npm - @teleporthq/teleport-plugin-next-data-source - Versions diffs - 0.42.35 → 0.43.0 - Mend

@teleporthq/teleport-plugin-next-data-source 0.42.35 → 0.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (239) hide show

package/__tests__/ecommerce-product-out-of-stock.test.ts +112 -0
package/__tests__/fetchers.test.ts +0 -42
package/__tests__/filter-utils.test.ts +149 -0
package/__tests__/mocks.ts +0 -12
package/__tests__/utils.test.ts +0 -2
package/dist/cjs/array-mapper-registry.d.ts +2 -0
package/dist/cjs/array-mapper-registry.d.ts.map +1 -1
package/dist/cjs/array-mapper-registry.js +9 -1
package/dist/cjs/array-mapper-registry.js.map +1 -1
package/dist/cjs/count-fetchers.d.ts +2 -2
package/dist/cjs/count-fetchers.d.ts.map +1 -1
package/dist/cjs/count-fetchers.js +5 -5
package/dist/cjs/count-fetchers.js.map +1 -1
package/dist/cjs/data-source-fetchers.d.ts +2 -1
package/dist/cjs/data-source-fetchers.d.ts.map +1 -1
package/dist/cjs/data-source-fetchers.js +11 -9
package/dist/cjs/data-source-fetchers.js.map +1 -1
package/dist/cjs/fetchers/airtable.d.ts.map +1 -1
package/dist/cjs/fetchers/airtable.js +1 -1
package/dist/cjs/fetchers/airtable.js.map +1 -1
package/dist/cjs/fetchers/clickhouse.d.ts.map +1 -1
package/dist/cjs/fetchers/clickhouse.js +1 -1
package/dist/cjs/fetchers/clickhouse.js.map +1 -1
package/dist/cjs/fetchers/csv-file.js +1 -1
package/dist/cjs/fetchers/csv-file.js.map +1 -1
package/dist/cjs/fetchers/firestore.js +1 -1
package/dist/cjs/fetchers/firestore.js.map +1 -1
package/dist/cjs/fetchers/google-sheets.js +1 -1
package/dist/cjs/fetchers/google-sheets.js.map +1 -1
package/dist/cjs/fetchers/index.d.ts +2 -1
package/dist/cjs/fetchers/index.d.ts.map +1 -1
package/dist/cjs/fetchers/index.js +8 -5
package/dist/cjs/fetchers/index.js.map +1 -1
package/dist/cjs/fetchers/javascript.js +1 -1
package/dist/cjs/fetchers/javascript.js.map +1 -1
package/dist/cjs/fetchers/mariadb.d.ts.map +1 -1
package/dist/cjs/fetchers/mariadb.js +3 -3
package/dist/cjs/fetchers/mariadb.js.map +1 -1
package/dist/cjs/fetchers/mongodb.js +1 -1
package/dist/cjs/fetchers/mongodb.js.map +1 -1
package/dist/cjs/fetchers/mysql.d.ts.map +1 -1
package/dist/cjs/fetchers/mysql.js +2 -2
package/dist/cjs/fetchers/mysql.js.map +1 -1
package/dist/cjs/fetchers/postgresql.d.ts.map +1 -1
package/dist/cjs/fetchers/postgresql.js +2 -2
package/dist/cjs/fetchers/postgresql.js.map +1 -1
package/dist/cjs/fetchers/raw-query.d.ts +18 -0
package/dist/cjs/fetchers/raw-query.d.ts.map +1 -0
package/dist/cjs/fetchers/raw-query.js +70 -0
package/dist/cjs/fetchers/raw-query.js.map +1 -0
package/dist/cjs/fetchers/redis.js +1 -1
package/dist/cjs/fetchers/redis.js.map +1 -1
package/dist/cjs/fetchers/redshift.d.ts.map +1 -1
package/dist/cjs/fetchers/redshift.js +2 -2
package/dist/cjs/fetchers/redshift.js.map +1 -1
package/dist/cjs/fetchers/rest-api.js +1 -1
package/dist/cjs/fetchers/rest-api.js.map +1 -1
package/dist/cjs/fetchers/supabase.d.ts.map +1 -1
package/dist/cjs/fetchers/supabase.js +62 -2
package/dist/cjs/fetchers/supabase.js.map +1 -1
