budibase/packages/server/src/sdk/app/rows/utils.ts

import validateJs from "validate.js"
import dayjs from "dayjs"
import cloneDeep from "lodash/fp/cloneDeep"
import {
  Datasource,
  DatasourcePlusQueryResponse,
  FieldConstraints,
  FieldType,
  QueryJson,
  Row,
  SourceName,
  Table,
  TableSchema,
  SqlClient,
  ArrayOperator,
  ViewV2,
} from "@budibase/types"
import { makeExternalQuery } from "../../../integrations/base/query"
import { Format } from "../../../api/controllers/view/exporters"
import sdk from "../.."
import { extractViewInfoFromID, isRelationshipColumn } from "../../../db/utils"
import { isSQL } from "../../../integrations/utils"
import { docIds, sql } from "@budibase/backend-core"
import { getTableFromSource } from "../../../api/controllers/row/utils"
import env from "../../../environment"

const SQL_CLIENT_SOURCE_MAP: Record<SourceName, SqlClient | undefined> = {
  [SourceName.POSTGRES]: SqlClient.POSTGRES,
  [SourceName.MYSQL]: SqlClient.MY_SQL,
  [SourceName.SQL_SERVER]: SqlClient.MS_SQL,
  [SourceName.ORACLE]: SqlClient.ORACLE,
  [SourceName.DYNAMODB]: undefined,
  [SourceName.MONGODB]: undefined,
  [SourceName.ELASTICSEARCH]: undefined,
  [SourceName.COUCHDB]: undefined,
  [SourceName.S3]: undefined,
  [SourceName.AIRTABLE]: undefined,
  [SourceName.ARANGODB]: undefined,
  [SourceName.REST]: undefined,
  [SourceName.FIRESTORE]: undefined,
  [SourceName.GOOGLE_SHEETS]: undefined,
  [SourceName.REDIS]: undefined,
  [SourceName.SNOWFLAKE]: undefined,
  [SourceName.BUDIBASE]: undefined,
}

const XSS_INPUT_REGEX =
  /[<>;"'(){}]|--|\/\*|\*\/|union|select|insert|drop|delete|update|exec|script/i

export function getSQLClient(datasource: Datasource): SqlClient {
  if (!isSQL(datasource)) {
    throw new Error("Cannot get SQL Client for non-SQL datasource")
  }
  const lookup = SQL_CLIENT_SOURCE_MAP[datasource.source]
  if (lookup) {
    return lookup
  }
  throw new Error("Unable to determine client for SQL datasource")
}

export function processRowCountResponse(
  response: DatasourcePlusQueryResponse
): number {
  if (
    response &&
    response.length === 1 &&
    sql.COUNT_FIELD_NAME in response[0]
  ) {
    const total = response[0][sql.COUNT_FIELD_NAME]
    return typeof total === "number" ? total : parseInt(total)
  } else {
    throw new Error("Unable to count rows in query - no count response")
  }
}

export async function getDatasourceAndQuery(
  json: QueryJson
): Promise<DatasourcePlusQueryResponse> {
  const datasourceId = json.endpoint.datasourceId
  const datasource = await sdk.datasources.get(datasourceId)
  const table = datasource.entities?.[json.endpoint.entityId]
  if (!json.meta && table) {
    json.meta = {
      table,
    }
  }
  return makeExternalQuery(datasource, json)
}

export function cleanExportRows(
  rows: Row[],
  schema: TableSchema,
  format: string,
  columns?: string[],
  customHeaders: { [key: string]: string } = {}
) {
  let cleanRows = [...rows]

  const relationships = Object.entries(schema)
    .filter((entry: any[]) => entry[1].type === FieldType.LINK)
    .map(entry => entry[0])

  relationships.forEach(column => {
    cleanRows.forEach(row => {
      delete row[column]
    })
    delete schema[column]
  })

