Skip to content

Commit

Permalink
Merge pull request #519 from bitcoin-sv/BUX-685/SqlInjectionStatic
Browse files Browse the repository at this point in the history 
feat(bux-685): (Sql Injection) Added DestinationFilter struct, added filter parser
  • Loading branch information
@Nazarii-4chain
Nazarii-4chain authored Apr 9, 2024
2 parents 89f4210 + 352efe1 commit e66b6b6
Show file tree
Hide file tree
Showing 19 changed files with 911 additions and 33 deletions.
25 changes: 25 additions & 0 deletions actions/destinations/methods.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package destinations

import (
"github.com/bitcoin-sv/spv-wallet/engine"
"github.com/bitcoin-sv/spv-wallet/engine/datastore"
"github.com/bitcoin-sv/spv-wallet/models/filter"
)

// SearchRequestDestinationParameters is a struct for handling request parameters for search requests
type SearchRequestDestinationParameters struct {
// Custom conditions used for filtering the search results
Conditions filter.DestinationFilter `json:"conditions"`
// Accepts a JSON object for embedding custom metadata, enabling arbitrary additional information to be associated with the resource
Metadata *engine.Metadata `json:"metadata,omitempty" swaggertype:"object,string" example:"key:value,key2:value2"`
// Pagination and sorting options to streamline data exploration and analysis
QueryParams *datastore.QueryParams `json:"params,omitempty" swaggertype:"object,string" example:"page:1,page_size:10,order_by_field:created_at,order_by_direction:desc"`
}

// CountRequestDestinationParameters is a struct for handling request parameters for count requests
type CountRequestDestinationParameters struct {
// Custom conditions used for filtering the search results
Conditions map[string]interface{} `json:"conditions" swaggertype:"object,string" example:"testColumn:testValue"`
// Accepts a JSON object for embedding custom metadata, enabling arbitrary additional information to be associated with the resource
Metadata engine.Metadata `json:"metadata" swaggertype:"object,string" example:"key:value,key2:value2"`
}
20 changes: 10 additions & 10 deletions actions/destinations/search.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package destinations
import (
"net/http"

"github.com/bitcoin-sv/spv-wallet/actions"
"github.com/bitcoin-sv/spv-wallet/engine"
"github.com/bitcoin-sv/spv-wallet/mappings"
"github.com/bitcoin-sv/spv-wallet/models"
Expand All @@ -17,29 +16,30 @@ import (
// @Description Search for a destination
// @Tags Destinations
// @Produce json
// @Param SearchRequestParameters body actions.SearchRequestParameters false "Supports targeted resource searches with filters for metadata and custom conditions, plus options for pagination and sorting to streamline data exploration and analysis"
// @Param SearchRequestDestinationParameters body SearchRequestDestinationParameters false "Supports targeted resource searches with filters for metadata and custom conditions, plus options for pagination and sorting to streamline data exploration and analysis"
// @Success 200 {object} []models.Destination "List of destinations
// @Failure 400 "Bad request - Error while parsing SearchRequestParameters from request body"
// @Failure 400 "Bad request - Error while parsing SearchRequestDestinationParameters from request body"
// @Failure 500 "Internal server error - Error while searching for destinations"
// @Router /v1/destination/search [post]
// @Security x-auth-xpub
func (a *Action) search(c *gin.Context) {
reqXPubID := c.GetString(auth.ParamXPubHashKey)

queryParams, metadata, conditions, err := actions.GetSearchQueryParameters(c)
if err != nil {
var reqParams SearchRequestDestinationParameters
if err := c.Bind(&reqParams); err != nil {
c.JSON(http.StatusBadRequest, err.Error())
return
}

var destinations []*engine.Destination
if destinations, err = a.Services.SpvWalletEngine.GetDestinationsByXpubID(
destinations, err := a.Services.SpvWalletEngine.GetDestinationsByXpubID(
c.Request.Context(),
reqXPubID,
metadata,
conditions,
queryParams,
); err != nil {
reqParams.Metadata,
reqParams.Conditions.ToDbConditions(),
reqParams.QueryParams,
)
if err != nil {
c.JSON(http.StatusInternalServerError, err.Error())
return
}
Expand Down
101 changes: 98 additions & 3 deletions docs/docs.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

