From c47787d95902b3cfacae9855f63b587f3e7313c8 Mon Sep 17 00:00:00 2001 From: Wing-Kam Wong Date: Fri, 17 Feb 2023 16:42:12 +0800 Subject: [PATCH] feat(nocodb): validate column name at api level --- packages/nocodb/src/lib/meta/api/columnApis.ts | 14 ++++++++++++++ packages/nocodb/src/lib/meta/api/tableApis.ts | 17 ++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/packages/nocodb/src/lib/meta/api/columnApis.ts b/packages/nocodb/src/lib/meta/api/columnApis.ts index 97fbb68c06..b99f7a5cba 100644 --- a/packages/nocodb/src/lib/meta/api/columnApis.ts +++ b/packages/nocodb/src/lib/meta/api/columnApis.ts @@ -64,9 +64,23 @@ export async function columnAdd( const table = await Model.getWithInfo({ id: req.params.tableId, }); + const base = await Base.get(table.base_id); + const project = await base.getProject(); + const dbDriver = NcConnectionMgrv2.get(base); + + const sqlClientType = dbDriver.clientType(); + + const mxColumnLength = Column.getMaxColumnNameLength(sqlClientType); + + if (req.body.column_name.length > mxColumnLength) { + NcError.badRequest( + `Column name ${req.body.column_name} exceeds ${mxColumnLength} characters` + ); + } + if ( !isVirtualCol(req.body) && !(await Column.checkTitleAvailable({ diff --git a/packages/nocodb/src/lib/meta/api/tableApis.ts b/packages/nocodb/src/lib/meta/api/tableApis.ts index 8eb3d6a10e..7fe1f5e905 100644 --- a/packages/nocodb/src/lib/meta/api/tableApis.ts +++ b/packages/nocodb/src/lib/meta/api/tableApis.ts @@ -148,10 +148,15 @@ export async function tableCreate(req: Request, res) { } const sqlMgr = await ProjectMgrv2.getSqlMgr(project); + const sqlClient = await NcConnectionMgrv2.getSqlClient(base); + const dbDriver = NcConnectionMgrv2.get(base); + + const sqlClientType = dbDriver.clientType(); + let tableNameLengthLimit = 255; - const sqlClientType = sqlClient.clientType; + if (sqlClientType === 'mysql2' || sqlClientType === 'mysql') { tableNameLengthLimit = 64; } else if (sqlClientType === 'pg') { @@ -164,6 +169,16 @@ export async function tableCreate(req: Request, res) { NcError.badRequest(`Table name exceeds ${tableNameLengthLimit} characters`); } + const mxColumnLength = Column.getMaxColumnNameLength(sqlClientType); + + for (const column of req.body.columns) { + if (column.column_name.length > mxColumnLength) { + NcError.badRequest( + `Column name ${column.column_name} exceeds ${mxColumnLength} characters` + ); + } + } + req.body.columns = req.body.columns?.map((c) => ({ ...getColumnPropsFromUIDT(c as any, base), cn: c.column_name,