Minor fixes (#9285)

Signed-off-by: Denis Bykhov <[email protected]>

Author: BykhovDenis

server/core/src/types.ts

@@ -68,17 +68,11 @@ import { type StorageAdapter } from './storage'
 import { type PlatformQueueProducer, type QueueTopic, type PlatformQueue } from './queue'
 
 export interface ServerFindOptions<T extends Doc> extends FindOptions<T> {
-  domain?: Domain // Allow to find for Doc's in specified domain only.
   prefix?: string
 
   skipClass?: boolean
   skipSpace?: boolean
 
-  domainLookup?: {
-    field: string
-    domain: Domain
-  }
-
   // using for join query security
   allowedSpaces?: Ref<Space>[]
 

server/middleware/src/domainFind.ts

@@ -62,7 +62,7 @@ export class DomainFindMiddleware extends BaseMiddleware implements Middleware {
       return this.next?.findAll(ctx, _class, query, options) ?? emptyFindResult
     }
     const p = options?.prefix ?? 'client'
-    const domain = options?.domain ?? this.context.hierarchy.getDomain(_class)
+    const domain = this.context.hierarchy.getDomain(_class)
     if (domain === DOMAIN_MODEL) {
       return Promise.resolve(this.context.modelDb.findAllSync(_class, query, options))
     }

server/mongo/src/storage.ts

@@ -543,13 +543,9 @@ abstract class MongoAdapterBase implements DbAdapter {
     lookup: Lookup<T> | undefined,
     object: any,
     parent?: string,
-    parentObject?: any,
-    domainLookup?: {
-      field: string
-      domain: Domain
-    }
+    parentObject?: any
   ): void {
-    if (lookup === undefined && domainLookup === undefined) return
+    if (lookup === undefined) return
     for (const key in lookup) {
       if (key === '_id') {
         this.fillReverseLookup(clazz, lookup, object, parent, parentObject)
@@ -567,14 +563,6 @@ abstract class MongoAdapterBase implements DbAdapter {
         this.fillLookup(value, object, key, fullKey, targetObject)
       }
     }
-    if (domainLookup !== undefined) {
-      if (object.$lookup === undefined) {
-        object.$lookup = {}
-      }
-      object.$lookup._id = object['dl_' + domainLookup.field + '_lookup'][0]
-      // eslint-disable-next-line @typescript-eslint/no-dynamic-delete
-      delete object['dl_' + domainLookup.field + '_lookup']
-    }
   }
 
   private fillReverseLookup<T extends Doc>(
@@ -654,18 +642,9 @@ abstract class MongoAdapterBase implements DbAdapter {
     const pipeline: any[] = []
     const tquery = this.translateQuery(clazz, query, options)
 
-    const slowPipeline = isLookupQuery(query) || isLookupSort(options?.sort) || options.domainLookup !== undefined
+    const slowPipeline = isLookupQuery(query) || isLookupSort(options?.sort)
     const steps = this.getLookups(clazz, options?.lookup)
 
-    if (options.domainLookup !== undefined) {
-      steps.push({
-        from: options.domainLookup.domain,
-        localField: options.domainLookup.field,
-        foreignField: '_id',
-        as: 'dl_' + options.domainLookup.field + '_lookup'
-      })
-    }
-
     if (options.associations !== undefined && options.associations.length > 0) {
       const assoc = this.getAssociations(options.associations)
       steps.push(...assoc)
@@ -731,7 +710,7 @@ abstract class MongoAdapterBase implements DbAdapter {
     }
     for (const row of result) {
       ctx.withSync('fill-lookup', {}, (ctx) => {
-        this.fillLookupValue(ctx, clazz, options?.lookup, row, undefined, undefined, options.domainLookup)
+        this.fillLookupValue(ctx, clazz, options?.lookup, row)
       })
       if (row.$lookup !== undefined) {
         for (const [, v] of Object.entries(row.$lookup)) {
@@ -901,13 +880,12 @@ abstract class MongoAdapterBase implements DbAdapter {
     return addOperation(ctx, 'find-all', {}, async () => {
       const st = platformNow()
       let result: FindResult<T>
-      const domain = options?.domain ?? this.hierarchy.getDomain(_class)
+      const domain = this.hierarchy.getDomain(_class)
       if (
         options?.lookup != null ||
         options?.associations != null ||
         this.isEnumSort(_class, options) ||
-        this.isRulesSort(options) ||
-        options?.domainLookup !== undefined
+        this.isRulesSort(options)
       ) {
         return await this.findWithPipeline(ctx, domain, _class, query, options ?? {}, stTime)
       }

server/postgres/src/storage.ts

@@ -88,6 +88,7 @@ import {
   DBCollectionHelper,
   type DBDoc,
   doFetchTypes,
+  escape,
   filterProjection,
   getDBClient,
   inferType,
@@ -661,7 +662,7 @@ abstract class PostgresAdapterBase implements DbAdapter {
       {},
       async () => {
         try {
-          const domain = translateDomain(options?.domain ?? this.hierarchy.getDomain(_class))
+          const domain = translateDomain(this.hierarchy.getDomain(_class))
           const sqlChunks: string[] = []
 
           const joins = this.buildJoins<T>(_class, options)
@@ -685,7 +686,7 @@ abstract class PostgresAdapterBase implements DbAdapter {
             sqlChunks.push(this.buildOrder(_class, domain, options.sort, joins))
           }
           if (options?.limit !== undefined) {
-            sqlChunks.push(`LIMIT ${options.limit}`)
+            sqlChunks.push(`LIMIT ${escape(options.limit)}`)
           }
 
           return (await this.mgr.retry(ctx.id, async (connection) => {
@@ -715,11 +716,7 @@ abstract class PostgresAdapterBase implements DbAdapter {
             fquery = finalSql
 
             const result = await connection.execute(finalSql, vars.getValues())
-            if (
-              options?.lookup === undefined &&
-              options?.domainLookup === undefined &&
-              options?.associations === undefined
-            ) {
+            if (options?.lookup === undefined && options?.associations === undefined) {
               return toFindResult(
                 result.map((p) => parseDocWithProjection(p, domain, projection)),
                 total
@@ -752,49 +749,35 @@ abstract class PostgresAdapterBase implements DbAdapter {
   ): Projection<T> | undefined {
     if (projection === undefined) return
 