  if (format === Format.CSV) {
    // Intended to append empty values in export
    const schemaKeys = Object.keys(schema)
    for (let key of schemaKeys) {
      if (columns?.length && columns.indexOf(key) > 0) {
        continue
      }
      for (let row of cleanRows) {
        if (row[key] == null) {
          row[key] = undefined
        }
      }
    }
  } else if (format === Format.JSON) {
    // Replace row keys with custom headers
    for (let row of cleanRows) {
      renameKeys(customHeaders, row)
    }
  }

  return cleanRows
}

function renameKeys(keysMap: { [key: string]: any }, row: any) {
  for (const key in keysMap) {
    Object.defineProperty(
      row,
      keysMap[key],
      Object.getOwnPropertyDescriptor(row, key) || {}
    )
    delete row[key]
  }
}

function isForeignKey(key: string, table: Table) {
  const relationships = Object.values(table.schema).filter(isRelationshipColumn)
  return relationships.some(
    relationship => (relationship as any).foreignKey === key
  )
}

export async function validate({
  source,
  row,
}: {
  source: Table | ViewV2
  row: Row
}): Promise<{
  valid: boolean
  errors: Record<string, any>
}> {
  const table = await getTableFromSource(source)
  const errors: Record<string, any> = {}
  const disallowArrayTypes = [
    FieldType.ATTACHMENT_SINGLE,
    FieldType.BB_REFERENCE_SINGLE,
  ]
  for (let fieldName of Object.keys(table.schema)) {
    const column = table.schema[fieldName]
    const constraints = cloneDeep(column.constraints)
    const type = column.type
    // foreign keys are likely to be enriched
    if (isForeignKey(fieldName, table)) {
      continue
    }
    // formulas shouldn't validated, data will be deleted anyway
    if (type === FieldType.FORMULA || column.autocolumn) {
      continue
    }
    // special case for options, need to always allow unselected (empty)
    if (type === FieldType.OPTIONS && constraints?.inclusion) {
      constraints.inclusion.push(null as any, "")
    }

    if (disallowArrayTypes.includes(type) && Array.isArray(row[fieldName])) {
      errors[fieldName] = `Cannot accept arrays`
    }
    let res

    // Validate.js doesn't seem to handle array
    if (type === FieldType.ARRAY && row[fieldName]) {
      if (row[fieldName].length) {
        if (!Array.isArray(row[fieldName])) {
          row[fieldName] = row[fieldName].split(",")
        }
        row[fieldName].map((val: any) => {
          if (
            !constraints?.inclusion?.includes(val) &&
            constraints?.inclusion?.length !== 0
          ) {
            errors[fieldName] = "Field not in list"
          }
        })
      } else if (constraints?.presence && row[fieldName].length === 0) {
        // non required MultiSelect creates an empty array, which should not throw errors
        errors[fieldName] = [`${fieldName} is required`]
      }
    } else if (
      (type === FieldType.ATTACHMENTS || type === FieldType.JSON) &&
      typeof row[fieldName] === "string"
    ) {
      // this should only happen if there is an error
      try {
        const json = JSON.parse(row[fieldName])
        if (type === FieldType.ATTACHMENTS) {
          if (Array.isArray(json)) {
            row[fieldName] = json
          } else {
            errors[fieldName] = [`Must be an array`]
          }
        }
      } catch (err) {
        errors[fieldName] = [`Contains invalid JSON`]
      }
    } else if (type === FieldType.DATETIME && column.timeOnly) {
      res = validateTimeOnlyField(fieldName, row[fieldName], constraints)
    } else {
      res = validateJs.single(row[fieldName], constraints)
    }

    if (env.XSS_SAFE_MODE && typeof row[fieldName] === "string") {
      if (XSS_INPUT_REGEX.test(row[fieldName])) {
        errors[fieldName] = [
          "Input not sanitised - potentially vulnerable to XSS",
        ]
      }
    }

    if (res) errors[fieldName] = res
  }
  return { valid: Object.keys(errors).length === 0, errors }
}

