb +24 -0
- data/lib/stairwell/version.rb +3 -0
- data/stairwell.gemspec +30 -0
- metadata +75 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 16226c907ec3dc09521135fd9daf686284c6f7520a7abd3672517fe6b81f1614
|
4
|
+
data.tar.gz: f4ffdb12c04f2fa6dc4cf2f0451790f86dfd66bf2e11af3c0ca265a9d05cd92c
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 801f301a216a8e5cce25b1e1ec4a6a821b23636b1a07d817d61924b363f3febbbedd9aa77ad6757d954ac682747efc2df45f03107d7f24aed3a3a33039a2bd7a
|
7
|
+
data.tar.gz: 3bac00beda3087c312582d7bd1d187ba06c607190ab8a3ed02c2fc45bd47cffb98a02090bb5be207ebd15b7515b64711b486c0eba9526cc4b6f061887cbdbdeb
|
data/.gitignore
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
stairwell (0.1.0)
|
5
|
+
zeitwerk (~> 2.4.0)
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: https://rubygems.org/
|
9
|
+
specs:
|
10
|
+
coderay (1.1.3)
|
11
|
+
method_source (1.0.0)
|
12
|
+
minitest (5.14.1)
|
13
|
+
pry (0.13.1)
|
14
|
+
coderay (~> 1.1)
|
15
|
+
method_source (~> 1.0)
|
16
|
+
rake (12.3.3)
|
17
|
+
zeitwerk (2.4.0)
|
18
|
+
|
19
|
+
PLATFORMS
|
20
|
+
ruby
|
21
|
+
|
22
|
+
DEPENDENCIES
|
23
|
+
minitest (~> 5.0)
|
24
|
+
pry
|
25
|
+
rake (~> 12.0)
|
26
|
+
stairwell!
|
27
|
+
|
28
|
+
BUNDLED WITH
|
29
|
+
2.1.4
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2020 Toby
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,101 @@
|
|
1
|
+
# Stairwell
|
2
|
+
|
3
|
+
Making SQL more accessible while maintaining safety in Rails projects.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
gem 'stairwell'
|
11
|
+
```
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
|
15
|
+
$ bundle install
|
16
|
+
|
17
|
+
Or install it yourself as:
|
18
|
+
|
19
|
+
$ gem install stairwell
|
20
|
+
|
21
|
+
## Usage
|
22
|
+
|
23
|
+
Define a class in your app that inherits from `Stairwell::Query`. We're going to assume you are in a rails app, but this will work in any ruby app, ActiveRecord is not a dependency here.
|
24
|
+
In rails you could create a directory called `app/queries` for instance.
|
25
|
+
|
26
|
+
Define your `validate_type`, which will be the arguments you send in, and their type. For instance, if your query looks like this: `SELECT * FROM users WHERE name = :name`, and name is a `String`, your `validate_type` will look like this `validate_type :name, :string`, and you'll pass in a hash of your binds like this: `{ name: "<name value>" }`
|
27
|
+
|
28
|
+
Here's an example:
|
29
|
+
```ruby
|
30
|
+
class UsersSql < Stairwell::Query
|
31
|
+
validate_type :name, :string
|
32
|
+
validate_type :age, :integer
|
33
|
+
validate_type :active, :boolean
|
34
|
+
validate_type :gpa, :float
|
35
|
+
validate_type :date_joined, :sql_date
|
36
|
+
validate_type :created_at, :sql_date_time
|
37
|
+
|
38
|
+
query <<-SQL
|
39
|
+
SELECT
|
40
|
+
*
|
41
|
+
FROM users
|
42
|
+
WHERE name = :name
|
43
|
+
AND age = :age
|
44
|
+
AND active = :active
|
45
|
+
AND gpa = :gpa
|
46
|
+
AND date_joined = :date_joined
|
47
|
+
AND created_at >= :created_at
|
48
|
+
;
|
49
|
+
SQL
|
50
|
+
end
|
51
|
+
|
52
|
+
# if you pass in the following named binds:
|
53
|
+
|
54
|
+
binds = {
|
55
|
+
name: "First",
|
56
|
+
age: 99,
|
57
|
+
active: true,
|
58
|
+
gpa: 4.2
|
59
|
+
date_joined: "2008-08-28",
|
60
|
+
created_at: "2008-08-28 23:41:18",
|
61
|
+
}
|
62
|
+
|
63
|
+
# and call the following:
|
64
|
+
|
65
|
+
UsersSql.sql(binds)
|
66
|
+
|
67
|
+
# You will receive the following result:
|
68
|
+
|
69
|
+
"SELECT * FROM users WHERE name = 'First' age = 99 active = TRUE date_joined = '2008-08-28' created_at = '2008-08-28 23:41:18' gpa = 4.2;"
|
70
|
+
```
|
71
|
+
|
72
|
+
Binds passed in are validated against the validate_type, so if you have a validate_type you must include that value in your binds hash.
