udpated api json parsing (lenient mode); add escaping table names in rdbms

2025-07-18 05:01:07 +00:00 · 2022-10-25 10:47:06 -05:00
parent dae803f709
commit 8ffc1c1a63
8 changed files with 120 additions and 45 deletions
--- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/utils/JsonUtils.java
+++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/utils/JsonUtils.java
@ -24,6 +24,7 @@ package com.kingsrook.qqq.backend.core.utils;

 import java.io.IOException;
 import java.time.Instant;
+import java.time.LocalDate;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@ -230,15 +231,41 @@ public class JsonUtils
    ** Convert a json object into a QRecord
    **
    *******************************************************************************/
-   public static QRecord parseQRecord(JSONObject jsonObject, Map<String, QFieldMetaData> fields)
+   public static QRecord parseQRecordStrict(JSONObject jsonObject, Map<String, QFieldMetaData> fields)
+   {
+      return (parseQRecord(jsonObject, fields, true));
+   }
+
+
+
+   /*******************************************************************************
+    ** Convert a json object into a QRecord
+    **
+    *******************************************************************************/
+   public static QRecord parseQRecordLenient(JSONObject jsonObject, Map<String, QFieldMetaData> fields)
+   {
+      return (parseQRecord(jsonObject, fields, false));
+   }
+
+
+
+   /*******************************************************************************
+    ** Convert a json object into a QRecord
+    **
+    *******************************************************************************/
+   private static QRecord parseQRecord(JSONObject jsonObject, Map<String, QFieldMetaData> fields, boolean strict)
   {
      QRecord record = new QRecord();

      FIELDS_LOOP:
      for(String fieldName : fields.keySet())
+      {
+         String originalBackendName = null;
+         try
         {
            QFieldMetaData metaData    = fields.get(fieldName);
            String         backendName = metaData.getBackendName() != null ? metaData.getBackendName() : fieldName;
+            originalBackendName = backendName;

            /////////////////////////////////////////////////////////////////////////////////////////////////
            // if the field backend name has dots in it, interpret that to mean traversal down sub-objects //
@ -286,9 +313,30 @@ public class JsonUtils
                     record.setValue(fieldName, instant);
                  }
               }
+               case DATE ->
+               {
+                  String dateString = jsonObjectToUse.optString(backendName);
+                  if(StringUtils.hasContent(dateString))
+                  {
+                     LocalDate localDate = ValueUtils.getValueAsLocalDate(dateString);
+                     record.setValue(fieldName, localDate);
+                  }
+               }
               default -> record.setValue(fieldName, jsonObjectToUse.optString(backendName));
            }
         }
+         catch(Exception e)
+         {
+            if(strict)
+            {
+               throw e;
+            }
+            else
+            {
+               LOG.debug("Caught exception parsing field [" + fieldName + "] as [" + originalBackendName + "]", e);
+            }
+         }
+      }

      return (record);
   }
--- a/qqq-backend-module-api/src/main/java/com/kingsrook/qqq/backend/module/api/actions/BaseAPIActionUtil.java
+++ b/qqq-backend-module-api/src/main/java/com/kingsrook/qqq/backend/module/api/actions/BaseAPIActionUtil.java
@ -263,7 +263,7 @@ public class BaseAPIActionUtil
    *******************************************************************************/
   protected QRecord jsonObjectToRecord(JSONObject jsonObject, Map<String, QFieldMetaData> fields) throws IOException
   {
-      QRecord record = JsonUtils.parseQRecord(jsonObject, fields);
+      QRecord record = JsonUtils.parseQRecordLenient(jsonObject, fields);
      return (record);
   }

@ -277,6 +277,11 @@ public class BaseAPIActionUtil
      int statusCode = response.getStatusLine().getStatusCode();
      System.out.println(statusCode);

+      if(statusCode >= 400)
+      {
+         handleGetResponseError(table, response);
+      }
+
      HttpEntity entity       = response.getEntity();
      String     resultString = EntityUtils.toString(entity);

@ -318,6 +323,18 @@ public class BaseAPIActionUtil



+   /*******************************************************************************
+    **
+    *******************************************************************************/
+   private void handleGetResponseError(QTableMetaData table, HttpResponse response) throws IOException
+   {
+      HttpEntity entity       = response.getEntity();
+      String     resultString = EntityUtils.toString(entity);
+      throw new IOException("Error performing query: " + resultString);
+   }
+
+
+
   /*******************************************************************************
    **
    *******************************************************************************/
--- a/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/AbstractRDBMSAction.java
+++ b/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/AbstractRDBMSAction.java
@ -401,4 +401,14 @@ public abstract class AbstractRDBMSAction implements QActionInterface
      }
   }

+
+
+   /*******************************************************************************
+    **
+    *******************************************************************************/
+   protected String escapeIdentifier(String id)
+   {
+      return ("`" + id + "`");
+   }
+
 }
--- a/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSCountAction.java
+++ b/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSCountAction.java
@ -57,7 +57,7 @@ public class RDBMSCountAction extends AbstractRDBMSAction implements CountInterf
         QTableMetaData table     = countInput.getTable();
         String         tableName = getTableName(table);

-         String sql = "SELECT count(*) as record_count FROM " + tableName;
+         String sql = "SELECT count(*) as record_count FROM " + escapeIdentifier(tableName);

         QQueryFilter       filter = countInput.getFilter();
         List<Serializable> params = new ArrayList<>();
--- a/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSDeleteAction.java
+++ b/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSDeleteAction.java
@ -186,7 +186,7 @@ public class RDBMSDeleteAction extends AbstractRDBMSAction implements DeleteInte

      // todo sql customization - can edit sql and/or param list?
      String sql = "DELETE FROM "
-         + tableName
+         + escapeIdentifier(tableName)
         + " WHERE "
         + primaryKeyName + " = ?";

--- a/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSInsertAction.java
+++ b/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSInsertAction.java
@ -109,7 +109,7 @@ public class RDBMSInsertAction extends AbstractRDBMSAction implements InsertInte
         {
            for(List<QRecord> page : CollectionUtils.getPages(insertInput.getRecords(), QueryManager.PAGE_SIZE))
            {
-               String        tableName   = getTableName(table);
+               String        tableName   = escapeIdentifier(getTableName(table));
               StringBuilder sql         = new StringBuilder("INSERT INTO ").append(tableName).append("(").append(columns).append(") VALUES");
               List<Object>  params      = new ArrayList<>();
               int           recordIndex = 0;
--- a/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSQueryAction.java
+++ b/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSQueryAction.java
@ -72,7 +72,7 @@ public class RDBMSQueryAction extends AbstractRDBMSAction implements QueryInterf
            .map(this::getColumnName)
            .collect(Collectors.joining(", "));

-         String sql = "SELECT " + columns + " FROM " + tableName;
+         String sql = "SELECT " + columns + " FROM " + escapeIdentifier(tableName);

         QQueryFilter       filter = queryInput.getFilter();
         List<Serializable> params = new ArrayList<>();
--- a/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSUpdateAction.java
+++ b/qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSUpdateAction.java
@ -223,7 +223,7 @@ public class RDBMSUpdateAction extends AbstractRDBMSAction implements UpdateInte
         .map(f -> this.getColumnName(table.getField(f)) + " = ?")
         .collect(Collectors.joining(", "));

-      String tableName = getTableName(table);
+      String tableName = escapeIdentifier(getTableName(table));
      return ("UPDATE " + tableName
         + " SET " + columns
         + " WHERE " + getColumnName(table.getField(table.getPrimaryKeyField())) + " ");