UNPKG

@budibase/server

Version:

Budibase Web Server

github.com/Budibase/budibase

Budibase/budibase

111 lines (102 loc) 3.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import { db, HTTPError } from "@budibase/backend-core" import { FieldType, isLogicalSearchOperator, SearchFilters, Table, } from "@budibase/types" import sdk from "../../../sdk" import { isInternal } from "../tables/utils" export const validateFilters = ( filters: SearchFilters, validFields: string[] ) => { validFields = validFields.map(f => f.toLowerCase()) for (const key of Object.keys(filters || {}) as (keyof SearchFilters)[]) { if (isLogicalSearchOperator(key)) { const filter = filters[key] if (!filter) { continue } for (const condition of filter.conditions) { validateFilters(condition, validFields) } } else { const filter = filters[key] if (!filter || typeof filter !== "object") { continue } for (const key of Object.keys(filter)) { if ( !validFields.includes(key.toLowerCase()) && !validFields.includes(db.removeKeyNumbering(key).toLowerCase()) ) { throw new HTTPError(`Invalid filter field: ${key}`, 400) } } } } } export const getQueryableFields = async ( table: Table, fields?: string[] ): Promise<string[]> => { const extractTableFields = async ( table: Table, allowedFields: string[], fromTables: string[], opts?: { noRelationships?: boolean } ): Promise<string[]> => { const result = [] if (isInternal({ table })) { result.push("_id") } for (const field of Object.keys(table.schema).filter( f => allowedFields.includes(f) && table.schema[f].visible !== false )) { const subSchema = table.schema[field] const isRelationship = subSchema.type === FieldType.LINK // avoid relationship loops if ( isRelationship && (opts?.noRelationships || fromTables.includes(subSchema.tableId)) ) { continue } if (isRelationship) { try { const relatedTable = await sdk.tables.getTable(subSchema.tableId) const relatedFields = await extractTableFields( relatedTable, Object.keys(relatedTable.schema), [...fromTables, subSchema.tableId], // don't let it recurse back and forth between relationships { noRelationships: true } ) result.push( ...relatedFields.flatMap(f => [ `${subSchema.name}.${f}`, // should be able to filter by relationship using table name `${relatedTable.name}.${f}`, ]) ) } catch (err: any) { // if related table is removed, ignore if (err.status !== 404) { throw err } } } else { result.push(field) } } return result } // Querying by _id is always allowed, even if it's never part of the schema const result = ["_id"] if (fields == null) { fields = Object.keys(table.schema) } result.push(...(await extractTableFields(table, fields, [table._id!]))) return Array.from(new Set(result)) }