|
73
|
+
They types of the binds are validated too.
|
74
|
+
The names binds in your sql are also validated.
|
75
|
+
Strings are quoted. Dates are quoted. Datetime is quoted.
|
76
|
+
|
77
|
+
Tested in both Mysql and Postgres.
|
78
|
+
|
79
|
+
## Known issues
|
80
|
+
|
81
|
+
* nil/NULL values are not currently supported. Just use `IS NULL` or `IS NOT NULL` in your query for the time being.
|
82
|
+
* Date/Datetime are not validated for their format, it is expected that you will pass the correct format.
|
83
|
+
* Datetime in postgres is not currently working for equality, only for `>` or `<` or `>=` or `<=`
|
84
|
+
* Column/table quoting is not currently available.
|
85
|
+
* `IN` statements with arrays support is forthcoming.
|
86
|
+
|
87
|
+
|
88
|
+
## Development
|
89
|
+
|
90
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
91
|
+
|
92
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
93
|
+
|
94
|
+
## Contributing
|
95
|
+
|
96
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/tobyond/stairwell.
|
97
|
+
|
98
|
+
|
99
|
+
## License
|
100
|
+
|
101
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "stairwell"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
require "pry"
|
11
|
+
Pry.start
|
12
|
+
|
13
|
+
# require "irb"
|
14
|
+
# IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/lib/stairwell.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
require "date"
|
2
|
+
require "zeitwerk"
|
3
|
+
require "ostruct"
|
4
|
+
loader = Zeitwerk::Loader.for_gem
|
5
|
+
loader.setup
|
6
|
+
|
7
|
+
module Stairwell
|
8
|
+
class Error < StandardError; end
|
9
|
+
class InvalidBindType < StandardError; end
|
10
|
+
class InvalidBindCount < StandardError; end
|
11
|
+
class SqlBindMismatch < StandardError; end
|
12
|
+
end
|
13
|
+
|
14
|
+
loader.eager_load
|
@@ -0,0 +1,44 @@
|
|
1
|
+
module Stairwell
|
2
|
+
class BindTransformer
|
3
|
+
|
4
|
+
attr_accessor :sql, :bind_hash, :depleting_bind_hash
|
5
|
+
|
6
|
+
def initialize(sql, bind_hash)
