@teleporthq/teleport-plugin-next-data-source 0.42.9 → 0.42.10

package/src/fetchers/supabase.ts

@@ -1,4 +1,8 @@
-import { replaceSecretReference, generateDateFormatterCode } from '../utils'
+import {
+  replaceSecretReference,
+  generateDateFormatterCode,
+  generateSafeJSONParseCode,
+} from '../utils'
 
 export const validateSupabaseConfig = (
   config: Record<string, unknown>
@@ -61,12 +65,117 @@ const getClient = () => {
   return client
 }
 
+${generateSafeJSONParseCode()}
+
+// Helper function to process filter values
+const processFilterValue = (value) => {
+  if (typeof value === 'string' && !isNaN(Number(value))) {
+    return Number(value)
+  }
+  return value
+}
+
+// Helper function to apply filters to a query
+const applyFilters = (queryRef, filters) => {
+  if (!filters) return queryRef
+  
+  const parsedFilters = safeJSONParse(filters)
+  
+  if (Array.isArray(parsedFilters)) {
+    parsedFilters.forEach((filter) => {
+      if (!filter.source || filter.destination === undefined) return
+      
+      const field = filter.source
+      const value = filter.destination
+      const operand = filter.operand || '='
+      
+      if (Array.isArray(value)) {
+        const processedValues = value.map(processFilterValue)
+        if (operand === '!=') {
+          queryRef = queryRef.not(field, 'in', processedValues)
+        } else {
+          queryRef = queryRef.in(field, processedValues)
+        }
+      } else {
+        const processedValue = processFilterValue(value)
+        
+        // Handle null values
+        if (processedValue === null) {
+          if (operand === '=') {
+            queryRef = queryRef.is(field, null)
+          } else if (operand === '!=') {
+            queryRef = queryRef.not(field, 'is', null)
+          }
+        } else {
+          // Map operand to Supabase methods
+          switch (operand) {
+            case '=':
+              queryRef = queryRef.eq(field, processedValue)
+              break
+            case '!=':
+              queryRef = queryRef.neq(field, processedValue)
+              break
+            case '>':
+              queryRef = queryRef.gt(field, processedValue)
+              break
+            case '>=':
+              queryRef = queryRef.gte(field, processedValue)
+              break
+            case '<':
+              queryRef = queryRef.lt(field, processedValue)
+              break
+            case '<=':
+              queryRef = queryRef.lte(field, processedValue)
+              break
+            default:
+              queryRef = queryRef.eq(field, processedValue)
+          }
+        }
+      }
+    })
+  } else {
+    // Old format: object with key-value pairs (backward compatibility)
+    Object.entries(parsedFilters).forEach(([key, value]) => {
+      if (Array.isArray(value)) {
+        const processedValues = value.map(processFilterValue)
+        queryRef = queryRef.in(key, processedValues)
+      } else if (typeof value === 'object' && value !== null) {
+        const operator = Object.keys(value)[0]
+        let operatorValue = value[operator]
+        if (typeof operatorValue === 'string' && !isNaN(Number(operatorValue))) {
+          operatorValue = Number(operatorValue)
+        }
+        switch (operator) {
+          case 'eq': queryRef = queryRef.eq(key, operatorValue); break
+          case 'neq': queryRef = queryRef.neq(key, operatorValue); break
+          case 'gt': queryRef = queryRef.gt(key, operatorValue); break
+          case 'gte': queryRef = queryRef.gte(key, operatorValue); break
+          case 'lt': queryRef = queryRef.lt(key, operatorValue); break
+          case 'lte': queryRef = queryRef.lte(key, operatorValue); break
+          case 'like': queryRef = queryRef.like(key, operatorValue); break
+          case 'ilike': queryRef = queryRef.ilike(key, operatorValue); break
+          case 'in': queryRef = queryRef.in(key, operatorValue); break
+          default: queryRef = queryRef.eq(key, operatorValue)
+        }
+      } else {
+        let processedValue = value
+        if (typeof value === 'string' && !isNaN(Number(value))) {
+          processedValue = Number(value)
+        }
+        queryRef = queryRef.eq(key, processedValue)
+      }
+    })
+  }
+  
+  return queryRef
+}
+
 ${generateDateFormatterCode()}
 
 export default async function handler(req, res) {
   try {
     const client = getClient()
-    const { query, queryColumns, select, limit, page, perPage, sortBy, sortOrder, filters, offset } = req.query
+    const { query, queryColumns, select, limit, page, perPage, sortBy, sortOrder, filters, sorts, offset } = req.query
     
     let queryRef = client.from('${tableName}').select(select || '*')
     
