-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#1785 (backport of #1782) broke some like queries on SQL DBs #1869
Comments
@mitsos1os, thanks for taking a look at this issue. |
Hi @FedericoMassaioli . Could you please give me some extra details about the problem you are facing since I am not extremely familiar with PostgreSQL?
Thanks |
Ok nevermind, I saw how the So since the actual values in the What do you think @bajtos ? |
@mitsos1os is not a PostgreSQL only thing, the |
@mitsos1os is not a PostgreSQL only thing, the After looking at the code you referenced, I devised the workaround of escaping with a double backslash the characters that trigger |
@FedericoMassaioli you are right. My SQL was a bit rusty 😄 ...
Without looking into it, I think that is the same result with The thing is I did the fix while using MongoDB and also got carried away by the documentation which references like operators to be used with Regular Expressions https://loopback.io/doc/en/lb3/Where-filter.html#operators so maybe @dhmlau this needs to be revised as well.. So I believe a decision should be taken regarding the usage of the Let's take @bajtos opinion as well and I can then move on to the fix |
It works with the escape I added. When For sure, the documentation is too terse on this aspect, there is no mention of the need to escape, or what character to escape, not even in the PostgreSQL specific section https://loopback.io/doc/en/lb3/Where-filter.html#ilike-and-nilike. And wrt. to tests, I think that this slipped by because no SQL tests are present in the test suite, as I commented in #1785 |
@FedericoMassaioli I would appreciate it if you could have the chance if it actually produced the same results.
Connector logic is deeper in the execution since this escape is done in DAO layer before calling the connector methods... It will probably need to be removed... |
@mitsos1os I had extensive checks made in a controlled situation and, as far as PostgreSQL is concerned, the escape is not harmful and results are correct, only an annoying and hard to explain console warning. However, I had a look at source code of other SQL DBs loopback connectors (I do not have time or DBMSs available at the moment to perform actual tests), with the following results:
Moreover, let me make another remark. FWIW in this scenario I'd definitely prefer to be rejected with an error response. |
@FedericoMassaioli Thank you for taking the time to perform the tests. We wad a similar discussion when first implementing the issue. So since this is an architectural decision let's wait to get an extra opinion on how to proceed. @dhmlau What do you think? |
sounds good. |
Thank you @FedericoMassaioli for detailed investigation of the issue and how different connector/databases handle escaping. From my point of view, I would expect the following behavior at high-level:
If we agree that's the direction to take, then I think we need to take the following steps:
Steps 1 and 2 should be backported to loopback-datasource-juggler 3.x too. Thoughts? |
@bajtos I agree. The initial #1781 should be solved in connector level, Memory and Mongo. |
+1
Based on the discussion above, I am afraid printing a warning is not enough to let app developers notice the problem. IMO, we should implement a more robust solution and reject requests with invalid RegExp values. It's the responsibility of the client to send a valid query, escaping invalid RegExp in a way that makes sense in the client/GUI context. |
So how would you like to proceed? Should I proceed issuing pull requests for memory and mongo?
My only objection to this, is that I find it inconsistent as behavior since it is not related to the client's knowledge of the backend. For example, since Loopback provides a generic interface for REST API no matter the underlying datasource, a client could issue the same |
That would be awesome! Let's start with fixing juggler (reverting your original change) and the memory connector (to handle invalid RegExp values).
I see your point. Unfortunately, the inconsistency cannot be avoided, because SQL connectors expect a wildcard (e.g. IMO, the REST API should make it clear what kind of patterns is expected for |
Hmmmm, I still consider the backend silent escaping instead of throwing excpection a more suitable solution. But no real problem with that... 😉 I can issue the pull requests that implement the query rejection, if you can revert the pull request! |
Starting from
[email protected]
queries usinglike
,nlike
,ilike
, andnilike
operators on SQL DBs (PostgreSQL in my case) fails, because the presence of parentheses (like in{where: {name: {nlike: 'Internal service (%'}}
) or other characters forbidden by theescapeRegEx()
cause the rewrite of the query string and the query to fail.The text was updated successfully, but these errors were encountered: