Use proper db parameters

This commit is contained in:
Tobie Morgan Hitchcock 2016-09-14 22:32:52 +01:00
parent ed474b8415
commit 3db0d79443
3 changed files with 144 additions and 81 deletions

View file

@ -60,19 +60,10 @@ func Exit() {
} }
// Prepare prepares a query for parameterization for future execution
func Prepare(sql string, param ...interface{}) string {
// IMPORTANT Need to improve database paramaterization
return fmt.Sprintf(sql, param...)
}
// Execute parses the query and executes it against the data layer // Execute parses the query and executes it against the data layer
func Execute(ctx *fibre.Context, txt interface{}) (out []interface{}, err error) { func Execute(ctx *fibre.Context, txt interface{}, vars map[string]interface{}) (out []*Response, err error) {
ast, err := sql.Parse(ctx, txt) ast, err := sql.Parse(ctx, txt, vars)
if err != nil { if err != nil {
return return
} }

View file

@ -75,7 +75,7 @@ func routes(s *fibre.Fibre) {
}) })
s.Post("/sql", func(c *fibre.Context) error { s.Post("/sql", func(c *fibre.Context) error {
res, err := db.Execute(c, c.Request().Body) res, err := db.Execute(c, c.Request().Body, nil)
if err != nil { if err != nil {
return err return err
} }
@ -91,30 +91,46 @@ func routes(s *fibre.Fibre) {
}) })
s.Get("/key/:class", func(c *fibre.Context) error { s.Get("/key/:class", func(c *fibre.Context) error {
sql := db.Prepare("SELECT * FROM ⟨%v⟩", c.Param("class"))
res, err := db.Execute(c, sql) txt := "SELECT * FROM $class"
if err != nil {
return fibre.NewHTTPError(500) res, err := db.Execute(c, txt, map[string]interface{}{
} "class": sql.NewTable(c.Param("class")),
return output(c, res[0]) })
return output(c, err, res)
}) })
s.Post("/key/:class", func(c *fibre.Context) error { s.Post("/key/:class", func(c *fibre.Context) error {
sql := db.Prepare("CREATE ⟨%v⟩ CONTENT %v RETURN AFTER", c.Param("class"), string(c.Body()))
res, err := db.Execute(c, sql) var data interface{}
if err != nil {
return fibre.NewHTTPError(500) if err := c.Bind(data); err != nil {
return fibre.NewHTTPError(422)
} }
return output(c, res[0])
txt := "CREATE $class CONTENT $data RETURN AFTER"
res, err := db.Execute(c, txt, map[string]interface{}{
"class": sql.NewTable(c.Param("class")),
"data": data,
})
return output(c, err, res)
}) })
s.Delete("/key/:class", func(c *fibre.Context) error { s.Delete("/key/:class", func(c *fibre.Context) error {
sql := db.Prepare("DELETE FROM ⟨%v⟩", c.Param("class"))
res, err := db.Execute(c, sql) txt := "DELETE FROM $class"
if err != nil {
return fibre.NewHTTPError(500) res, err := db.Execute(c, txt, map[string]interface{}{
} "class": sql.NewTable(c.Param("class")),
return output(c, res[0]) })
return output(c, err, res)
}) })
// -------------------------------------------------- // --------------------------------------------------
@ -126,57 +142,96 @@ func routes(s *fibre.Fibre) {
}) })
s.Get("/key/:class/:id", func(c *fibre.Context) error { s.Get("/key/:class/:id", func(c *fibre.Context) error {
sql := db.Prepare("SELECT * FROM @⟨%v⟩:⟨%v⟩", c.Param("class"), c.Param("id"))
res, err := db.Execute(c, sql) txt := "SELECT * FROM $thing"
if err != nil {
return fibre.NewHTTPError(500) res, err := db.Execute(c, txt, map[string]interface{}{
} "thing": sql.NewThing(c.Param("class"), c.Param("id")),
return output(c, res[0]) })
return output(c, err, res)
}) })
s.Put("/key/:class/:id", func(c *fibre.Context) error { s.Put("/key/:class/:id", func(c *fibre.Context) error {
sql := db.Prepare("CREATE @⟨%v⟩:⟨%v⟩ CONTENT %v RETURN AFTER", c.Param("class"), c.Param("id"), string(c.Body()))
res, err := db.Execute(c, sql) var data interface{}
if err != nil {
return fibre.NewHTTPError(500) if err := c.Bind(data); err != nil {
return fibre.NewHTTPError(422)
} }
return output(c, res[0])
txt := "CREATE $thing CONTENT $data RETURN AFTER"
res, err := db.Execute(c, txt, map[string]interface{}{
"thing": sql.NewThing(c.Param("class"), c.Param("id")),
"data": data,
})
return output(c, err, res)
}) })
s.Post("/key/:class/:id", func(c *fibre.Context) error { s.Post("/key/:class/:id", func(c *fibre.Context) error {
sql := db.Prepare("UPDATE @⟨%v⟩:⟨%v⟩ CONTENT %v RETURN AFTER", c.Param("class"), c.Param("id"), string(c.Body()))
res, err := db.Execute(c, sql) var data interface{}
if err != nil {
return fibre.NewHTTPError(500) if err := c.Bind(data); err != nil {
return fibre.NewHTTPError(422)
} }
return output(c, res[0])
txt := "UPDATE $thing CONTENT $data RETURN AFTER"
res, err := db.Execute(c, txt, map[string]interface{}{
"thing": sql.NewThing(c.Param("class"), c.Param("id")),
"data": data,
})
return output(c, err, res)
}) })
s.Patch("/key/:class/:id", func(c *fibre.Context) error { s.Patch("/key/:class/:id", func(c *fibre.Context) error {
sql := db.Prepare("MODIFY @⟨%v⟩:⟨%v⟩ DIFF %v RETURN AFTER", c.Param("class"), c.Param("id"), string(c.Body()))
res, err := db.Execute(c, sql) var data interface{}
if err != nil {
return fibre.NewHTTPError(500) if err := c.Bind(data); err != nil {
return fibre.NewHTTPError(422)
} }
return output(c, res[0])
txt := "MODIFY $thing DIFF $data RETURN AFTER"
res, err := db.Execute(c, txt, map[string]interface{}{
"thing": sql.NewThing(c.Param("class"), c.Param("id")),
"data": data,
})
return output(c, err, res)
}) })
s.Trace("/key/:class/:id", func(c *fibre.Context) error { s.Trace("/key/:class/:id", func(c *fibre.Context) error {
sql := db.Prepare("SELECT HISTORY FROM @⟨%v⟩:⟨%v⟩", c.Param("class"), c.Param("id"))
res, err := db.Execute(c, sql) txt := "SELECT HISTORY FROM $thing"
if err != nil {
return fibre.NewHTTPError(500) res, err := db.Execute(c, txt, map[string]interface{}{
} "thing": sql.NewThing(c.Param("class"), c.Param("id")),
return output(c, res[0]) })
return output(c, err, res)
}) })
s.Delete("/key/:class/:id", func(c *fibre.Context) error { s.Delete("/key/:class/:id", func(c *fibre.Context) error {
sql := db.Prepare("DELETE @⟨%v⟩:⟨%v⟩", c.Param("class"), c.Param("id"))
res, err := db.Execute(c, sql) txt := "DELETE $thing"
if err != nil {
return fibre.NewHTTPError(500) res, err := db.Execute(c, txt, map[string]interface{}{
} "thing": sql.NewThing(c.Param("class"), c.Param("id")),
return output(c, res[0]) })
return output(c, err, res)
}) })
} }