@@ -75,16 +184,34 @@ export default async function handler(req, res) {
       
       if (queryColumns) {
         // Use specified columns
-        columns = JSON.parse(queryColumns)
+        columns = safeJSONParse(queryColumns)
       } else {
-        // Fallback: Get all column names from a sample row
+        // Fallback: Get text-searchable columns from a sample row
         try {
           const { data: sampleData, error: sampleError } = await client.from('${tableName}').select('*').limit(1).single()
           if (sampleError) {
             throw sampleError
           }
           if (sampleData) {
-            columns = Object.keys(sampleData)
+            // Filter out columns that are likely non-text types
+            // Note: This is heuristic-based since we don't have schema info
+            columns = Object.keys(sampleData).filter(col => {
+              const value = sampleData[col]
+              const colLower = col.toLowerCase()
+              
+              // Exclude common timestamp/date column names
+              if (colLower.includes('_at') || colLower.includes('date') || colLower === 'timestamp') {
+                return false
+              }
+              
+              // Exclude if value is a number, boolean, null, or object (non-string)
+              if (value === null || value === undefined) {
+                return true // Include null columns, let the query handle it
+              }
+              
+              const type = typeof value
+              return type === 'string' // Only include string values
+            })
           }
         } catch (schemaError) {
           console.warn('Failed to fetch sample row for column names:', schemaError.message)
@@ -94,51 +221,29 @@ export default async function handler(req, res) {
       
       if (columns.length > 0) {
         const searchPattern = \`%\${query}%\`
+        // Note: Supabase PostgREST doesn't support ::text casting in .or() syntax
+        // Only text/varchar columns will match; non-text columns will be skipped
         const orConditions = columns.map((col) => \`\${col}.ilike.\${searchPattern}\`).join(',')
         queryRef = queryRef.or(orConditions)
       }
     }
     
-    if (filters) {
-      const parsedFilters = JSON.parse(filters)
-      Object.entries(parsedFilters).forEach(([key, value]) => {
-        if (Array.isArray(value)) {
-          const processedValues = value.map((v) => {
-            if (typeof v === 'string' && !isNaN(Number(v))) {
-              return Number(v)
-            }
-            return v
-          })
-          queryRef = queryRef.in(key, processedValues)
-        } else if (typeof value === 'object' && value !== null) {
-          const operator = Object.keys(value)[0]
-          let operatorValue = value[operator]
-          if (typeof operatorValue === 'string' && !isNaN(Number(operatorValue))) {
-            operatorValue = Number(operatorValue)
-          }
-          switch (operator) {
-            case 'eq': queryRef = queryRef.eq(key, operatorValue); break
-            case 'neq': queryRef = queryRef.neq(key, operatorValue); break
-            case 'gt': queryRef = queryRef.gt(key, operatorValue); break
-            case 'gte': queryRef = queryRef.gte(key, operatorValue); break
-            case 'lt': queryRef = queryRef.lt(key, operatorValue); break
-            case 'lte': queryRef = queryRef.lte(key, operatorValue); break
-            case 'like': queryRef = queryRef.like(key, operatorValue); break
-            case 'ilike': queryRef = queryRef.ilike(key, operatorValue); break
-            case 'in': queryRef = queryRef.in(key, operatorValue); break
-            default: queryRef = queryRef.eq(key, operatorValue)
-          }
-        } else {
-          let processedValue = value
-          if (typeof value === 'string' && !isNaN(Number(value))) {
-            processedValue = Number(value)
-          }
-          queryRef = queryRef.eq(key, processedValue)
-        }
-      })
-    }
+    // Apply filters using helper function
+    queryRef = applyFilters(queryRef, filters)
     