package/dist/cjs/fetchers/teleport.d.ts +7 -0
package/dist/cjs/fetchers/teleport.d.ts.map +1 -0
package/dist/cjs/fetchers/teleport.js +63 -0
package/dist/cjs/fetchers/teleport.js.map +1 -0
package/dist/cjs/fetchers/turso.d.ts.map +1 -1
package/dist/cjs/fetchers/turso.js +1 -1
package/dist/cjs/fetchers/turso.js.map +1 -1
package/dist/cjs/filter-utils.d.ts +13 -0
package/dist/cjs/filter-utils.d.ts.map +1 -0
package/dist/cjs/filter-utils.js +95 -0
package/dist/cjs/filter-utils.js.map +1 -0
package/dist/cjs/index.d.ts.map +1 -1
package/dist/cjs/index.js +112 -9
package/dist/cjs/index.js.map +1 -1
package/dist/cjs/pagination-plugin.d.ts.map +1 -1
package/dist/cjs/pagination-plugin.js +389 -128
package/dist/cjs/pagination-plugin.js.map +1 -1
package/dist/cjs/sort-utils.d.ts +10 -0
package/dist/cjs/sort-utils.d.ts.map +1 -0
package/dist/cjs/sort-utils.js +141 -0
package/dist/cjs/sort-utils.js.map +1 -0
package/dist/cjs/transformations/blog-post.d.ts +7 -0
package/dist/cjs/transformations/blog-post.d.ts.map +1 -0
package/dist/cjs/transformations/blog-post.js +13 -0
package/dist/cjs/transformations/blog-post.js.map +1 -0
package/dist/cjs/transformations/ecommerce-product.d.ts +7 -0
package/dist/cjs/transformations/ecommerce-product.d.ts.map +1 -0
package/dist/cjs/transformations/ecommerce-product.js +13 -0
package/dist/cjs/transformations/ecommerce-product.js.map +1 -0
package/dist/cjs/transformations/index.d.ts +26 -0
package/dist/cjs/transformations/index.d.ts.map +1 -0
package/dist/cjs/transformations/index.js +81 -0
package/dist/cjs/transformations/index.js.map +1 -0
package/dist/cjs/transformations/shared-utils.d.ts +7 -0
package/dist/cjs/transformations/shared-utils.d.ts.map +1 -0
package/dist/cjs/transformations/shared-utils.js +13 -0
package/dist/cjs/transformations/shared-utils.js.map +1 -0
package/dist/cjs/tsconfig.tsbuildinfo +1 -1
package/dist/cjs/utils.d.ts +30 -1
package/dist/cjs/utils.d.ts.map +1 -1
package/dist/cjs/utils.js +173 -10
package/dist/cjs/utils.js.map +1 -1
package/dist/esm/array-mapper-registry.d.ts +2 -0
package/dist/esm/array-mapper-registry.d.ts.map +1 -1
package/dist/esm/array-mapper-registry.js +9 -1
package/dist/esm/array-mapper-registry.js.map +1 -1
package/dist/esm/count-fetchers.d.ts +2 -2
package/dist/esm/count-fetchers.d.ts.map +1 -1
package/dist/esm/count-fetchers.js +4 -4
package/dist/esm/count-fetchers.js.map +1 -1
package/dist/esm/data-source-fetchers.d.ts +2 -1
package/dist/esm/data-source-fetchers.d.ts.map +1 -1
package/dist/esm/data-source-fetchers.js +10 -9
package/dist/esm/data-source-fetchers.js.map +1 -1
package/dist/esm/fetchers/airtable.d.ts.map +1 -1
package/dist/esm/fetchers/airtable.js +1 -1
package/dist/esm/fetchers/airtable.js.map +1 -1
package/dist/esm/fetchers/clickhouse.d.ts.map +1 -1
package/dist/esm/fetchers/clickhouse.js +1 -1
package/dist/esm/fetchers/clickhouse.js.map +1 -1
package/dist/esm/fetchers/csv-file.js +1 -1
package/dist/esm/fetchers/csv-file.js.map +1 -1
package/dist/esm/fetchers/firestore.js +1 -1
