refactor: validate sort options as well

Signed-off-by: Pranav C <pranavxc@gmail.com>
1 year ago · 7c2727e7e3
3 changed files with 19 additions and 3 deletions
--- a/packages/nocodb/src/db/BaseModelSqlv2.ts
+++ b/packages/nocodb/src/db/BaseModelSqlv2.ts
@ -3198,7 +3198,7 @@ class BaseModelSqlv2 {
        ],
        qb,
        undefined,
-        true
+        true,
      );
      const execQueries: ((trx: Knex.Transaction, qb: any) => Promise<any>)[] =
        [];
@ -4851,6 +4851,7 @@ class BaseModelSqlv2 {
 export function extractSortsObject(
  _sorts: string | string[],
  aliasColObjMap: { [columnAlias: string]: Column },
+  throwErrorIfInvalid = false,
 ): Sort[] {
  if (!_sorts?.length) return;

@ -4867,6 +4868,11 @@ export function extractSortsObject(
    // replace + at the beginning if present
    else sort.fk_column_id = aliasColObjMap[s.replace(/^\+/, '')]?.id;

+    if (throwErrorIfInvalid && !sort.fk_column_id)
+      NcError.unprocessableEntity(
+        `Invalid column '${s.replace(/^[+-]/, '')}' in sort`,
+      );
+
    return new Sort(sort);
  });
 }
--- a/packages/nocodb/src/db/conditionV2.ts
+++ b/packages/nocodb/src/db/conditionV2.ts
@ -2,6 +2,7 @@ import { isNumericCol, RelationTypes, UITypes } from 'nocodb-sdk';
 import dayjs from 'dayjs';
 // import customParseFormat from 'dayjs/plugin/customParseFormat.js';
 import type { BaseModelSqlv2 } from '~/db/BaseModelSqlv2';
+import { NcError } from '~/helpers/catchError'
 import type LinkToAnotherRecordColumn from '~/models/LinkToAnotherRecordColumn';
 import type { Knex } from 'knex';
 import type Column from '~/models/Column';
@ -114,7 +115,7 @@ const parseConditionV2 = async (
    const column = await filter.getColumn();
    if (!column) {
      if (throwErrorIfInvalid) {
-        throw new Error(`Invalid column id '${filter.fk_column_id}' in filter`);
+        NcError.unprocessableEntity(`Invalid column id '${filter.fk_column_id}' in filter`);
      }
      return;
    }
--- a/packages/nocodb/src/db/sortV2.ts
+++ b/packages/nocodb/src/db/sortV2.ts
@ -7,6 +7,7 @@ import type {
  LookupColumn,
  RollupColumn,
 } from '~/models';
+import { NcError } from '~/helpers/catchError';
 import formulaQueryBuilderv2 from '~/db/formulav2/formulaQueryBuilderv2';
 import genRollupSelectv2 from '~/db/genRollupSelectv2';
 import { sanitize } from '~/helpers/sqlSanitize';
@ -17,6 +18,7 @@ export default async function sortV2(
  sortList: Sort[],
  qb: Knex.QueryBuilder,
  alias?: string,
+  throwErrorIfInvalid = false,
 ) {
  const knex = baseModelSqlv2.dbDriver;

@ -32,7 +34,14 @@ export default async function sortV2(
      sort = new Sort(_sort);
    }
    const column = await sort.getColumn();
-    if (!column) continue;
+    if (!column) {
+      if (throwErrorIfInvalid) {
+        NcError.unprocessableEntity(
+          `Invalid column id '${sort.fk_column_id}' in sort`,
+        );
+      }
+      continue;
+    }
    const model = await column.getModel();

    const nulls = sort.direction === 'desc' ? 'LAST' : 'FIRST';