-    if (sortBy) {
+    // Handle sorts - new array format
+    if (sorts) {
+      const parsedSorts = safeJSONParse(sorts)
+      if (Array.isArray(parsedSorts)) {
+        parsedSorts.forEach((sort) => {
+          if (sort.field) {
+            queryRef = queryRef.order(sort.field, { 
+              ascending: sort.order?.toLowerCase() !== 'desc' 
+            })
+          }
+        })
+      }
+    } else if (sortBy) {
       queryRef = queryRef.order(sortBy, { ascending: sortOrder !== 'desc' })
     }
     
@@ -195,16 +300,35 @@ async function getCount(req, res) {
       
       if (queryColumns) {
         // Use specified columns
-        columns = typeof queryColumns === 'string' ? JSON.parse(queryColumns) : (Array.isArray(queryColumns) ? queryColumns : [queryColumns])
+        const parsed = safeJSONParse(queryColumns)
+        columns = Array.isArray(parsed) ? parsed : [parsed]
       } else {
-        // Fallback: Get all column names from a sample row
+        // Fallback: Get text-searchable columns from a sample row
         try {
           const { data: sampleData, error: sampleError } = await supabase.from('${tableName}').select('*').limit(1).single()
           if (sampleError) {
             throw sampleError
           }
           if (sampleData) {
-            columns = Object.keys(sampleData)
+            // Filter out columns that are likely non-text types
+            // Note: This is heuristic-based since we don't have schema info
+            columns = Object.keys(sampleData).filter(col => {
+              const value = sampleData[col]
+              const colLower = col.toLowerCase()
+              
+              // Exclude common timestamp/date column names
+              if (colLower.includes('_at') || colLower.includes('date') || colLower === 'timestamp') {
+                return false
+              }
+              
+              // Exclude if value is a number, boolean, null, or object (non-string)
+              if (value === null || value === undefined) {
+                return true // Include null columns, let the query handle it
+              }
+              
+              const type = typeof value
+              return type === 'string' // Only include string values
+            })
           }
         } catch (schemaError) {
           console.warn('Failed to fetch sample row for column names:', schemaError.message)
@@ -214,17 +338,15 @@ async function getCount(req, res) {
       
       if (columns.length > 0) {
         const searchPattern = \`%\${query}%\`
+        // Note: Supabase PostgREST doesn't support ::text casting in .or() syntax
+        // Only text/varchar columns will match; non-text columns will be skipped
         const orConditions = columns.map((col) => \`\${col}.ilike.\${searchPattern}\`).join(',')
         countQuery = countQuery.or(orConditions)
       }
     }
 
-    if (filters) {
-      const parsedFilters = JSON.parse(filters)
-      for (const filter of parsedFilters) {
-        countQuery = countQuery.eq(filter.column, filter.value)
-      }
-    }
+    // Apply filters using helper function
+    countQuery = applyFilters(countQuery, filters)
 
     const { count, error } = await countQuery
     

package/src/fetchers/turso.ts

@@ -1,4 +1,8 @@
-import { replaceSecretReference, generateDateFormatterCode } from '../utils'
+import {
+  replaceSecretReference,
+  generateDateFormatterCode,
+  generateSafeJSONParseCode,
+} from '../utils'
 
 export const validateTursoConfig = (
   config: Record<string, unknown>
@@ -35,6 +39,8 @@ export const generateTursoFetcher = (
 
   return `import { createClient } from '@libsql/client'
 
+${generateSafeJSONParseCode()}
+
 ${generateDateFormatterCode()}
 
 export default async function handler(req, res) {
@@ -45,7 +51,7 @@ export default async function handler(req, res) {
       authToken: ${replaceSecretReference(token)}
     })
     