package/dist/esm/fetchers/firestore.js.map +1 -1
package/dist/esm/fetchers/google-sheets.js +1 -1
package/dist/esm/fetchers/google-sheets.js.map +1 -1
package/dist/esm/fetchers/index.d.ts +2 -1
package/dist/esm/fetchers/index.d.ts.map +1 -1
package/dist/esm/fetchers/index.js +2 -1
package/dist/esm/fetchers/index.js.map +1 -1
package/dist/esm/fetchers/javascript.js +1 -1
package/dist/esm/fetchers/javascript.js.map +1 -1
package/dist/esm/fetchers/mariadb.d.ts.map +1 -1
package/dist/esm/fetchers/mariadb.js +4 -4
package/dist/esm/fetchers/mariadb.js.map +1 -1
package/dist/esm/fetchers/mongodb.js +1 -1
package/dist/esm/fetchers/mongodb.js.map +1 -1
package/dist/esm/fetchers/mysql.d.ts.map +1 -1
package/dist/esm/fetchers/mysql.js +3 -3
package/dist/esm/fetchers/mysql.js.map +1 -1
package/dist/esm/fetchers/postgresql.d.ts.map +1 -1
package/dist/esm/fetchers/postgresql.js +3 -3
package/dist/esm/fetchers/postgresql.js.map +1 -1
package/dist/esm/fetchers/raw-query.d.ts +18 -0
package/dist/esm/fetchers/raw-query.d.ts.map +1 -0
package/dist/esm/fetchers/raw-query.js +65 -0
package/dist/esm/fetchers/raw-query.js.map +1 -0
package/dist/esm/fetchers/redis.js +1 -1
package/dist/esm/fetchers/redis.js.map +1 -1
package/dist/esm/fetchers/redshift.d.ts.map +1 -1
package/dist/esm/fetchers/redshift.js +3 -3
package/dist/esm/fetchers/redshift.js.map +1 -1
package/dist/esm/fetchers/rest-api.js +1 -1
package/dist/esm/fetchers/rest-api.js.map +1 -1
package/dist/esm/fetchers/supabase.d.ts.map +1 -1
package/dist/esm/fetchers/supabase.js +63 -3
package/dist/esm/fetchers/supabase.js.map +1 -1
package/dist/esm/fetchers/teleport.d.ts +7 -0
package/dist/esm/fetchers/teleport.d.ts.map +1 -0
package/dist/esm/fetchers/teleport.js +57 -0
package/dist/esm/fetchers/teleport.js.map +1 -0
package/dist/esm/fetchers/turso.d.ts.map +1 -1
package/dist/esm/fetchers/turso.js +2 -2
package/dist/esm/fetchers/turso.js.map +1 -1
package/dist/esm/filter-utils.d.ts +13 -0
package/dist/esm/filter-utils.d.ts.map +1 -0
package/dist/esm/filter-utils.js +66 -0
package/dist/esm/filter-utils.js.map +1 -0
package/dist/esm/index.d.ts.map +1 -1
package/dist/esm/index.js +113 -10
package/dist/esm/index.js.map +1 -1
package/dist/esm/pagination-plugin.d.ts.map +1 -1
package/dist/esm/pagination-plugin.js +389 -128
package/dist/esm/pagination-plugin.js.map +1 -1
package/dist/esm/sort-utils.d.ts +10 -0
package/dist/esm/sort-utils.d.ts.map +1 -0
package/dist/esm/sort-utils.js +113 -0
package/dist/esm/sort-utils.js.map +1 -0
package/dist/esm/transformations/blog-post.d.ts +7 -0
package/dist/esm/transformations/blog-post.d.ts.map +1 -0
package/dist/esm/transformations/blog-post.js +9 -0
package/dist/esm/transformations/blog-post.js.map +1 -0
package/dist/esm/transformations/ecommerce-product.d.ts +7 -0
package/dist/esm/transformations/ecommerce-product.d.ts.map +1 -0
package/dist/esm/transformations/ecommerce-product.js +9 -0
package/dist/esm/transformations/ecommerce-product.js.map +1 -0
package/dist/esm/transformations/index.d.ts +26 -0
