Option to remove invalid type syntax before executing queries

[mlbonniec]

Using PostgreSQL (at least, I'm not sure for others), uuid types cannot be queried using non uuid formats.
Otherwise, you get a invalid input syntax for type uuid: "my-awesome-string".

To prevent that, we've to check is the string is a uuid.

For example, in a OR statement.

{
  $or: [
    { id: "my-awesome-string" }, // This cause an error
    { slug: "my-awesome-string" }
  ]
}

[B4nan]

Well, you cant query UUID by a non-UUID - you can query it by a string UUID, just not with any random string. I don't understand what more would you expect from the ORM. I don't think ignoring user-provided queries, even if they are invalid, would be a good idea. Quite unexpected to me, and could lead to potential security issues (e.g. you add a query to limit the results, its malformed because user provides some invalid value to it - you don't want to ignore that, your query needs to fail instead of returning some random results.

Note that you can create your own custom type that will validate the value before it gets passed down to any query. The only difference would be having the error message under control instead of relying on those returned by the database.

[mlbonniec]

When I want to get an entity by UUID or other, I always have to do this check ⤵️

const where: FilterQuery<ProductEntity> = [
  { slug: query }
];

if (isUUID(query))
  where.push({ id: query });

await this.productRepository.findOneOrFail({
  $or: where
);

I understand you security concern, and you're right, in some cases it could be dangerous, but in my case, what could happen ?

[B4nan]

Ignoring anything a user provides is a bad idea - they expect a filter to do something, not to ignore their request. If you want that, implement it yourself in your app. And yes, in your case, in $or condition, it won't make much difference.