-    const { query, queryColumns, limit, page, perPage, sortBy, sortOrder, filters, offset } = req.query
+    const { query, queryColumns, limit, page, perPage, sortBy, sortOrder, filters, sorts, offset } = req.query
     
     let sql = \`SELECT * FROM ${tableName}\`
     const whereClauses = []
@@ -54,8 +60,10 @@ export default async function handler(req, res) {
     
     if (query) {
       if (queryColumns) {
-        const columns = typeof queryColumns === 'string' ? JSON.parse(queryColumns) : (Array.isArray(queryColumns) ? queryColumns : [queryColumns])
-        const searchConditions = columns.map((col) => \`\${col} LIKE ?\`)
+        const parsed = safeJSONParse(queryColumns)
+        const columns = Array.isArray(parsed) ? parsed : [parsed]
+        // Cast columns to TEXT to support searching on non-text columns (dates, numbers, etc.)
+        const searchConditions = columns.map((col) => \`CAST(\${col} AS TEXT) LIKE ?\`)
         whereClauses.push(\`(\${searchConditions.join(' OR ')})\`)
         columns.forEach(() => {
           queryParams.push(\`%\${query}%\`)
@@ -66,27 +74,86 @@ export default async function handler(req, res) {
       }
     }
     
+    // Helper to sanitize identifier (prevent SQL injection in column names)
+    const sanitizeIdentifier = (name) => {
+      // Only allow alphanumeric and underscore
+      if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
+        throw new Error(\`Invalid identifier: \${name}\`)
+      }
+      return \`"\${name}"\`
+    }
+    
     if (filters) {
-      const parsedFilters = JSON.parse(filters)
-      Object.entries(parsedFilters).forEach(([key, value]) => {
-        if (Array.isArray(value)) {
-          const placeholders = value.map(() => '?').join(', ')
-          queryParams.push(...value)
-          whereClauses.push(\`\${key} IN (\${placeholders})\`)
-        } else {
-          whereClauses.push(\`\${key} = ?\`)
-          queryParams.push(value)
-        }
-      })
+      const parsedFilters = safeJSONParse(filters)
+      
+      if (Array.isArray(parsedFilters)) {
+        parsedFilters.forEach((filter) => {
+          if (!filter.source || filter.destination === undefined) return
+          
+          const field = sanitizeIdentifier(filter.source)
+          const value = filter.destination
+          const operand = filter.operand || '='
+          
+          if (Array.isArray(value)) {
+            if (value.length === 0) return
+            const placeholders = value.map(() => '?').join(', ')
+            queryParams.push(...value)
+            if (operand === '!=') {
+              whereClauses.push(\`\${field} NOT IN (\${placeholders})\`)
+            } else {
+              whereClauses.push(\`\${field} IN (\${placeholders})\`)
+            }
+          } else {
+            if (value === null) {
+              if (operand === '=') {
+                whereClauses.push(\`\${field} IS NULL\`)
+              } else if (operand === '!=') {
+                whereClauses.push(\`\${field} IS NOT NULL\`)
+              }
+            } else {
+              const validOps = ['=', '!=', '>', '<', '>=', '<=']
+              const sqlOperator = validOps.includes(operand) ? operand : '='
+              whereClauses.push(\`\${field} \${sqlOperator} ?\`)
+              queryParams.push(value)
+            }
+          }
+        })
+      } else {
+        Object.entries(parsedFilters).forEach(([key, value]) => {
+          const field = sanitizeIdentifier(key)
+          if (Array.isArray(value)) {
+            const placeholders = value.map(() => '?').join(', ')
+            queryParams.push(...value)
+            whereClauses.push(\`\${field} IN (\${placeholders})\`)
+          } else {
+            whereClauses.push(\`\${field} = ?\`)
+            queryParams.push(value)
+          }
+        })
+      }
     }
     
     if (whereClauses.length > 0) {
       sql += \` WHERE \${whereClauses.join(' AND ')}\`
     }
     