+    const res: Projection<T> = {}
     if (!this.hierarchy.isMixin(_class)) {
-      return projection
+      for (const key in projection) {
+        ;(res as any)[escape(key)] = escape(projection[key])
+      }
+      return res
     }
 
-    projection = { ...projection }
     for (const key in projection) {
-      if (key.includes('.')) continue
-      try {
-        const attr = this.hierarchy.findAttribute(_class, key)
-        if (attr !== undefined && this.hierarchy.isMixin(attr.attributeOf)) {
-          const newKey = `${attr.attributeOf}.${attr.name}` as keyof Projection<T>
-          projection[newKey] = projection[key]
-
-          // eslint-disable-next-line @typescript-eslint/no-dynamic-delete
-          delete projection[key]
+      if (key.includes('.')) {
+        ;(res as any)[escape(key)] = escape(projection[key])
+      } else {
+        try {
+          const attr = this.hierarchy.findAttribute(_class, key)
+          if (attr !== undefined && this.hierarchy.isMixin(attr.attributeOf)) {
+            const newKey = `${attr.attributeOf}.${attr.name}` as keyof Projection<T>
+            res[newKey] = escape(projection[key])
+          }
+        } catch (err: any) {
+          // ignore, if
         }
-      } catch (err: any) {
-        // ignore, if
       }
     }
 
-    return projection
+    return res
   }
 
   private buildJoins<T extends Doc>(_class: Ref<Class<T>>, options: ServerFindOptions<T> | undefined): JoinProps[] {
     const joins = this.buildJoin(_class, options?.lookup)
-    if (options?.domainLookup !== undefined) {
-      const baseDomain = translateDomain(this.hierarchy.getDomain(_class))
-
-      const domain = translateDomain(options.domainLookup.domain)
-      const key = options.domainLookup.field
-      const as = `lookup_${domain}_${key}`
-      joins.push({
-        isReverse: false,
-        table: domain,
-        path: options.domainLookup.field,
-        toAlias: as,
-        toField: '_id',
-        fromField: key,
-        fromAlias: baseDomain,
-        toClass: undefined
-      })
-    }
     return joins
   }
 
@@ -1054,7 +1037,8 @@ abstract class PostgresAdapterBase implements DbAdapter {
     parentAlias?: string
   ): void {
     const baseDomain = parentAlias ?? translateDomain(this.hierarchy.getDomain(clazz))
-    for (const key in lookup) {
+    for (const _key in lookup) {
+      const key = escape(_key)
       if (key === '_id') {
         this.getReverseLookupValue(baseDomain, lookup, res, parentKey)
         continue
@@ -1195,7 +1179,8 @@ abstract class PostgresAdapterBase implements DbAdapter {
     if (options?.skipClass !== true) {
       query._class = this.fillClass(_class, query) as any
     }
-    for (const key in query) {
+    for (const _key in query) {
+      const key = escape(_key)
       if (options?.skipSpace === true && key === 'space') {
         continue
       }
@@ -1526,7 +1511,7 @@ abstract class PostgresAdapterBase implements DbAdapter {
   getAssociationsProjections (vars: ValuesVariables, baseDomain: string, associations: AssociationQuery[]): string[] {
     const res: string[] = []
     for (const association of associations) {
-      const _id = association[0]
+      const _id = escape(association[0])
       const assoc = this.modelDb.findObject(_id)
       if (assoc === undefined) {
         continue
@@ -1547,7 +1532,7 @@ abstract class PostgresAdapterBase implements DbAdapter {
           AND relation."workspaceId" = ${wsId}
           WHERE relation."${keyA}" = ${translateDomain(baseDomain)}."_id" 
           AND relation.association = '${_id}'
-          AND assoc."workspaceId" = ${wsId}) AS assoc_${tagetDomain}_${association[0]}`
+          AND assoc."workspaceId" = ${wsId}) AS assoc_${tagetDomain}_${_id}`
       )
     }
     return res
@@ -1581,7 +1566,8 @@ abstract class PostgresAdapterBase implements DbAdapter {
       if (projection._class === undefined) {
         res.push(`${baseDomain}."_class" AS "_class"`)
       }
-      for (const key in projection) {
+      for (const _key in projection) {
+        const key = escape(_key)
         if (isDataField(baseDomain, key)) {
           if (!dataAdded) {
             res.push(`${baseDomain}.data as data`)

server/postgres/src/utils.ts

@@ -657,3 +657,11 @@ export interface JoinProps {
   toClass?: Ref<Class<Doc>>
   classes?: Ref<Class<Doc>>[] // filter by classes
 }
+
+export function escape<T> (str: T): T {
+  if (typeof str === 'string') {
+    // Remove all characters except a-z, A-Z, 0-9 and _ .
+    return str.replace(/[^a-zA-Z0-9_.]/g, '') as T
+  }
+  return str
+}