function validateTimeOnlyField(
  fieldName: string,
  value: any,
  constraints: FieldConstraints | undefined
) {
  let res
  if (value && !value.match(/^(\d+)(:[0-5]\d){1,2}$/)) {
    res = [`"${fieldName}" is not a valid time`]
  } else if (constraints) {
    let castedValue = value
    const stringTimeToDate = (value: string) => {
      const [hour, minute, second] = value.split(":").map((x: string) => +x)
      let date = dayjs("2000-01-01T00:00:00.000Z").hour(hour).minute(minute)
      if (!isNaN(second)) {
        date = date.second(second)
      }
      return date
    }

    if (castedValue) {
      castedValue = stringTimeToDate(castedValue)
    }
    let castedConstraints = cloneDeep(constraints)

    let earliest, latest
    let easliestTimeString: string, latestTimeString: string
    if (castedConstraints.datetime?.earliest) {
      easliestTimeString = castedConstraints.datetime.earliest
      if (dayjs(castedConstraints.datetime.earliest).isValid()) {
        easliestTimeString = dayjs(castedConstraints.datetime.earliest).format(
          "HH:mm"
        )
      }
      earliest = stringTimeToDate(easliestTimeString)
    }
    if (castedConstraints.datetime?.latest) {
      latestTimeString = castedConstraints.datetime.latest
      if (dayjs(castedConstraints.datetime.latest).isValid()) {
        latestTimeString = dayjs(castedConstraints.datetime.latest).format(
          "HH:mm"
        )
      }
      latest = stringTimeToDate(latestTimeString)
    }

    if (earliest && latest && earliest.isAfter(latest)) {
      latest = latest.add(1, "day")
      if (earliest.isAfter(castedValue)) {
        castedValue = castedValue.add(1, "day")
      }
    }

    if (earliest || latest) {
      castedConstraints.datetime = {
        earliest: earliest?.toISOString() || "",
        latest: latest?.toISOString() || "",
      }
    }

    let jsValidation = validateJs.single(
      castedValue?.toISOString(),
      castedConstraints
    )
    jsValidation = jsValidation?.map((m: string) =>
      m
        ?.replace(
          castedConstraints.datetime?.earliest || "",
          easliestTimeString || ""
        )
        .replace(
          castedConstraints.datetime?.latest || "",
          latestTimeString || ""
        )
    )
    if (jsValidation) {
      res ??= []
      res.push(...jsValidation)
    }
  }

  return res
}

// type-guard check
export function isArrayFilter(operator: any): operator is ArrayOperator {
  return Object.values(ArrayOperator).includes(operator)
}

export function tryExtractingTableAndViewId(tableOrViewId: string) {
  if (docIds.isViewId(tableOrViewId)) {
    return {
      tableId: extractViewInfoFromID(tableOrViewId).tableId,
      viewId: tableOrViewId,
    }
  }