-    if (sortBy) {
+    // Handle sorts - new array format
+    if (sorts) {
+      const parsedSorts = safeJSONParse(sorts)
+      if (Array.isArray(parsedSorts) && parsedSorts.length > 0) {
+        const orderClauses = parsedSorts.map((sort) => {
+          if (!sort.field) return null
+          const order = sort.order?.toUpperCase() === 'DESC' ? 'DESC' : 'ASC'
+          return \`\${sanitizeIdentifier(sort.field)} \${order}\`
+        }).filter(Boolean)
+        
+        if (orderClauses.length > 0) {
+          sql += \` ORDER BY \${orderClauses.join(', ')}\`
+        }
+      }
+    } else if (sortBy) {
       const sortOrderValue = sortOrder?.toUpperCase() === 'DESC' ? 'DESC' : 'ASC'
-      sql += \` ORDER BY \${sortBy} \${sortOrderValue}\`
+      sql += \` ORDER BY \${sanitizeIdentifier(sortBy)} \${sortOrderValue}\`
     }
     
     const limitValue = limit || perPage

package/src/fetchers/utils/header-detection.ts

@@ -0,0 +1,200 @@
+export const generateHeaderDetectionCode = (): string => {
+  return `const COMMON_HEADER_PATTERNS = [
+  /^id$/i,
+  /^name$/i,
+  /^email$/i,
+  /^date$/i,
+  /^time$/i,
+  /^status$/i,
+  /^type$/i,
+  /^title$/i,
+  /^description$/i,
+  /^price$/i,
+  /^amount$/i,
+  /^quantity$/i,
+  /^total$/i,
+  /^url$/i,
+  /^link$/i,
+  /^image$/i,
+  /^phone$/i,
+  /^address$/i,
+  /^city$/i,
+  /^country$/i,
+  /^category$/i,
+  /^tag$/i,
+  /^created/i,
+  /^updated/i,
+  /^modified/i,
+  /_id$/i,
+  /_at$/i,
+  /_date$/i,
+  /_name$/i,
+  /_url$/i,
+]
+
+const DATA_PATTERNS = {
+  email: /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/,
+  url: /^https?:\\/\\//i,
+  phone: /^[+]?[\\d\\s()-]{7,}$/,
+  date: /^\\d{1,4}[-/]\\d{1,2}[-/]\\d{1,4}$/,
+  currency: /^[$€£¥]\\s*[\\d,]+\\.?\\d*$/,
+  percentage: /^\\d+\\.?\\d*%$/,
+  pureNumber: /^-?\\d+\\.?\\d*$/,
+}
+
+function looksLikeDataValue(val) {
+  if (val === null || val === undefined) {
+    return false
+  }
+  if (typeof val === 'number' || typeof val === 'boolean') {
+    return true
+  }
+  if (val instanceof Date) {
+    return true
+  }
+  if (typeof val === 'string') {
+    const str = val.trim()
+    return Object.values(DATA_PATTERNS).some((pattern) => pattern.test(str))
+  }
+  return false
+}
+
+function looksLikeHeaderValue(val) {
+  if (typeof val !== 'string') {
+    return false
+  }
+  const str = val.trim()
+  if (str.length === 0 || str.length > 50) {
+    return false
+  }
+  if (looksLikeDataValue(str)) {
+    return false
+  }
+  if (COMMON_HEADER_PATTERNS.some((pattern) => pattern.test(str))) {
+    return true
+  }
+  const isTitleCase = /^[A-Z][a-z]*(\\s+[A-Z][a-z]*)*$/.test(str)
+  const isSnakeCase = /^[a-z]+(_[a-z]+)*$/i.test(str)
+  const isCamelCase = /^[a-z]+([A-Z][a-z]*)*$/.test(str)
+  const isPascalCase = /^[A-Z][a-z]+([A-Z][a-z]*)*$/.test(str)
+  const isUpperCase = /^[A-Z][A-Z\\s_]+$/.test(str) && str.length > 1
+  return isTitleCase || isSnakeCase || isCamelCase || isPascalCase || isUpperCase
+}
+
+function detectHeaderRow(
+  firstRowValues,  
+  allRows,
+  minConfidenceScore = 4
+) {
+  if (allRows.length < 2) {
+    return false
+  }
+
+  // Helper to extract values from a row (handles both CSV arrays and Google Sheets objects)
+  const getRowValues = (row) => {
+    if (Array.isArray(row)) {
+      return row
+    }
+    // Google Sheets format: row has a 'c' property with cells
+    if (row && row.c && Array.isArray(row.c)) {