View file

@ -17,40 +17,57 @@ package web
import ( import (
"github.com/abcum/fibre" "github.com/abcum/fibre"
"github.com/abcum/surreal/db" "github.com/abcum/surreal/db"
"github.com/abcum/surreal/sql"
) )
type rpc struct{} type rpc struct{}
func (r *rpc) Sql(c *fibre.Context, sql string) (interface{}, error) { func (r *rpc) Sql(c *fibre.Context, sql string, vars map[string]interface{}) (interface{}, error) {
return db.Execute(c, sql) return db.Execute(c, sql, vars)
} }
func (r *rpc) List(c *fibre.Context, class string) (interface{}, error) { func (r *rpc) List(c *fibre.Context, class string) (interface{}, error) {
sql := db.Prepare("SELECT * FROM ⟨%v⟩", class) return db.Execute(c, "SELECT * FROM $class", map[string]interface{}{
return db.Execute(c, sql) "class": sql.NewTable(class),
})
} }
func (r *rpc) Select(c *fibre.Context, class, thing string) (interface{}, error) { func (r *rpc) Create(c *fibre.Context, class string, data map[string]interface{}) (interface{}, error) {
sql := db.Prepare("SELECT * FROM @⟨%v⟩:⟨%v⟩", class, thing) return db.Execute(c, "CREATE $class CONTENT $data RETURN AFTER", map[string]interface{}{
return db.Execute(c, sql) "class": sql.NewTable(class),
"data": data,
})
} }
func (r *rpc) Create(c *fibre.Context, class, thing, data string) (interface{}, error) { func (r *rpc) Select(c *fibre.Context, class string, thing interface{}) (interface{}, error) {
sql := db.Prepare("CREATE @⟨%v⟩:⟨%v⟩ CONTENT %v RETURN AFTER", class, thing, data) return db.Execute(c, "SELECT * FROM $thing", map[string]interface{}{
return db.Execute(c, sql) "thing": sql.NewThing(class, thing),
})
} }
func (r *rpc) Update(c *fibre.Context, class, thing, data string) (interface{}, error) { func (r *rpc) Insert(c *fibre.Context, class string, thing interface{}, data map[string]interface{}) (interface{}, error) {
sql := db.Prepare("UPDATE @⟨%v⟩:⟨%v⟩ CONTENT %v RETURN AFTER", class, thing, data) return db.Execute(c, "INSERT $thing CONTENT $data RETURN AFTER", map[string]interface{}{
return db.Execute(c, sql) "thing": sql.NewThing(class, thing),
"data": data,
})
} }
func (r *rpc) Modify(c *fibre.Context, class, thing, data string) (interface{}, error) { func (r *rpc) Upsert(c *fibre.Context, class string, thing interface{}, data map[string]interface{}) (interface{}, error) {
sql := db.Prepare("MODIFY @⟨%v⟩:⟨%v⟩ DIFF %v RETURN DIFF", class, thing, data) return db.Execute(c, "UPSERT $thing CONTENT $data RETURN AFTER", map[string]interface{}{
return db.Execute(c, sql) "thing": sql.NewThing(class, thing),
"data": data,
})
} }
func (r *rpc) Delete(c *fibre.Context, class, thing string) (interface{}, error) { func (r *rpc) Modify(c *fibre.Context, class string, thing interface{}, data map[string]interface{}) (interface{}, error) {
sql := db.Prepare("DELETE @⟨%v⟩:⟨%v⟩", class, thing) return db.Execute(c, "MODIFY $thing DIFF $data RETURN DIFF", map[string]interface{}{
return db.Execute(c, sql) "thing": sql.NewThing(class, thing),
"data": data,
})
}
func (r *rpc) Delete(c *fibre.Context, class string, thing interface{}) (interface{}, error) {
return db.Execute(c, "DELETE $thing", map[string]interface{}{
"thing": sql.NewThing(class, thing),
})
} }