  return { tableId: tableOrViewId }
}

export function getSource(tableOrViewId: string) {
  if (docIds.isViewId(tableOrViewId)) {
    return sdk.views.get(tableOrViewId)
  }
  return sdk.tables.getTable(tableOrViewId)
}
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`import validateJs from "validate.js"`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`import dayjs from "dayjs"`
			`import cloneDeep from "lodash/fp/cloneDeep"`
Revert "Revert "SQL Query aliasing"" 2024-02-29 13:33:03 +01:00			`import {`
PR comments. 2024-03-05 18:42:44 +01:00			`Datasource,`
			`DatasourcePlusQueryResponse,`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`FieldConstraints,`
Revert "Revert "SQL Query aliasing"" 2024-02-29 13:33:03 +01:00			`FieldType,`
			`QueryJson,`
			`Row,`
PR comments. 2024-03-05 18:42:44 +01:00			`SourceName,`
Revert "Revert "SQL Query aliasing"" 2024-02-29 13:33:03 +01:00			`Table,`
			`TableSchema,`
Moving some stuff around to make way for other services using the sql layers. 2024-05-16 18:33:47 +02:00			`SqlClient,`
Checking the correct operation - also typeguarding the check. 2024-08-09 15:35:13 +02:00			`ArrayOperator,`
Working on plumbing 'source' all the way through our code. 2024-09-24 13:30:45 +02:00			`ViewV2,`
Revert "Revert "SQL Query aliasing"" 2024-02-29 13:33:03 +01:00			`} from "@budibase/types"`
Moving files and functions 2023-07-14 17:04:59 +02:00			`import { makeExternalQuery } from "../../../integrations/base/query"`
			`import { Format } from "../../../api/controllers/view/exporters"`
			`import sdk from "../.."`
Working on plumbing 'source' all the way through our code. 2024-09-24 13:30:45 +02:00			`import { extractViewInfoFromID, isRelationshipColumn } from "../../../db/utils"`
Moving some stuff around to make way for other services using the sql layers. 2024-05-16 18:33:47 +02:00			`import { isSQL } from "../../../integrations/utils"`
Fix imports. 2024-10-02 11:05:56 +02:00			`import { docIds, sql } from "@budibase/backend-core"`
Mostly solving type errors around passing the view all the way down, got a fair few left. 2024-09-24 14:01:33 +02:00			`import { getTableFromSource } from "../../../api/controllers/row/utils"`
fixing vulns for ent client 2024-10-07 17:44:28 +02:00			`import env from "../../../environment"`
Disabling aliasing on writes (create, update, delete) for MySQL/MS-SQL datasources. 2024-03-05 17:19:21 +01:00
PR comments. 2024-03-05 18:42:44 +01:00			`const SQL_CLIENT_SOURCE_MAP: Record<SourceName, SqlClient \| undefined> = {`
			`[SourceName.POSTGRES]: SqlClient.POSTGRES,`
			`[SourceName.MYSQL]: SqlClient.MY_SQL,`
			`[SourceName.SQL_SERVER]: SqlClient.MS_SQL,`
			`[SourceName.ORACLE]: SqlClient.ORACLE,`
			`[SourceName.DYNAMODB]: undefined,`
			`[SourceName.MONGODB]: undefined,`
			`[SourceName.ELASTICSEARCH]: undefined,`
			`[SourceName.COUCHDB]: undefined,`
			`[SourceName.S3]: undefined,`
			`[SourceName.AIRTABLE]: undefined,`
			`[SourceName.ARANGODB]: undefined,`
			`[SourceName.REST]: undefined,`
			`[SourceName.FIRESTORE]: undefined,`
			`[SourceName.GOOGLE_SHEETS]: undefined,`
			`[SourceName.REDIS]: undefined,`
			`[SourceName.SNOWFLAKE]: undefined,`
			`[SourceName.BUDIBASE]: undefined,`
			`}`

XSS safe mode to prevent unsanitised input 2024-10-07 17:47:49 +02:00			`const XSS_INPUT_REGEX =`
			`/[<>;"'(){}]\|--\|\/\\|\\/\|union\|select\|insert\|drop\|delete\|update\|exec\|script/i`
fixing vulns for ent client 2024-10-07 17:44:28 +02:00
Disabling aliasing on writes (create, update, delete) for MySQL/MS-SQL datasources. 2024-03-05 17:19:21 +01:00			`export function getSQLClient(datasource: Datasource): SqlClient {`
Fix for issue with aliasing not quite working as expected when interacting with very old datasources, there is a flag 'isSQL' which was not set in old versions, this is now set when retrieving datasources to avoid issues with it being unset. 2024-03-19 15:48:56 +01:00			`if (!isSQL(datasource)) {`
Disabling aliasing on writes (create, update, delete) for MySQL/MS-SQL datasources. 2024-03-05 17:19:21 +01:00			`throw new Error("Cannot get SQL Client for non-SQL datasource")`
			`}`
PR comments. 2024-03-05 18:42:44 +01:00			`const lookup = SQL_CLIENT_SOURCE_MAP[datasource.source]`
			`if (lookup) {`
			`return lookup`
Disabling aliasing on writes (create, update, delete) for MySQL/MS-SQL datasources. 2024-03-05 17:19:21 +01:00			`}`
PR comments. 2024-03-05 18:42:44 +01:00			`throw new Error("Unable to determine client for SQL datasource")`
Disabling aliasing on writes (create, update, delete) for MySQL/MS-SQL datasources. 2024-03-05 17:19:21 +01:00			`}`
Moving files and functions 2023-07-14 17:04:59 +02:00
Changing how counting is processed. 2024-06-19 15:28:22 +02:00			`export function processRowCountResponse(`
			`response: DatasourcePlusQueryResponse`
			`): number {`
Fix imports. 2024-10-02 11:05:56 +02:00			`if (`
			`response &&`
			`response.length === 1 &&`
			`sql.COUNT_FIELD_NAME in response[0]`
			`) {`
			`const total = response[0][sql.COUNT_FIELD_NAME]`
Changing how counting is processed. 2024-06-19 15:28:22 +02:00			`return typeof total === "number" ? total : parseInt(total)`
			`} else {`
			`throw new Error("Unable to count rows in query - no count response")`
			`}`
			`}`