package/dist/esm/transformations/index.d.ts.map +1 -0
package/dist/esm/transformations/index.js +74 -0
package/dist/esm/transformations/index.js.map +1 -0
package/dist/esm/transformations/shared-utils.d.ts +7 -0
package/dist/esm/transformations/shared-utils.d.ts.map +1 -0
package/dist/esm/transformations/shared-utils.js +9 -0
package/dist/esm/transformations/shared-utils.js.map +1 -0
package/dist/esm/tsconfig.tsbuildinfo +1 -1
package/dist/esm/utils.d.ts +30 -1
package/dist/esm/utils.d.ts.map +1 -1
package/dist/esm/utils.js +170 -9
package/dist/esm/utils.js.map +1 -1
package/package.json +6 -5
package/src/array-mapper-registry.ts +13 -0
package/src/count-fetchers.ts +5 -5
package/src/data-source-fetchers.ts +15 -11
package/src/fetchers/airtable.ts +54 -8
package/src/fetchers/clickhouse.ts +25 -19
package/src/fetchers/csv-file.ts +2 -2
package/src/fetchers/firestore.ts +2 -2
package/src/fetchers/google-sheets.ts +2 -2
package/src/fetchers/index.ts +6 -5
package/src/fetchers/javascript.ts +2 -2
package/src/fetchers/mariadb.ts +27 -12
package/src/fetchers/mongodb.ts +2 -2
package/src/fetchers/mysql.ts +27 -12
package/src/fetchers/postgresql.ts +31 -18
package/src/fetchers/raw-query.ts +178 -0
package/src/fetchers/redis.ts +2 -2
package/src/fetchers/redshift.ts +14 -10
package/src/fetchers/rest-api.ts +2 -2
package/src/fetchers/supabase.ts +97 -14
package/src/fetchers/teleport.ts +485 -0
package/src/fetchers/turso.ts +15 -7
package/src/filter-utils.ts +111 -0
package/src/index.ts +146 -6
package/src/pagination-plugin.ts +547 -308
package/src/sort-utils.ts +150 -0
package/src/transformations/blog-post.ts +128 -0
package/src/transformations/ecommerce-product.ts +173 -0
package/src/transformations/index.ts +97 -0
package/src/transformations/shared-utils.ts +271 -0
package/src/utils.ts +227 -11
package/dist/cjs/fetchers/static-collection.d.ts +0 -7
package/dist/cjs/fetchers/static-collection.d.ts.map +0 -1
package/dist/cjs/fetchers/static-collection.js +0 -25
package/dist/cjs/fetchers/static-collection.js.map +0 -1
package/dist/esm/fetchers/static-collection.d.ts +0 -7
package/dist/esm/fetchers/static-collection.d.ts.map +0 -1
package/dist/esm/fetchers/static-collection.js +0 -19
package/dist/esm/fetchers/static-collection.js.map +0 -1
package/src/fetchers/static-collection.ts +0 -231

package/src/fetchers/raw-query.ts ADDED Viewed

@@ -0,0 +1,178 @@
+import { replaceSecretReference } from '../utils'
+interface PostgreSQLConfig {
+  host?: string
+  port?: number
+  user?: string
+  username?: string
+  password?: string
+  database?: string
+  ssl?: boolean | { ca?: string; cert?: string; key?: string; rejectUnauthorized?: boolean }
+  sslConfig?: { ca?: string; cert?: string; key?: string; rejectUnauthorized?: boolean }
+}
+const FORBIDDEN_KEYWORDS = ['CREATE', 'ALTER', 'DROP', 'TRUNCATE', 'RENAME', 'GRANT', 'REVOKE']
+/**
+ * Generates an API route handler that executes a parameterized raw SQL query.
+ * Supports {{Current User.*}} substitution via query params.
