From 447533ed87e0614bface6746aae09f922dc49828 Mon Sep 17 00:00:00 2001 From: Janis Hutz Date: Wed, 12 Jul 2023 16:23:13 +0200 Subject: [PATCH] sql manager --- src/server/app.js | 4 +- src/server/backend/db/mysqldb.js | 87 ++++++++++++++++++++++++++++++-- 2 files changed, 85 insertions(+), 6 deletions(-) diff --git a/src/server/app.js b/src/server/app.js index 70df3b2..d3708bd 100644 --- a/src/server/app.js +++ b/src/server/app.js @@ -44,8 +44,8 @@ app.use( bodyParser.json() ); app.use( cookieParser() ); app.use( express.static( '../webapp/dist' ) ); -require( './admin/routes.js' )( app, settings ); // admin route -require( './backend/userRoutes.js' )( app, settings ); // user route +require( './admin/routes.js' )( app, settings ); // admin routes +require( './backend/userRoutes.js' )( app, settings ); // user routes app.use( ( request, response ) => { response.sendFile( path.join( __dirname + '/../webapp/dist/index.html' ) ); diff --git a/src/server/backend/db/mysqldb.js b/src/server/backend/db/mysqldb.js index 2f670af..9c59161 100644 --- a/src/server/backend/db/mysqldb.js +++ b/src/server/backend/db/mysqldb.js @@ -61,10 +61,89 @@ class SQLDB { } ); } - query ( operation, dataToBeInserted ) { - // Legal options for the operation parameter are objects with the command attribute: - // getAllData, getFilteredData, getRelationalData, - this.sqlConnection.query(); + query ( operation, table ) { + return new Promise( ( resolve, reject ) => { + // getAllData, getFilteredData, InnerJoin, LeftJoin, RightJoin, addData, updateData, deleteData, checkDataAvailability, fullCustomCommand (NOTE: SANITISATION WILL NOT TAKE PLACE!) + /* + Possible operation.command values (all need the table argument of the method call): + - getAllData: no additional instructions needed + + - getFilteredData: + - operation.property (the column to search for the value), + - operation.searchQuery (the value to search for [will be sanitised by method]) + + - InnerJoin (Select values that match in both tables): + - operation.property (the column to search for the value), + - operation.searchQuery (the value to search for [will be sanitised by method]) + - operation.selection (The columns of both tables to be selected, e.g. users.name, orders.id) + - operation.secondTable (The second table to perform Join operation with) + - operation.matchingParam (Which properties should be matched to get the data, e.g. order.user_id=users.id) + + - LeftJoin (Select values in first table and return all corresponding values of second table): + - operation.property (the column to search for the value), + - operation.searchQuery (the value to search for [will be sanitised by method]) + - operation.selection (The columns of both tables to be selected, e.g. users.name, orders.id) + - operation.secondTable (The second table to perform Join operation with) + - operation.matchingParam (Which properties should be matched to get the data, e.g. order.user_id=users.id) + + - RightJoin (Select values in second table and return all corresponding values of first table): + - operation.property (the column to search for the value), + - operation.searchQuery (the value to search for [will be sanitised by method]) + - operation.selection (The columns of both tables to be selected, e.g. users.name, orders.id) + - operation.secondTable (The second table to perform Join operation with) + - operation.matchingParam (Which properties should be matched to get the data, e.g. order.user_id=users.id) + + - addData: + - operation.columns (the columns into which the data should be inserted (as a space separated string)) + - operation.values (the data to be inserted into the columns selected before (as a space separated string)) + + - updateData: + - operation.newValues (a object with keys being the column and value being the value to be inserted into that column, values are being + sanitised by the function) + - operation.property (the column to search for the value), + - operation.searchQuery (the value to search for [will be sanitised by method]) + - checkDataAvailability: + - operation.property (the column to search for the value), + - operation.searchQuery (the value to search for [will be sanitised by method]) + */ + let command = ''; + if ( operation.command === 'getAllData' ) { + command = 'SELECT * FROM ' + table; + } else if ( operation.command === 'getFilteredData' ) { + command = 'SELECT * FROM ' + table + ' WHERE ' + operation.property + ' = ' + this.sqlConnection.escape( operation.searchQuery ); + } else if ( operation.command === 'fullCustomCommand' ) { + command = operation.query; + } else if ( operation.command === 'addData' ) { + command = 'INSERT INTO ' + table + ' (' + operation.columns + ') VALUES (' + this.sqlConnection.escape( operation.values ) + ');'; + } else if ( operation.command === 'updateData' ) { + if ( !operation.property || !operation.searchQuery ) reject( 'Refusing to run destructive command: Missing Constraints' ); + else { + command = 'UPDATE ' + table + ' SET '; + for ( let value in operation.newValues ) { + command += value + ' = ' + this.sqlConnection.escape( operation.newValues[ value ] ); + } + command += ' WHERE ' + operation.property + ' = ' + this.sqlConnection.escape( operation.searchQuery ); + } + } else if ( operation.command === 'deleteData' ) { + if ( !operation.property || !operation.searchQuery ) reject( 'Refusing to run destructive command: Missing Constraints' ); + else { + command = 'DELETE FROM ' + table + ' WHERE ' + operation.property + ' = ' + this.sqlConnection.escape( operation.searchQuery ); + } + } else if ( operation.command === 'InnerJoin' ) { + command = 'SELECT ' + operation.selection + ' FROM ' + table + ' WHERE ' + operation.property + ' = ' + this.sqlConnection.escape( operation.searchQuery ) + ' INNER JOIN ' + operation.secondTable + ' ON ' + operation.matchingParam; + } else if ( operation.command === 'LeftJoin' ) { + command = 'SELECT ' + operation.selection + ' FROM ' + table + ' WHERE ' + operation.property + ' = ' + this.sqlConnection.escape( operation.searchQuery ) + ' LEFT JOIN ' + operation.secondTable + ' ON ' + operation.matchingParam; + } else if ( operation.command === 'RightJoin' ) { + command = 'SELECT ' + operation.selection + ' FROM ' + table + ' WHERE ' + operation.property + ' = ' + this.sqlConnection.escape( operation.searchQuery ) + ' RIGHT JOIN ' + operation.secondTable + ' ON ' + operation.matchingParam; + } else if ( operation.command === 'checkDataAvailability' ) { + command = 'SELECT * FROM ' + table + ' WHERE ' + operation.property + ' = ' + this.sqlConnection.escape( operation.searchQuery ); + } + this.sqlConnection.query( command, ( error, results ) => { + if ( error ) reject( error ); + console.log( results ); + resolve( results ); + } ); + } ); } }