Revert "Revert "SQL Query aliasing"" 2024-02-29 13:33:03 +01:00			`export async function getDatasourceAndQuery(`
			`json: QueryJson`
Merge branch 'feature/sql-query-aliasing' of github.com:Budibase/budibase into labday/sqs 2024-02-28 18:03:59 +01:00			`): Promise<DatasourcePlusQueryResponse> {`
Moving files and functions 2023-07-14 17:04:59 +02:00			`const datasourceId = json.endpoint.datasourceId`
			`const datasource = await sdk.datasources.get(datasourceId)`
Making sure meta.table is always available. 2024-04-17 18:36:19 +02:00			`const table = datasource.entities?.[json.endpoint.entityId]`
			`if (!json.meta && table) {`
			`json.meta = {`
			`table,`
			`}`
			`}`
Addressing comment about datasource being optional. 2024-06-19 13:03:20 +02:00			`return makeExternalQuery(datasource, json)`
Moving files and functions 2023-07-14 17:04:59 +02:00			`}`

			`export function cleanExportRows(`
Type 2024-07-31 13:28:28 +02:00			`rows: Row[],`
Remove ctx from export rows (search not implemented) 2023-07-17 15:57:12 +02:00			`schema: TableSchema,`
Moving files and functions 2023-07-14 17:04:59 +02:00			`format: string,`
Export data make CSV delimiter configurable (#13028) * Add delimiter option * Add custom delimiter * external export delimiter * Custom headers for row export * External export rows custom headers * Support custom JSON export labels * Handle export table source switch * update account portal * Add space as delimiter * Refactor * update account portal 2024-02-27 10:23:49 +01:00			`columns?: string[],`
			`customHeaders: { [key: string]: string } = {}`
Moving files and functions 2023-07-14 17:04:59 +02:00			`) {`
			`let cleanRows = [...rows]`

			`const relationships = Object.entries(schema)`
A quick refactor to get rid of the old 'FieldTypes' enumeration, considering how core it is to all data handling in Budibase, the fact we had both 'FieldType' and 'FieldTypes' was confusing - righting this fully. 2024-01-24 17:58:13 +01:00			`.filter((entry: any[]) => entry[1].type === FieldType.LINK)`
Moving files and functions 2023-07-14 17:04:59 +02:00			`.map(entry => entry[0])`

			`relationships.forEach(column => {`
			`cleanRows.forEach(row => {`
			`delete row[column]`
			`})`
			`delete schema[column]`
			`})`

