rez_core 4.0.64 → 4.0.66

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/module/filter/service/filter.service.js +7 -18
  2. package/dist/module/filter/service/filter.service.js.map +1 -1
  3. package/dist/tsconfig.build.tsbuildinfo +1 -1
  4. package/package.json +1 -1
  5. package/src/module/filter/service/filter.service.ts +13 -42
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "rez_core",
3
- "version": "4.0.64",
3
+ "version": "4.0.66",
4
4
  "description": "",
5
5
  "author": "",
6
6
  "private": false,
package/src/module/filter/service/filter.service.ts CHANGED
@@ -36,54 +36,26 @@ export class FilterService {
36
36
  ) {
37
37
  if (!column) return [];
38
38
 
39
- // Basic SQL injection protection for identifiers
40
- if (!/^[a-zA-Z0-9_]+$/.test(tableName) || !/^[a-zA-Z0-9_]+$/.test(column)) {
41
- throw new Error('Invalid table or column name');
42
- }
43
-
44
39
  let whereSQL = '';
45
40
  const values: any[] = [];
46
41
 
47
42
  if (whereClauses.length > 0) {
48
43
  const clauseParts = whereClauses.map((clause) => {
49
- // remove alias 'e.'
50
- let parsedQuery = clause.query.replace(/\be\./g, '');
44
+ let parsedQuery = clause.query.replace(/\be\./g, ''); // remove e.
51
45
 
52
46
  Object.entries(clause.params).forEach(([key, val]) => {
53
47
  if (Array.isArray(val)) {
54
- // Always use IN operator for arrays
48
+ // if it's an array expand placeholders (?, ?, ?)
55
49
  const placeholders = val.map(() => '?').join(', ');
56
- // Replace either "= :param" or ":param" with "IN (?, ?, ?)"
57
- if (parsedQuery.match(new RegExp(`=\\s*:${key}\\b`))) {
58
- parsedQuery = parsedQuery.replace(
59
- new RegExp(`=\\s*:${key}\\b`, 'g'),
60
- `IN (${placeholders})`,
61
- );
62
- } else {
63
- parsedQuery = parsedQuery.replace(
64
- new RegExp(`:\\b${key}\\b`, 'g'),
65
- `(${placeholders})`,
66
- );
67
- // add IN keyword if not already there
68
- if (!parsedQuery.includes('IN')) {
69
- parsedQuery = parsedQuery.replace(
70
- new RegExp(`(${placeholders})`),
71
- `IN $1`,
72
- );
73
- }
74
- }
75
- values.push(...val);
50
+ parsedQuery = parsedQuery.replace(new RegExp(`:${key}`, 'g'), `(${placeholders})`);
51
+ values.push(...val); // flatten values
76
52
  } else {
77
- parsedQuery = parsedQuery.replace(
78
- new RegExp(`:\\b${key}\\b`, 'g'),
79
- '?',
80
- );
53
+ parsedQuery = parsedQuery.replace(new RegExp(`:${key}`, 'g'), '?');
81
54
  values.push(val);
82
55
  }
83
56
  });
84
57
 
85
- // group safely
86
- return `(${parsedQuery})`;
58
+ return parsedQuery;
87
59
  });
88
60
 
89
61
  whereSQL = `WHERE ${clauseParts.join(' AND ')}`;
@@ -99,7 +71,7 @@ export class FilterService {
99
71
  const rows = await this.dataSource.query(rawSQL, values);
100
72
 
101
73
  const total = rows.reduce(
102
- (sum, r) => sum + Number(r.tab_value_count || 0),
74
+ (sum, r) => sum + parseInt(r.tab_value_count, 10),
103
75
  0,
104
76
  );
105
77
 
@@ -107,12 +79,11 @@ export class FilterService {
107
79
  { tab_value: 'All', tab_value_count: total },
108
80
  ...rows.map((r) => ({
109
81
  tab_value: r.tab_value ?? 'UNKNOWN',
110
- tab_value_count: Number(r.tab_value_count || 0),
82
+ tab_value_count: parseInt(r.tab_value_count, 10),
111
83
  })),
112
84
  ];
113
85
  }
114
86
 
115
-
116
87
 
117
88
  async applyFilterWrapper(dto: FilterRequestDto) {
118
89
  const {
@@ -891,22 +862,22 @@ if (
891
862
  if (Array.isArray(val) && val.length === 0) {
892
863
  return { query: '1=1', params: {} };
893
864
  }
894
-
865
+
895
866
  if ((op === 'equal' || op === 'not_equal') && !Array.isArray(val)) {
896
867
  throw new BadRequestException(
897
868
  `Value for multi-select must be an array for operator: ${op}`,
898
869
  );
899
870
  }
900
-
871
+
901
872
  switch (op) {
902
873
  case 'equal':
903
874
  return {
904
- query: `e.${attr} IN (:...${key})`, // <-- use :... for arrays
875
+ query: `e.${attr} IN (:${key})`,
905
876
  params: { [key]: val },
906
877
  };
907
878
  case 'not_equal':
908
879
  return {
909
- query: `e.${attr} NOT IN (:...${key})`,
880
+ query: `e.${attr} NOT IN (:${key})`,
910
881
  params: { [key]: val },
911
882
  };
912
883
  case 'contains':
@@ -929,7 +900,7 @@ if (
929
900
  );
930
901
  }
931
902
  }
932
-
903
+
933
904
  private buildYearCondition(attr: string, op: string, val: any, key: string) {
934
905
  switch (op) {
935
906
  case 'equal':