103 changes: 99 additions & 4 deletions docs/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1412,10 +1412,10 @@
"parameters": [
{
"description": "Supports targeted resource searches with filters for metadata and custom conditions, plus options for pagination and sorting to streamline data exploration and analysis",
"name": "SearchRequestParameters",
"name": "SearchRequestDestinationParameters",
"in": "body",
"schema": {
"$ref": "#/definitions/actions.SearchRequestParameters"
"$ref": "#/definitions/destinations.SearchRequestDestinationParameters"
}
}
],
Expand All @@ -1430,7 +1430,7 @@
}
},
"400": {
"description": "Bad request - Error while parsing SearchRequestParameters from request body"
"description": "Bad request - Error while parsing SearchRequestDestinationParameters from request body"
},
"500": {
"description": "Internal server error - Error while searching for destinations"
Expand Down Expand Up @@ -2180,6 +2180,43 @@
}
}
},
"destinations.SearchRequestDestinationParameters": {
"type": "object",
"properties": {
"conditions": {
"description": "Custom conditions used for filtering the search results",
"allOf": [
{
"$ref": "#/definitions/models.DestinationFilters"
}
]
},
"metadata": {
"description": "Accepts a JSON object for embedding custom metadata, enabling arbitrary additional information to be associated with the resource",
"type": "object",
"additionalProperties": {
"type": "string"
},
"example": {
"key": "value",
"key2": "value2"
}
},
"params": {
"description": "Pagination and sorting options to streamline data exploration and analysis",
"type": "object",
"additionalProperties": {
"type": "string"
},
"example": {
"order_by_direction": "desc",
"order_by_field": "created_at",
"page": "1",
"page_size": "10"
}
}
}
},
"destinations.UpdateDestination": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -2437,6 +2474,64 @@
}
}
},
"models.DestinationFilters": {
"type": "object",
"properties": {
"address": {
"description": "Address is a destination's address.",
"type": "string",
"example": "1CDUf7CKu8ocTTkhcYUbq75t14Ft168K65"
},
"created_range": {
"description": "CreatedRange is a filter for destinations created within a specific time range.",
"type": "object",
"additionalProperties": {
"type": "string"
},
"example": {
"from": "2024-02-26T11:01:28.069911",
"to": "2025-02-26T11:01:28.069911"
}
},
"draft_id": {
"description": "DraftID is a destination's draft id.",
"type": "string",
"example": "b356f7fa00cd3f20cce6c21d704cd13e871d28d714a5ebd0532f5a0e0cde63f7"
},
"include_deleted": {
"description": "IncludeDeleted is a flag which includes deleted destinations.",
"type": "boolean",
"example": true
},
"locking_script": {
"description": "LockingScript is a destination's locking script.",
"type": "string",
"example": "76a9147b05764a97f3b4b981471492aa703b188e45979b88ac"
},
"metadata": {
"description": "Metadata is a metadata map of outer model.",
"type": "object",
"additionalProperties": {
"type": "string"
},
"example": {
"key": "value",
"key2": "value2"
}
},
"updated_range": {
"description": "UpdatedRange is a filter for destinations updated within a specific time range.",
"type": "object",
"additionalProperties": {
"type": "string"
},
"example": {
"from": "2024-02-26T11:01:28.069911",
"to": "2025-02-26T11:01:28.069911"
}
}
}
},
"models.DraftTransaction": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -3361,4 +3456,4 @@
"in": "header"
}
}
}
}
Loading

0 comments on commit e66b6b6

Please # to comment.