			`if (format === Format.CSV) {`
			`// Intended to append empty values in export`
			`const schemaKeys = Object.keys(schema)`
			`for (let key of schemaKeys) {`
			`if (columns?.length && columns.indexOf(key) > 0) {`
			`continue`
			`}`
			`for (let row of cleanRows) {`
			`if (row[key] == null) {`
			`row[key] = undefined`
			`}`
			`}`
			`}`
Export data make CSV delimiter configurable (#13028) * Add delimiter option * Add custom delimiter * external export delimiter * Custom headers for row export * External export rows custom headers * Support custom JSON export labels * Handle export table source switch * update account portal * Add space as delimiter * Refactor * update account portal 2024-02-27 10:23:49 +01:00			`} else if (format === Format.JSON) {`
			`// Replace row keys with custom headers`
			`for (let row of cleanRows) {`
			`renameKeys(customHeaders, row)`
			`}`
Moving files and functions 2023-07-14 17:04:59 +02:00			`}`

			`return cleanRows`
			`}`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00
Export data make CSV delimiter configurable (#13028) * Add delimiter option * Add custom delimiter * external export delimiter * Custom headers for row export * External export rows custom headers * Support custom JSON export labels * Handle export table source switch * update account portal * Add space as delimiter * Refactor * update account portal 2024-02-27 10:23:49 +01:00			`function renameKeys(keysMap: { [key: string]: any }, row: any) {`
			`for (const key in keysMap) {`
			`Object.defineProperty(`
			`row,`
			`keysMap[key],`
			`Object.getOwnPropertyDescriptor(row, key) \|\| {}`
			`)`
			`delete row[key]`
			`}`
			`}`

Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`function isForeignKey(key: string, table: Table) {`
Fixes 2023-10-05 19:47:00 +02:00			`const relationships = Object.values(table.schema).filter(isRelationshipColumn)`
			`return relationships.some(`
			`relationship => (relationship as any).foreignKey === key`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`)`
			`}`

			`export async function validate({`
Working on plumbing 'source' all the way through our code. 2024-09-24 13:30:45 +02:00			`source,`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`row,`
			`}: {`
Working on plumbing 'source' all the way through our code. 2024-09-24 13:30:45 +02:00			`source: Table \| ViewV2`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`row: Row`
			`}): Promise<{`
			`valid: boolean`
			`errors: Record<string, any>`
			`}> {`
Mostly solving type errors around passing the view all the way down, got a fair few left. 2024-09-24 14:01:33 +02:00			`const table = await getTableFromSource(source)`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`const errors: Record<string, any> = {}`
Disallowing arrays for single types (attachment and user). 2024-05-17 18:17:57 +02:00			`const disallowArrayTypes = [`
			`FieldType.ATTACHMENT_SINGLE,`
			`FieldType.BB_REFERENCE_SINGLE,`
			`]`
Working on plumbing 'source' all the way through our code. 2024-09-24 13:30:45 +02:00			`for (let fieldName of Object.keys(table.schema)) {`
			`const column = table.schema[fieldName]`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`const constraints = cloneDeep(column.constraints)`
			`const type = column.type`
			`// foreign keys are likely to be enriched`
Working on plumbing 'source' all the way through our code. 2024-09-24 13:30:45 +02:00			`if (isForeignKey(fieldName, table)) {`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`continue`
			`}`
			`// formulas shouldn't validated, data will be deleted anyway`
A quick refactor to get rid of the old 'FieldTypes' enumeration, considering how core it is to all data handling in Budibase, the fact we had both 'FieldType' and 'FieldTypes' was confusing - righting this fully. 2024-01-24 17:58:13 +01:00			`if (type === FieldType.FORMULA \|\| column.autocolumn) {`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`continue`
			`}`
			`// special case for options, need to always allow unselected (empty)`
A quick refactor to get rid of the old 'FieldTypes' enumeration, considering how core it is to all data handling in Budibase, the fact we had both 'FieldType' and 'FieldTypes' was confusing - righting this fully. 2024-01-24 17:58:13 +01:00			`if (type === FieldType.OPTIONS && constraints?.inclusion) {`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`constraints.inclusion.push(null as any, "")`
			`}`
Disallowing arrays for single types (attachment and user). 2024-05-17 18:17:57 +02:00
			`if (disallowArrayTypes.includes(type) && Array.isArray(row[fieldName])) {`
			errors[fieldName] = `Cannot accept arrays`
			`}`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`let res`

