From eb411cd0b0d3cedf460c6b3671405e3d52cf0147 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Tue, 26 Oct 2021 20:04:36 +0100 Subject: [PATCH] Fixing #2718 - disabling handlebars helpers for queries. --- packages/server/src/api/controllers/query.js | 4 +- packages/string-templates/src/index.js | 61 +++++++++++++++---- .../string-templates/test/helpers.spec.js | 10 +++ 3 files changed, 61 insertions(+), 14 deletions(-) diff --git a/packages/server/src/api/controllers/query.js b/packages/server/src/api/controllers/query.js index 89bf1a8ab0..5f9fadf99b 100644 --- a/packages/server/src/api/controllers/query.js +++ b/packages/server/src/api/controllers/query.js @@ -101,7 +101,9 @@ async function enrichQueryFields(fields, parameters = {}) { enrichedQuery[key] = await enrichQueryFields(fields[key], parameters) } else if (typeof fields[key] === "string") { // enrich string value as normal - enrichedQuery[key] = await processString(fields[key], parameters) + enrichedQuery[key] = await processString(fields[key], parameters, { + noHelpers: true, + }) } else { enrichedQuery[key] = fields[key] } diff --git a/packages/string-templates/src/index.js b/packages/string-templates/src/index.js index 590469fd5d..2523b763ba 100644 --- a/packages/string-templates/src/index.js +++ b/packages/string-templates/src/index.js @@ -6,6 +6,7 @@ const manifest = require("../manifest.json") const hbsInstance = handlebars.create() registerAll(hbsInstance) +const hbsInstanceNoHelpers = handlebars.create() /** * utility function to check if the object is valid @@ -24,17 +25,30 @@ function testObject(object) { * @param {object|array} object The input structure which is to be recursed, it is important to note that * if the structure contains any cycles then this will fail. * @param {object} context The context that handlebars should fill data from. + * @param {object} opts optional - specify some options for processing. * @returns {Promise} The structure input, as fully updated as possible. */ -module.exports.processObject = async (object, context) => { +module.exports.processObject = async ( + object, + context, + opts = { noHelpers: false } +) => { testObject(object) for (let key of Object.keys(object || {})) { if (object[key] != null) { let val = object[key] if (typeof val === "string") { - object[key] = await module.exports.processString(object[key], context) + object[key] = await module.exports.processString( + object[key], + context, + opts + ) } else if (typeof val === "object") { - object[key] = await module.exports.processObject(object[key], context) + object[key] = await module.exports.processObject( + object[key], + context, + opts + ) } } } @@ -46,11 +60,16 @@ module.exports.processObject = async (object, context) => { * then nothing will occur. * @param {string} string The template string which is the filled from the context object. * @param {object} context An object of information which will be used to enrich the string. + * @param {object} opts optional - specify some options for processing. * @returns {Promise} The enriched string, all templates should have been replaced if they can be. */ -module.exports.processString = async (string, context) => { +module.exports.processString = async ( + string, + context, + opts = { noHelpers: false } +) => { // TODO: carry out any async calls before carrying out async call - return module.exports.processStringSync(string, context) + return module.exports.processStringSync(string, context, opts) } /** @@ -59,16 +78,21 @@ module.exports.processString = async (string, context) => { * @param {object|array} object The input structure which is to be recursed, it is important to note that * if the structure contains any cycles then this will fail. * @param {object} context The context that handlebars should fill data from. + * @param {object} opts optional - specify some options for processing. * @returns {object|array} The structure input, as fully updated as possible. */ -module.exports.processObjectSync = (object, context) => { +module.exports.processObjectSync = ( + object, + context, + opts = { noHelpers: false } +) => { testObject(object) for (let key of Object.keys(object || {})) { let val = object[key] if (typeof val === "string") { - object[key] = module.exports.processStringSync(object[key], context) + object[key] = module.exports.processStringSync(object[key], context, opts) } else if (typeof val === "object") { - object[key] = module.exports.processObjectSync(object[key], context) + object[key] = module.exports.processObjectSync(object[key], context, opts) } } return object @@ -79,9 +103,14 @@ module.exports.processObjectSync = (object, context) => { * then nothing will occur. This is a pure sync call and therefore does not have the full functionality of the async call. * @param {string} string The template string which is the filled from the context object. * @param {object} context An object of information which will be used to enrich the string. + * @param {object} opts optional - specify some options for processing. * @returns {string} The enriched string, all templates should have been replaced if they can be. */ -module.exports.processStringSync = (string, context) => { +module.exports.processStringSync = ( + string, + context, + opts = { noHelpers: false } +) => { if (!exports.isValid(string)) { return string } @@ -91,9 +120,13 @@ module.exports.processStringSync = (string, context) => { throw "Cannot process non-string types." } try { - string = processors.preprocess(string) + const noHelpers = opts && opts.noHelpers + // finalising adds a helper, can't do this with no helpers + const shouldFinalise = !noHelpers + string = processors.preprocess(string, shouldFinalise) // this does not throw an error when template can't be fulfilled, have to try correct beforehand - const template = hbsInstance.compile(string, { + const instance = noHelpers ? hbsInstanceNoHelpers : hbsInstance + const template = instance.compile(string, { strict: false, }) return processors.postprocess( @@ -119,9 +152,10 @@ module.exports.makePropSafe = property => { /** * Checks whether or not a template string contains totally valid syntax (simply tries running it) * @param string The string to test for valid syntax - this may contain no templates and will be considered valid. + * @param opts optional - specify some options for processing. * @returns {boolean} Whether or not the input string is valid. */ -module.exports.isValid = string => { +module.exports.isValid = (string, opts = { noHelpers: false }) => { const validCases = [ "string", "number", @@ -135,7 +169,8 @@ module.exports.isValid = string => { // don't really need a real context to check if its valid const context = {} try { - hbsInstance.compile(processors.preprocess(string, false))(context) + const instance = opts && opts.noHelpers ? hbsInstanceNoHelpers : hbsInstance + instance.compile(processors.preprocess(string, false))(context) return true } catch (err) { const msg = err && err.message ? err.message : err diff --git a/packages/string-templates/test/helpers.spec.js b/packages/string-templates/test/helpers.spec.js index b380fd9315..2cf9310638 100644 --- a/packages/string-templates/test/helpers.spec.js +++ b/packages/string-templates/test/helpers.spec.js @@ -11,6 +11,15 @@ describe("test the custom helpers we have applied", () => { }) }) +describe("test that it can run without helpers", () => { + it("should be able to run without helpers", async () => { + const output = await processString("{{ avg 1 1 1 }}", {}, { noHelpers: true }) + const valid = await processString("{{ avg 1 1 1 }}", {}) + expect(valid).toBe("1") + expect(output).toBe("Invalid Binding") + }) +}) + describe("test the math helpers", () => { it("should be able to produce an absolute", async () => { const output = await processString("{{abs a}}", { @@ -267,6 +276,7 @@ describe("test the comparison helpers", () => { ) expect(output).toBe("Success") } + it("should allow use of the lt helper", async () => { await compare("lt", 10, 15) })