Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Query validation of array data #15

Open
coffenbacher opened this issue Feb 29, 2016 · 5 comments
Open

Query validation of array data #15

coffenbacher opened this issue Feb 29, 2016 · 5 comments

Comments

@coffenbacher
Copy link

What's the best way to validate a query like this? For example, to ensure id > 0

r.table('test').insert([{id: 1}, {id: -1}]) // Query

r.table('test').insert(RP.check(arr => arr.every(e => e.id > 0))) // Whitelist entry

Whitelisting like this fails, I think because arr is a parsed query as opposed to a js array. I'm not sure how to loop through it.
@coffenbacher
Copy link
Author

Also, related, but I'm not sure how to validate queries of the form:

r.table('test').getAll('id1', 'id2', 'id3')

For example, comparing the id's in the getAll against a valid list.

@mikemintz
Copy link
Owner

For your first query, you're right that its not working because the arr is still in ReQL AST instead of a vanilla JS array. A workaround for now would be:

const MAKE_ARRAY = 2;
const checkArr = checkFn => term => (
  Array.isArray(term)
  && term.length === 2
  && term[0] === MAKE_ARRAY
  && Array.isArray(term[1])
  && checkFn(term[1])
);

// whitelist entry
r.table('test').insert(
  checkArr(arr => arr.every(e => e.id > 0))
)

But this should ideally be addressed at the library level. I think it'll probably be safest to make something like RP.checkArr and RP.refArr, even though it might feel nicer to just seamlessly convert arrays to vanilla JS in RP.check and RP.ref, since it might be hard to do securely without leaving out edge cases.

@mikemintz
Copy link
Owner

I don't think there's an easy way to do validate variable number of arguments like getAll. I'll need to think more about that one.

@coffenbacher
Copy link
Author

Great, thanks! This helps a lot for now.

Regarding variable number of arguments, I'm thinking a workaround for now is to pass an array wrapped in r.args instead of spreading the array into multiple arguments? Not 100% sure where to go from there, but I imagine it becomes a lot more similar to the example you provided of dealing with the AST.

@mikemintz
Copy link
Owner

Great idea using r.args, that should work for getAll, and then yes you can use the same RP.checkArr workaround above. You can do:

r.table('test').getAll(
  r.args(checkArr(arr => arr.every(e => e.id > 0)))
)

Assuming the rethinkdb backend supports r.args anywhere, then there should be no need to implement a special case for whitelisting functions with variable number of arguments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikemintz @coffenbacher