			`// Validate.js doesn't seem to handle array`
A quick refactor to get rid of the old 'FieldTypes' enumeration, considering how core it is to all data handling in Budibase, the fact we had both 'FieldType' and 'FieldTypes' was confusing - righting this fully. 2024-01-24 17:58:13 +01:00			`if (type === FieldType.ARRAY && row[fieldName]) {`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`if (row[fieldName].length) {`
			`if (!Array.isArray(row[fieldName])) {`
			`row[fieldName] = row[fieldName].split(",")`
			`}`
			`row[fieldName].map((val: any) => {`
			`if (`
			`!constraints?.inclusion?.includes(val) &&`
			`constraints?.inclusion?.length !== 0`
			`) {`
			`errors[fieldName] = "Field not in list"`
			`}`
			`})`
			`} else if (constraints?.presence && row[fieldName].length === 0) {`
			`// non required MultiSelect creates an empty array, which should not throw errors`
			errors[fieldName] = [`${fieldName} is required`]
			`}`
			`} else if (`
Revert "Revert "Single attachment column type"" 2024-04-03 17:05:18 +02:00			`(type === FieldType.ATTACHMENTS \|\| type === FieldType.JSON) &&`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`typeof row[fieldName] === "string"`
			`) {`
			`// this should only happen if there is an error`
			`try {`
			`const json = JSON.parse(row[fieldName])`
Revert "Revert "Single attachment column type"" 2024-04-03 17:05:18 +02:00			`if (type === FieldType.ATTACHMENTS) {`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`if (Array.isArray(json)) {`
			`row[fieldName] = json`
			`} else {`
			errors[fieldName] = [`Must be an array`]
			`}`
			`}`
			`} catch (err) {`
			errors[fieldName] = [`Contains invalid JSON`]
			`}`
Validate time only fields 2024-05-23 11:33:41 +02:00			`} else if (type === FieldType.DATETIME && column.timeOnly) {`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`res = validateTimeOnlyField(fieldName, row[fieldName], constraints)`
Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`} else {`
			`res = validateJs.single(row[fieldName], constraints)`
			`}`
fixing vulns for ent client 2024-10-07 17:44:28 +02:00
			`if (env.XSS_SAFE_MODE && typeof row[fieldName] === "string") {`
			`if (XSS_INPUT_REGEX.test(row[fieldName])) {`
XSS safe mode to prevent unsanitised input 2024-10-07 17:47:49 +02:00			`errors[fieldName] = [`
			`"Input not sanitised - potentially vulnerable to XSS",`
			`]`
fixing vulns for ent client 2024-10-07 17:44:28 +02:00			`}`
			`}`

Move row.validate to the sdk 2023-07-26 14:12:58 +02:00			`if (res) errors[fieldName] = res`
			`}`
			`return { valid: Object.keys(errors).length === 0, errors }`
			`}`
Validate time only field constrains 2024-05-23 13:07:45 +02:00
			`function validateTimeOnlyField(`
			`fieldName: string,`
			`value: any,`
			`constraints: FieldConstraints \| undefined`
			`) {`
			`let res`
			`if (value && !value.match(/^(\d+)(:[0-5]\d){1,2}$/)) {`
Add extra tests 2024-05-23 14:27:31 +02:00			res = [`"${fieldName}" is not a valid time`]
			`} else if (constraints) {`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`let castedValue = value`
Allow range crossing midnight 2024-05-23 14:47:54 +02:00			`const stringTimeToDate = (value: string) => {`
Add extra tests 2024-05-23 14:27:31 +02:00			`const [hour, minute, second] = value.split(":").map((x: string) => +x)`
			`let date = dayjs("2000-01-01T00:00:00.000Z").hour(hour).minute(minute)`
			`if (!isNaN(second)) {`
			`date = date.second(second)`
			`}`
Allow range crossing midnight 2024-05-23 14:47:54 +02:00			`return date`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`}`