+ *
+ * @param config - PostgreSQL connection config
+ * @param query - Raw SQL query string with {{Current User.*}} patterns already replaced to $N placeholders
+ * @param paramFields - Array of query param field names that map to $1, $2, etc. in order
+ */
+export const generateRawQueryFetcher = (
+  config: Record<string, unknown>,
+  query: string,
+  paramFields: string[]
+): string => {
+  const pgConfig = config as PostgreSQLConfig
+  const paramDestructure =
+    paramFields.length > 0 ? `const { ${paramFields.join(', ')} } = req.query` : ''
+  const paramValidation =
+    paramFields.length > 0
+      ? `
+    if (${paramFields.map((f) => `!${f}`).join(' || ')}) {
+      return res.status(200).json({ success: true, data: [], timestamp: Date.now() })
+    }`
+      : ''
+  const paramArray = paramFields.length > 0 ? `[${paramFields.join(', ')}]` : '[]'
+  const sslValue =
+    pgConfig.ssl === false
+      ? 'false'
+      : pgConfig.ssl === true || pgConfig.sslConfig
+      ? pgConfig.sslConfig
+        ? `{
+      ${pgConfig.sslConfig.ca ? `ca: ${replaceSecretReference(pgConfig.sslConfig.ca)},` : ''}
+      ${pgConfig.sslConfig.cert ? `cert: ${replaceSecretReference(pgConfig.sslConfig.cert)},` : ''}
+      ${pgConfig.sslConfig.key ? `key: ${replaceSecretReference(pgConfig.sslConfig.key)},` : ''}
+      rejectUnauthorized: false
+    }`
+        : '{ rejectUnauthorized: false }'
+      : 'false'
+  return `import { Client } from 'pg'
+const FORBIDDEN_KEYWORDS = ${JSON.stringify(FORBIDDEN_KEYWORDS)}
+const getClient = () => {
+  const connStr = process.env.TELEPORT_DB_CONNECTION_STRING
+  if (connStr) {
+    const sslEnv = process.env.TELEPORT_DB_SSL
+    const sslOpt = sslEnv === 'false' ? false : sslEnv === 'true' ? { rejectUnauthorized: false } : undefined
+    return new Client(Object.assign({ connectionString: connStr }, sslOpt !== undefined ? { ssl: sslOpt } : {}))
+  }
+  return new Client({
+    host: process.env.TELEPORT_DB_HOST || ${JSON.stringify(pgConfig.host ?? null)},
+    port: parseInt(process.env.TELEPORT_DB_PORT || '${pgConfig.port || 5432}', 10),
+    user: process.env.TELEPORT_DB_USER || ${JSON.stringify(
+      pgConfig.user ?? pgConfig.username ?? null
+    )},
+    password: process.env.TELEPORT_DB_PASSWORD || ${
+      replaceSecretReference(pgConfig.password) !== 'undefined'
+        ? replaceSecretReference(pgConfig.password)
+        : 'null'
+    },
+    database: process.env.TELEPORT_DB_NAME || ${JSON.stringify(pgConfig.database ?? null)},
+    ssl: ${sslValue}
+  })
+}
+const validateQuery = (query) => {
+  const trimmed = query.trim().toUpperCase()
+  for (const keyword of FORBIDDEN_KEYWORDS) {
+    if (trimmed.startsWith(keyword)) {
+      return false
+    }
+  }
+  return true
+}
+export default async function handler(req, res) {
+  try {
+    ${paramDestructure}
+    ${paramValidation}
+    const query = ${JSON.stringify(query)}
+    if (!validateQuery(query)) {
+      return res.status(400).json({
+        success: false,
+        error: 'Only SELECT queries are allowed',
+        timestamp: Date.now()
+      })
+    }
+    const client = getClient()
+    await client.connect()
+    try {
+      const result = await client.query(query, ${paramArray})
+      return res.status(200).json({
+        success: true,
+        data: result.rows,
+        timestamp: Date.now()
+      })
+    } finally {
+      await client.end()
+    }
+  } catch (error) {
+    console.error('Raw query fetch error:', error)
+    return res.status(500).json({
+      success: false,
+      error: error.message || 'Failed to fetch data',
+      timestamp: Date.now()
+    })
+  }
+}
+`
+}
+/**
+ * Parses a SQL query string for {{Current User.*}} template patterns.
+ * Returns the parameterized query and an ordered list of field names.