|
7
|
+
@sql = sql
|
8
|
+
@bind_hash = bind_hash
|
9
|
+
@depleting_bind_hash = bind_hash.dup
|
10
|
+
end
|
11
|
+
|
12
|
+
# taking the sql string like "SELECT * WHERE name = :name AND id = :id"
|
13
|
+
# and confirming that the bind_hash has all the named binds like
|
14
|
+
# { name: "First", id: 22 }
|
15
|
+
# if the sql string or the bind_hash have incorrect or extra values
|
16
|
+
# and error will raise
|
17
|
+
# The sql string will then have the appropropriate values substituted
|
18
|
+
# with quoted values to ensure safety.
|
19
|
+
# Note: $2 is The match for the first, second, etc. parenthesized groups in the last regex
|
20
|
+
def transform
|
21
|
+
converted_sql = sql.gsub(/(:?):([a-zA-Z]\w*)/) do |_|
|
22
|
+
replace = $2.to_sym
|
23
|
+
validate_sql(replace)
|
24
|
+
bind_hash[replace].sql_quote
|
25
|
+
end
|
26
|
+
|
27
|
+
validate_bind_hash
|
28
|
+
converted_sql
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def validate_sql(attr)
|
34
|
+
raise SqlBindMismatch, ":#{attr} in your query is missing from your bind hash: #{bind_hash}" unless bind_hash[attr]
|
35
|
+
|
36
|
+
depleting_bind_hash.delete(attr)
|
37
|
+
end
|
38
|
+
|
39
|
+
def validate_bind_hash
|
40
|
+
raise SqlBindMismatch, "#{depleting_bind_hash} in your bind hash is missing from your query: #{sql}" unless depleting_bind_hash.empty?
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
module Stairwell::CoreExtensions::Core; end
|
2
|
+
|
3
|
+
class String
|
4
|
+
def squish!
|
5
|
+
gsub!(/[[:space:]]+/, " ")
|
6
|
+
strip!
|
7
|
+
self
|
8
|
+
end
|
9
|
+
|
10
|
+
def underscore
|
11
|
+
self.gsub(/::/, '/').
|
12
|
+
gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
|
13
|
+
gsub(/([a-z\d])([A-Z])/,'\1_\2').
|
14
|
+
tr("-", "_").
|
15
|
+
downcase
|
16
|
+
end
|
17
|
+
|
18
|
+
def sql_quote
|
19
|
+
"'#{self.gsub('\\', '\&\&').gsub("'", "''")}'"
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
class TrueClass
|
24
|
+
def sql_quote
|
25
|
+
"TRUE"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
class FalseClass
|
30
|
+
def sql_quote
|
31
|
+
"FALSE"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
class NilClass
|
36
|
+
def sql_quote
|
37
|
+
"IS NULL"
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
class Integer
|
42
|
+
def sql_quote
|
43
|
+
self
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
class Float
|
48
|
+
def sql_quote
|
49
|
+
self
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
class Date
|
54
|
+
def self.parsable?(string)
|
55
|
+
begin
|
56
|
+
parse(string)
|
57
|
+
true
|
58
|
+
rescue ArgumentError
|
59
|
+
false
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
class DateTime
|
65
|
+
def self.parsable?(string)
|
66
|
+
begin
|
67
|
+
parse(string)
|
68
|
+
true
|
69
|
+
rescue ArgumentError
|
70
|
+
false
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
module Stairwell
|
2
|
+
class Query
|
3
|
+
|
4
|
+
class << self
|
5
|
+
attr_accessor :bind_hash, :all_validations, :sql_string, :bind_object_array
|
6
|
+
|
7
|
+
def validate_type(*args)
|
8
|
+
@all_validations ||= {}
|
9
|
+
@all_validations.merge!(Hash[*args])
|
10
|
+
end
|
11
|
+
|
12
|
+
def sql(**args)
|
13
|
+
@bind_hash = args
|
14
|
+
@bind_object_array = []
|
15
|
+
validate!
|
16
|
+
transformed_sql_string
|
17
|
+
end
|
18
|
+
|
19
|
+
def query(string)
|
20
|
+
@sql_string = string
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def validate!
|
26
|
+
raise InvalidBindCount.new("Incorrect amount of args passed") unless correct_args?
|
27
|
+
|
28
|
+
bind_hash.each do |bind_name, bind_value|
|
29
|
+
type = all_validations[bind_name]
|
30
|
+
valid = TypeValidator.send(type, bind_value)
|
31
|
+
|
32
|
+
raise InvalidBindType.new("#{bind_name} is not #{all_validations[bind_name]}") unless valid
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def transformed_sql_string
|
37
|
+
BindTransformer.new(sql_string.squish!, bind_hash).transform
|
38
|
+
end
|
39
|
+
|
40
|
+
def correct_args?