+      return row.c.map((cell) => cell?.v ?? cell?.f ?? null)
+    }
+    return []
+  }
+
+  const nonEmptyFirstRowValues = firstRowValues.filter(
+    (v) => v !== null && v !== undefined && v !== ''
+  )
+  if (nonEmptyFirstRowValues.length === 0) {
+    return false
+  }
+
+  let score = 0
+
+  const allStrings = nonEmptyFirstRowValues.every((val) => typeof val === 'string')
+  if (allStrings) {
+    score += 1
+  } else {
+    return false
+  }
+
+  const hasUniqueValues =
+    nonEmptyFirstRowValues.length ===
+    new Set(nonEmptyFirstRowValues.map((v) => String(v).toLowerCase().trim())).size
+  if (hasUniqueValues) {
+    score += 1
+  }
+
+  const headerLikeCount = nonEmptyFirstRowValues.filter((v) => looksLikeHeaderValue(v)).length
+  const headerLikeRatio = headerLikeCount / nonEmptyFirstRowValues.length
+  if (headerLikeRatio >= 0.5) {
+    score += 2
+  } else if (headerLikeRatio >= 0.3) {
+    score += 1
+  }
+
+  const commonHeaderCount = nonEmptyFirstRowValues.filter((v) =>
+    COMMON_HEADER_PATTERNS.some((pattern) => pattern.test(String(v).trim()))
+  ).length
+  if (commonHeaderCount >= 2) {
+    score += 2
+  } else if (commonHeaderCount >= 1) {
+    score += 1
+  }
+
+  const dataLikeInFirstRow = nonEmptyFirstRowValues.filter((v) => looksLikeDataValue(v)).length
+  if (dataLikeInFirstRow > 0) {
+    score -= dataLikeInFirstRow * 2
+  }
+
+  const sampleSize = Math.min(5, allRows.length - 1)
+  let dataRowsWithDataPatterns = 0
+  for (let i = 1; i <= sampleSize; i++) {
+    const rowValues = getRowValues(allRows[i])
+    const hasDataPattern = rowValues.some((v) => looksLikeDataValue(v))
+    if (hasDataPattern) {
+      dataRowsWithDataPatterns++
+    }
+  }
+  if (dataRowsWithDataPatterns >= sampleSize * 0.6) {
+    score += 2
+  }
+
+  const firstRowTypesSet = new Set(nonEmptyFirstRowValues.map((v) => typeof v))
+  const secondRowValues = getRowValues(allRows[1]).filter((v) => v !== null && v !== undefined && v !== '')
+  const secondRowTypesSet = new Set(secondRowValues.map((v) => typeof v))
+
+  const firstRowOnlyStrings = firstRowTypesSet.size === 1 && firstRowTypesSet.has('string')
+  const secondRowHasOtherTypes = secondRowTypesSet.has('number') || secondRowTypesSet.has('boolean')
+  if (firstRowOnlyStrings && secondRowHasOtherTypes) {
+    score += 2
+  }
+
+  const firstRowSimilarToDataRows = nonEmptyFirstRowValues.some((v) => looksLikeDataValue(v))
+  const secondRowHasData = secondRowValues.some((v) => looksLikeDataValue(v))
+  if (firstRowSimilarToDataRows && secondRowHasData) {
+    score -= 2
+  }
+
+  // Check if subsequent rows also look like headers
+  // If they do, the first row is likely data, not a header
+  const subsequentRowsSample = Math.min(3, allRows.length - 1)
+  let subsequentHeaderLikeCount = 0
+  for (let i = 1; i <= subsequentRowsSample; i++) {
+    const rowValues = getRowValues(allRows[i]).filter((v) => v !== null && v !== undefined && v !== '')
+    if (rowValues.length > 0) {
+      const headerLikeInRow = rowValues.filter((v) => looksLikeHeaderValue(v)).length
+      const headerLikeRatioInRow = headerLikeInRow / rowValues.length
+      if (headerLikeRatioInRow >= 0.5) {
+        subsequentHeaderLikeCount++
+      }
+    }
+  }
+  // If most subsequent rows also look like headers, first row is probably data
+  if (subsequentHeaderLikeCount >= subsequentRowsSample * 0.6) {
+    score -= 4
+  }
+
+  return score >= minConfidenceScore
+}`
+}