+ */
+export const parseQueryTemplateVariables = (
+  query: string
+): { parameterizedQuery: string; paramFields: string[] } => {
+  const captureRe = /\{\{Current User\.(\w+)\}\}/g
+  const paramFields: string[] = []
+  // First pass: collect unique fields in order
+  const tempRe = new RegExp(captureRe.source, 'g')
+  let match = tempRe.exec(query)
+  while (match !== null) {
+    const field = match[1]
+    if (!paramFields.includes(field)) {
+      paramFields.push(field)
+    }
+    match = tempRe.exec(query)
+  }
+  // Second pass: replace patterns with $N placeholders
+  let parameterizedQuery = query
+  for (let i = 0; i < paramFields.length; i++) {
+    const field = paramFields[i]
+    // Replace both quoted ('{{...}}') and unquoted ({{...}}) variants
+    const quotedPattern = `'{{Current User.${field}}}'`
+    const unquotedPattern = `{{Current User.${field}}}`
+    if (parameterizedQuery.includes(quotedPattern)) {
+      parameterizedQuery = parameterizedQuery.split(quotedPattern).join(`$${i + 1}`)
+    } else {
+      parameterizedQuery = parameterizedQuery.split(unquotedPattern).join(`$${i + 1}`)
+    }
+  }
+  // Convert field names to camelCase query param names
+  const queryParamNames = paramFields.map(
+    (f) => `currentUser${f.charAt(0).toUpperCase() + f.slice(1)}`
+  )
+  return { parameterizedQuery, paramFields: queryParamNames }
+}

package/src/fetchers/redis.ts CHANGED Viewed

@@ -145,7 +145,7 @@ export default async function handler(req, res) {
       if (Array.isArray(parsedSorts) && parsedSorts.length > 0) {
         const primarySort = parsedSorts[0]
         if (primarySort.field) {
-          const sortOrderValue = primarySort.order?.toLowerCase() === 'desc' ? -1 : 1
+          const sortOrderValue = (primarySort.order || '').toLowerCase().startsWith('desc') ? -1 : 1
           results.sort((a, b) => {
             const aVal = a[primarySort.field]
             const bVal = b[primarySort.field]
@@ -156,7 +156,7 @@ export default async function handler(req, res) {
         }
       }
     } else if (sortBy) {
-      const sortOrderValue = sortOrder?.toLowerCase() === 'desc' ? -1 : 1
+      const sortOrderValue = (sortOrder || '').toLowerCase().startsWith('desc') ? -1 : 1
       results.sort((a, b) => {
         const aVal = a[sortBy]
         const bVal = b[sortBy]

package/src/fetchers/redshift.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import {
   replaceSecretReference,
   generateDateFormatterCode,
   generateSafeJSONParseCode,
+  generateSearchEscapeHelpersCode,
 } from '../utils'
 interface RedshiftConfig {
@@ -55,6 +56,8 @@ const getClient = () => {
 ${generateSafeJSONParseCode()}
+${generateSearchEscapeHelpersCode()}
 ${generateDateFormatterCode()}
 export default async function handler(req, res) {
@@ -95,13 +98,14 @@ export default async function handler(req, res) {
       }
       if (columns.length > 0) {
-        const searchConditions = columns.map((col) => {
-          const condition = \`\${col}::text ILIKE $\${paramIndex}\`
-          paramIndex++
-          return condition
-        })
-        columns.forEach(() => queryParams.push(\`%\${query}%\`))
-        conditions.push(\`(\${searchConditions.join(' OR ')})\`)
+        const pattern = '%' + escapeLikePattern(query) + '%'
+        const placeholder = '$' + paramIndex
+        paramIndex++
+        queryParams.push(pattern)
+        const searchConditions = columns.map(
+          (col) => '"' + sanitizeSearchIdentifier(col) + '"::text ILIKE ' + placeholder + " ESCAPE '|'"
+        )
+        conditions.push('(' + searchConditions.join(' OR ') + ')')
       }
     }
@@ -178,16 +182,16 @@ export default async function handler(req, res) {
       if (Array.isArray(parsedSorts) && parsedSorts.length > 0) {
         const orderClauses = parsedSorts.map((sort) => {
           if (!sort.field) return null
-          const order = sort.order?.toUpperCase() === 'DESC' ? 'DESC' : 'ASC'
+          const order = (sort.order || '').toUpperCase().startsWith('DESC') ? 'DESC' : 'ASC'
           return \`\${sanitizeIdentifier(sort.field)} \${order}\`
         }).filter(Boolean)