|
41
|
+
bind_hash.keys.sort == all_validations.keys.sort
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require "stairwell/core_extensions/types"
|
2
|
+
require "stairwell/core_extensions/core"
|
3
|
+
|
4
|
+
module Stairwell
|
5
|
+
class TypeValidator
|
6
|
+
|
7
|
+
class << self
|
8
|
+
TYPES = [
|
9
|
+
String,
|
10
|
+
Boolean,
|
11
|
+
Integer,
|
12
|
+
Float,
|
13
|
+
SqlDate,
|
14
|
+
SqlDateTime
|
15
|
+
].freeze
|
16
|
+
|
17
|
+
TYPES.each do |type|
|
18
|
+
define_method(type.to_s.underscore.to_sym) do |arg|
|
19
|
+
arg.is_a?(type)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/stairwell.gemspec
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
require_relative 'lib/stairwell/version'
|
2
|
+
|
3
|
+
Gem::Specification.new do |spec|
|
4
|
+
spec.name = "stairwell"
|
5
|
+
spec.version = Stairwell::VERSION
|
6
|
+
spec.authors = ["tobyond"]
|
7
|
+
|
8
|
+
spec.summary = %q{stairwell for sql}
|
9
|
+
spec.description = %q{Sanitize and quote raw SQL for rails and any project in ruby}
|
10
|
+
spec.homepage = "https://github.com/tobyond/stairwell"
|
11
|
+
spec.license = "MIT"
|
12
|
+
spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
|
13
|
+
|
14
|
+
# spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
|
15
|
+
|
16
|
+
spec.metadata["homepage_uri"] = spec.homepage
|
17
|
+
spec.metadata["source_code_uri"] = "https://github.com/tobyond/stairwell"
|
18
|
+
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
|
19
|
+
|
20
|
+
# Specify which files should be added to the gem when it is released.
|
21
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
22
|
+
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
23
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
24
|
+
end
|
25
|
+
spec.bindir = "exe"
|
26
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
27
|
+
spec.require_paths = ["lib"]
|
28
|
+
|
29
|
+
spec.add_dependency 'zeitwerk', '~> 2.4.0'
|
30
|
+
end
|
metadata
ADDED
@@ -0,0 +1,75 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: stairwell
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- tobyond
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-09-20 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: zeitwerk
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 2.4.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 2.4.0
|
27
|
+
description: Sanitize and quote raw SQL for rails and any project in ruby
|
28
|
+
email:
|
29
|
+
executables: []
|
30
|
+
extensions: []
|
31
|
+
extra_rdoc_files: []
|
32
|
+
files:
|
33
|
+
- ".gitignore"
|
34
|
+
- ".travis.yml"
|
35
|
+
- Gemfile
|
36
|
+
- Gemfile.lock
|
37
|
+
- LICENSE.txt
|
38
|
+
- README.md
|
39
|
+
- Rakefile
|
40
|
+
- bin/console
|
41
|
+
- bin/setup
|
42
|
+
- lib/stairwell.rb
|
43
|
+
- lib/stairwell/bind_transformer.rb
|
44
|
+
- lib/stairwell/core_extensions/core.rb
|
45
|
+
- lib/stairwell/core_extensions/types.rb
|
46
|
+
- lib/stairwell/query.rb
|
47
|
+
- lib/stairwell/type_validator.rb
|
48
|
+
- lib/stairwell/version.rb
|
49
|
+
- stairwell.gemspec
|
50
|
+
homepage: https://github.com/tobyond/stairwell
|
51
|
+
licenses:
|
52
|
+
- MIT
|
53
|
+
metadata:
|
54
|
+
homepage_uri: https://github.com/tobyond/stairwell
|
55
|
+
source_code_uri: https://github.com/tobyond/stairwell
|
56
|
+
post_install_message:
|
57
|
+
rdoc_options: []
|
58
|
+
require_paths:
|
59
|
+
- lib
|
60
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
61
|
+
requirements:
|
62
|
+
- - ">="
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: 2.3.0
|
65
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
requirements: []
|
71
|
+
rubygems_version: 3.1.2
|
72
|
+
signing_key:
|
73
|
+
specification_version: 4
|
74
|
+
summary: stairwell for sql
|
75
|
+
test_files: []
|