			`if (castedValue) {`
Allow range crossing midnight 2024-05-23 14:47:54 +02:00			`castedValue = stringTimeToDate(castedValue)`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`}`
			`let castedConstraints = cloneDeep(constraints)`
Allow range crossing midnight 2024-05-23 14:47:54 +02:00
			`let earliest, latest`
Ensure iso time config still work 2024-05-23 15:23:02 +02:00			`let easliestTimeString: string, latestTimeString: string`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`if (castedConstraints.datetime?.earliest) {`
Ensure iso time config still work 2024-05-23 15:23:02 +02:00			`easliestTimeString = castedConstraints.datetime.earliest`
			`if (dayjs(castedConstraints.datetime.earliest).isValid()) {`
			`easliestTimeString = dayjs(castedConstraints.datetime.earliest).format(`
			`"HH:mm"`
			`)`
			`}`
			`earliest = stringTimeToDate(easliestTimeString)`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`}`
			`if (castedConstraints.datetime?.latest) {`
Ensure iso time config still work 2024-05-23 15:23:02 +02:00			`latestTimeString = castedConstraints.datetime.latest`
			`if (dayjs(castedConstraints.datetime.latest).isValid()) {`
			`latestTimeString = dayjs(castedConstraints.datetime.latest).format(`
			`"HH:mm"`
			`)`
			`}`
			`latest = stringTimeToDate(latestTimeString)`
Allow range crossing midnight 2024-05-23 14:47:54 +02:00			`}`

			`if (earliest && latest && earliest.isAfter(latest)) {`
			`latest = latest.add(1, "day")`
			`if (earliest.isAfter(castedValue)) {`
			`castedValue = castedValue.add(1, "day")`
			`}`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`}`

Allow range crossing midnight 2024-05-23 14:47:54 +02:00			`if (earliest \|\| latest) {`
			`castedConstraints.datetime = {`
			`earliest: earliest?.toISOString() \|\| "",`
			`latest: latest?.toISOString() \|\| "",`
			`}`
			`}`

			`let jsValidation = validateJs.single(`
			`castedValue?.toISOString(),`
			`castedConstraints`
			`)`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`jsValidation = jsValidation?.map((m: string) =>`
			`m`
			`?.replace(`
			`castedConstraints.datetime?.earliest \|\| "",`
Ensure iso time config still work 2024-05-23 15:23:02 +02:00			`easliestTimeString \|\| ""`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`)`
			`.replace(`
			`castedConstraints.datetime?.latest \|\| "",`
Ensure iso time config still work 2024-05-23 15:23:02 +02:00			`latestTimeString \|\| ""`
Validate time only field constrains 2024-05-23 13:07:45 +02:00			`)`
			`)`
			`if (jsValidation) {`
			`res ??= []`
			`res.push(...jsValidation)`
			`}`
			`}`

			`return res`
			`}`
Checking the correct operation - also typeguarding the check. 2024-08-09 15:35:13 +02:00
			`// type-guard check`
			`export function isArrayFilter(operator: any): operator is ArrayOperator {`
			`return Object.values(ArrayOperator).includes(operator)`
			`}`
Enrich on get row from view 2024-08-29 12:07:08 +02:00
			`export function tryExtractingTableAndViewId(tableOrViewId: string) {`
Working on plumbing 'source' all the way through our code. 2024-09-24 13:30:45 +02:00			`if (docIds.isViewId(tableOrViewId)) {`
Enrich on get row from view 2024-08-29 12:07:08 +02:00			`return {`
			`tableId: extractViewInfoFromID(tableOrViewId).tableId,`
			`viewId: tableOrViewId,`
			`}`
			`}`

			`return { tableId: tableOrViewId }`
			`}`
Type checks pass, now to find out how much stuff I've broken. 2024-09-24 17:35:53 +02:00
			`export function getSource(tableOrViewId: string) {`
			`if (docIds.isViewId(tableOrViewId)) {`
			`return sdk.views.get(tableOrViewId)`
			`}`
			`return sdk.tables.getTable(tableOrViewId)`
			`}`