         if (orderClauses.length > 0) {
           sql += \` ORDER BY \${orderClauses.join(', ')}\`
         }
       }
     } else if (sortBy) {
-      sql += \` ORDER BY \${sanitizeIdentifier(sortBy)} \${sortOrder?.toUpperCase() || 'ASC'}\`
+      sql += \` ORDER BY \${sanitizeIdentifier(sortBy)} \${(sortOrder || '').toUpperCase().startsWith('DESC') ? 'DESC' : 'ASC'}\`
     }
     const limitValue = limit || perPage

package/src/fetchers/rest-api.ts CHANGED Viewed

@@ -207,7 +207,7 @@ export default async function handler(req, res) {
                 if (!sort.field) continue
                 const aVal = getNestedValue(a, sort.field)
                 const bVal = getNestedValue(b, sort.field)
-                const sortOrderValue = sort.order?.toLowerCase() === 'desc' ? -1 : 1
+                const sortOrderValue = (sort.order || '').toLowerCase().startsWith('desc') ? -1 : 1
                 let comparison = 0
                 if (aVal === null || aVal === undefined) {
@@ -237,7 +237,7 @@ export default async function handler(req, res) {
         data.sort((a, b) => {
           const aVal = getNestedValue(a, sortBy)
           const bVal = getNestedValue(b, sortBy)
-          const sortOrderValue = sortOrder?.toLowerCase() === 'desc' ? -1 : 1
+          const sortOrderValue = (sortOrder || '').toLowerCase().startsWith('desc') ? -1 : 1
           let comparison = 0
           if (aVal === null || aVal === undefined) {

package/src/fetchers/supabase.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import {
   replaceSecretReference,
   generateDateFormatterCode,
   generateSafeJSONParseCode,
+  generateSearchEscapeHelpersCode,
 } from '../utils'
 export const validateSupabaseConfig = (
@@ -49,7 +50,66 @@ export const generateSupabaseFetcher = (
   const supabaseConfig = config as SupabaseConfig
   const supabaseUrl = supabaseConfig.supabaseUrl
   const apiKey = supabaseConfig.serviceRoleKey || supabaseConfig.publicApiKey
+  /*
+DO $$
+DECLARE
+    first_account_id UUID;
+    first_team_id UUID;
+BEGIN
+    -- Step 1: Select the first account's id
+    SELECT id INTO first_account_id
+    FROM accounts
+    ORDER BY id
+    LIMIT 1;
+    -- Step 2: Insert into subscriptions
+    INSERT INTO subscriptions (
+        "stripeSubscriptionId",
+        "accountId",
+        "stripeCurrentPeriodStart",
+        "stripeCurrentPeriodEnd",
+        "createdAt",
+        "updatedAt",
+        "percentOff"
+    ) VALUES (
+        'abc',
+        first_account_id,
+        '2025-08-13 00:00:00+00'::timestamptz,
+        '2035-09-13 00:00:00+00'::timestamptz,
+        '2025-08-13 00:00:00+00'::timestamptz,
+        '2025-08-13 00:00:00+00'::timestamptz,
+        100
+    );
+    -- Step 3: Insert into subscription-items
+    INSERT INTO "subscription-items" (
+        "stripeSubscriptionItemId",
+        "stripePriceId",
+        "stripeSubscriptionId",
+        "createdAt",
+        "updatedAt"
+    ) VALUES (
+        'abc',
+        'price_1KO3BuGd5V11xo4EFF8fKiVR',
+        'abc',
+        '2025-08-13 00:00:00+00'::timestamptz,
+        '2025-08-13 00:00:00+00'::timestamptz
+    );
+    -- Step 4: Get first team id and update its subscriptionItemId
+    SELECT id INTO first_team_id
+    FROM teams
+    ORDER BY id
+    LIMIT 1;
+    UPDATE teams
+    SET "subscriptionItemId" = 'abc'
+    WHERE id = first_team_id;
+    RAISE NOTICE 'Script completed successfully. Account ID: %, Team ID: %', first_account_id, first_team_id;
+END $$;
+*/
   return `import { createClient } from '@supabase/supabase-js'
 let client = null
@@ -67,6 +127,8 @@ const getClient = () => {
 ${generateSafeJSONParseCode()}
+${generateSearchEscapeHelpersCode()}
 // Helper function to process filter values
 const processFilterValue = (value) => {
   if (typeof value === 'string' && !isNaN(Number(value))) {
@@ -183,8 +245,10 @@ export default async function handler(req, res) {
       let columns = []
       if (queryColumns) {
-        // Use specified columns
-        columns = safeJSONParse(queryColumns)
+        // Use specified columns. Wrap non-arrays so a single column
+        // passed as a bare string doesn't get iterated as chars.
+        const parsed = safeJSONParse(queryColumns)
+        columns = Array.isArray(parsed) ? parsed : (parsed ? [parsed] : [])
       } else {
         // Fallback: Get text-searchable columns from a sample row
         try {
@@ -220,14 +284,26 @@ export default async function handler(req, res) {
       }
       if (columns.length > 0) {
-        const searchPattern = \`%\${query}%\`
-        // Note: Supabase PostgREST doesn't support ::text casting in .or() syntax
-        // Only text/varchar columns will match; non-text columns will be skipped
-        const orConditions = columns.map((col) => \`\${col}.ilike.\${searchPattern}\`).join(',')
+        // PostgREST .or() DSL separates conditions with comma and uses
+        // dot to split field / operator / value, so we wrap the pattern
+        // in double quotes and backslash-escape any embedded quotes or
+        // backslashes in the user's search term. Columns go through the
+        // shared identifier sanitizer to reject injection. Note:
+        // PostgREST .ilike. does not expose a LIKE ESCAPE clause, so
+        // raw % / _ in the user input still act as wildcards in this
+        // backend; the canvas preview path escapes them explicitly.
+        const rawPattern = "%" + String(query) + "%"
+        const escapedForPostgrest = rawPattern
+          .replace(/\\\\/g, "\\\\\\\\")
+          .replace(/"/g, '\\\\"')
+        const searchPattern = '"' + escapedForPostgrest + '"'
+        const orConditions = columns
+          .map((col) => sanitizeSearchIdentifier(col) + ".ilike." + searchPattern)
+          .join(",")
         queryRef = queryRef.or(orConditions)
       }
     }
     // Apply filters using helper function
     queryRef = applyFilters(queryRef, filters)
@@ -237,14 +313,14 @@ export default async function handler(req, res) {
       if (Array.isArray(parsedSorts)) {
         parsedSorts.forEach((sort) => {
           if (sort.field) {
-            queryRef = queryRef.order(sort.field, {
-              ascending: sort.order?.toLowerCase() !== 'desc'
+            queryRef = queryRef.order(sort.field, {
+              ascending: !(sort.order || '').toLowerCase().startsWith('desc')
             })
           }
         })
       }
     } else if (sortBy) {
-      queryRef = queryRef.order(sortBy, { ascending: sortOrder !== 'desc' })
+      queryRef = queryRef.order(sortBy, { ascending: !(sortOrder || '').toLowerCase().startsWith('desc') })
     }
     const limitValue = limit || perPage
@@ -337,10 +413,17 @@ async function getCount(req, res) {
       }
       if (columns.length > 0) {
-        const searchPattern = \`%\${query}%\`
-        // Note: Supabase PostgREST doesn't support ::text casting in .or() syntax
-        // Only text/varchar columns will match; non-text columns will be skipped
-        const orConditions = columns.map((col) => \`\${col}.ilike.\${searchPattern}\`).join(',')
+        // Mirror the fetch handler: sanitize identifiers, wrap the
+        // pattern in double quotes for PostgREST .or() DSL, and escape
+        // backslashes / quotes in the user's search term.
+        const rawPattern = "%" + String(query) + "%"
+        const escapedForPostgrest = rawPattern
+          .replace(/\\\\/g, "\\\\\\\\")
+          .replace(/"/g, '\\\\"')
+        const searchPattern = '"' + escapedForPostgrest + '"'
+        const orConditions = columns
+          .map((col) => sanitizeSearchIdentifier(col) + ".ilike." + searchPattern)
+          .join(",")
         countQuery = countQuery.or(orConditions)
       }
     }