diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 911f366b18..c7b433b658 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -14,6 +14,7 @@ use Appwrite\Event\Mail; use Appwrite\Auth\Phrase; use Appwrite\Extend\Exception; use Appwrite\Network\Validator\Email; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Validator\Host; use Utopia\Validator\URL; use Utopia\Validator\Boolean; @@ -907,7 +908,11 @@ App::get('/v1/account/identities') ->inject('dbForProject') ->action(function (array $queries, Response $response, Document $user, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } $queries[] = Query::equal('userInternalId', [$user->getInternalId()]); @@ -2066,7 +2071,12 @@ App::get('/v1/account/logs') ->inject('dbForProject') ->action(function (array $queries, Response $response, Document $user, Locale $locale, Reader $geodb, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index 97b62c3426..f0b0783b02 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -19,7 +19,6 @@ use Utopia\App; use Utopia\Audit\Audit; use Utopia\Config\Config; use Utopia\Database\Database; -use Utopia\Database\DateTime; use Utopia\Database\Document; use Utopia\Database\Exception\Authorization as AuthorizationException; use Utopia\Database\Exception\Conflict as ConflictException; @@ -487,7 +486,11 @@ App::get('/v1/databases') ->inject('dbForProject') ->action(function (array $queries, string $search, Response $response, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -567,7 +570,12 @@ App::get('/v1/databases/:databaseId/logs') throw new Exception(Exception::DATABASE_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; @@ -809,7 +817,11 @@ App::get('/v1/databases/:databaseId/collections') throw new Exception(Exception::DATABASE_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -908,7 +920,12 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/logs') throw new Exception(Exception::COLLECTION_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; @@ -1662,7 +1679,11 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/attributes') throw new Exception(Exception::COLLECTION_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } \array_push( $queries, @@ -2513,7 +2534,12 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/indexes') throw new Exception(Exception::COLLECTION_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + \array_push($queries, Query::equal('collectionId', [$collectionId]), Query::equal('databaseId', [$databaseId])); // Get cursor document if there was a cursor query @@ -2921,7 +2947,11 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents') throw new Exception(Exception::COLLECTION_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } // Get cursor document if there was a cursor query $cursor = \array_filter($queries, function ($query) { @@ -2942,14 +2972,13 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents') $cursor->setValue($cursorDocument); } - try { $documents = $dbForProject->find('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $queries); $total = $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $queries, APP_LIMIT_COUNT); } catch (AuthorizationException) { throw new Exception(Exception::USER_UNAUTHORIZED); } catch (QueryException $e) { - throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, $e->getMessage()); + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); } // Add $collectionId and $databaseId for all documents @@ -3047,14 +3076,13 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen throw new Exception(Exception::COLLECTION_NOT_FOUND); } - $queries = Query::parseQueries($queries); - try { + $queries = Query::parseQueries($queries); $document = $dbForProject->getDocument('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $documentId, $queries); } catch (AuthorizationException) { throw new Exception(Exception::USER_UNAUTHORIZED); } catch (QueryException $e) { - throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, $e->getMessage()); + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); } if ($document->isEmpty()) { @@ -3143,7 +3171,12 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen throw new Exception(Exception::DOCUMENT_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index 9c1f3cfa98..ea7571c6b8 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -12,6 +12,7 @@ use Appwrite\Utopia\Response\Model\Rule; use Appwrite\Extend\Exception; use Appwrite\Utopia\Database\Validator\CustomId; use Appwrite\Messaging\Adapter\Realtime; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Validator\Assoc; use Utopia\Database\Helpers\ID; use Utopia\Database\Helpers\Permission; @@ -366,7 +367,11 @@ App::get('/v1/functions') ->inject('dbForProject') ->action(function (array $queries, string $search, Response $response, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -1256,7 +1261,11 @@ App::get('/v1/functions/:functionId/deployments') throw new Exception(Exception::FUNCTION_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -1794,7 +1803,11 @@ App::get('/v1/functions/:functionId/executions') throw new Exception(Exception::FUNCTION_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); diff --git a/app/controllers/api/messaging.php b/app/controllers/api/messaging.php index 25260e1071..056bc3648c 100644 --- a/app/controllers/api/messaging.php +++ b/app/controllers/api/messaging.php @@ -22,6 +22,7 @@ use Utopia\Audit\Audit; use Utopia\Database\Database; use Utopia\Database\Document; use Utopia\Database\Exception\Duplicate as DuplicateException; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Database\Helpers\ID; use Utopia\Database\Query; use Utopia\Database\Validator\Authorization; @@ -837,7 +838,11 @@ App::get('/v1/messaging/providers') ->inject('dbForProject') ->inject('response') ->action(function (array $queries, string $search, Database $dbForProject, Response $response) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -888,7 +893,12 @@ App::get('/v1/messaging/providers/:providerId/logs') throw new Exception(Exception::PROVIDER_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; @@ -1944,7 +1954,11 @@ App::get('/v1/messaging/topics') ->inject('dbForProject') ->inject('response') ->action(function (array $queries, string $search, Database $dbForProject, Response $response) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -1995,7 +2009,12 @@ App::get('/v1/messaging/topics/:topicId/logs') throw new Exception(Exception::TOPIC_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; @@ -2258,7 +2277,11 @@ App::get('/v1/messaging/topics/:topicId/subscribers') ->inject('dbForProject') ->inject('response') ->action(function (string $topicId, array $queries, string $search, Database $dbForProject, Response $response) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -2331,7 +2354,12 @@ App::get('/v1/messaging/subscribers/:subscriberId/logs') throw new Exception(Exception::SUBSCRIBER_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; @@ -2845,7 +2873,11 @@ App::get('/v1/messaging/messages') ->inject('dbForProject') ->inject('response') ->action(function (array $queries, string $search, Database $dbForProject, Response $response) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -2896,7 +2928,12 @@ App::get('/v1/messaging/messages/:messageId/logs') throw new Exception(Exception::MESSAGE_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; @@ -2990,7 +3027,11 @@ App::get('/v1/messaging/messages/:messageId/targets') return; } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } $queries[] = Query::equal('$id', $targetIDs); diff --git a/app/controllers/api/migrations.php b/app/controllers/api/migrations.php index 87d3c12c99..7ccf531411 100644 --- a/app/controllers/api/migrations.php +++ b/app/controllers/api/migrations.php @@ -14,6 +14,7 @@ use Utopia\App; use Utopia\Database\Database; use Utopia\Database\DateTime; use Utopia\Database\Document; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Database\Helpers\ID; use Utopia\Database\Query; use Utopia\Database\Validator\UID; @@ -384,7 +385,11 @@ App::get('/v1/migrations') ->inject('response') ->inject('dbForProject') ->action(function (array $queries, string $search, Response $response, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php index 30f6b1f376..c8aab0829f 100644 --- a/app/controllers/api/projects.php +++ b/app/controllers/api/projects.php @@ -18,20 +18,18 @@ use Utopia\Audit\Audit; use Utopia\Cache\Cache; use Utopia\Config\Config; use Utopia\Database\Database; -use Utopia\Database\DateTime; use Utopia\Database\Document; use Utopia\Database\Exception\Duplicate; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Database\Helpers\ID; use Utopia\Database\Helpers\Permission; use Utopia\Database\Helpers\Role; use Utopia\Database\Query; -use Utopia\Database\Validator\Authorization; use Utopia\Database\Validator\Datetime as DatetimeValidator; use Utopia\Database\Validator\UID; use Utopia\Domains\Validator\PublicDomain; use Utopia\Locale\Locale; use Utopia\Pools\Group; -use Utopia\Registry\Registry; use Utopia\Validator\ArrayList; use Utopia\Validator\Boolean; use Utopia\Validator\Hostname; @@ -241,7 +239,11 @@ App::get('/v1/projects') ->inject('dbForConsole') ->action(function (array $queries, string $search, Response $response, Database $dbForConsole) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); diff --git a/app/controllers/api/proxy.php b/app/controllers/api/proxy.php index 8d3f559d62..85e52599e6 100644 --- a/app/controllers/api/proxy.php +++ b/app/controllers/api/proxy.php @@ -10,6 +10,7 @@ use Appwrite\Utopia\Response; use Utopia\App; use Utopia\Database\Database; use Utopia\Database\Document; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Database\Helpers\ID; use Utopia\Database\Query; use Utopia\Database\Validator\UID; @@ -156,7 +157,11 @@ App::get('/v1/proxy/rules') ->inject('project') ->inject('dbForConsole') ->action(function (array $queries, string $search, Response $response, Document $project, Database $dbForConsole) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index fc5d00dfd0..ac4b3a5086 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -12,10 +12,10 @@ use Utopia\App; use Utopia\Config\Config; use Utopia\Database\Database; use Utopia\Database\Document; -use Utopia\Database\DateTime; use Utopia\Database\Exception\Duplicate; use Utopia\Database\Exception\Authorization as AuthorizationException; use Utopia\Database\Exception\Duplicate as DuplicateException; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Database\Exception\Structure as StructureException; use Utopia\Database\Helpers\ID; use Utopia\Database\Helpers\Permission; @@ -42,7 +42,6 @@ use Utopia\Validator\HexColor; use Utopia\Validator\Range; use Utopia\Validator\Text; use Utopia\Validator\WhiteList; -use Utopia\DSN\DSN; use Utopia\Swoole\Request; use Utopia\Storage\Compression\Compression; @@ -161,7 +160,11 @@ App::get('/v1/storage/buckets') ->inject('dbForProject') ->action(function (array $queries, string $search, Response $response, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -737,7 +740,11 @@ App::get('/v1/storage/buckets/:bucketId/files') throw new Exception(Exception::USER_UNAUTHORIZED); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index b8d0a8229c..eea7217912 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -9,6 +9,7 @@ use Appwrite\Event\Mail; use Appwrite\Event\Messaging; use Appwrite\Extend\Exception; use Appwrite\Network\Validator\Email; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Validator\Host; use Appwrite\Template\Template; use Appwrite\Utopia\Database\Validator\CustomId; @@ -146,7 +147,11 @@ App::get('/v1/teams') ->inject('dbForProject') ->action(function (array $queries, string $search, Response $response, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -699,7 +704,11 @@ App::get('/v1/teams/:teamId/memberships') throw new Exception(Exception::TEAM_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -1100,7 +1109,12 @@ App::get('/v1/teams/:teamId/logs') throw new Exception(Exception::TEAM_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 375efe77cb..d2838ffe1f 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -11,6 +11,7 @@ use Appwrite\Network\Validator\Email; use Appwrite\Utopia\Database\Validator\CustomId; use Appwrite\Utopia\Database\Validator\Queries\Identities; use Appwrite\Utopia\Database\Validator\Queries\Targets; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Database\Validator\Queries; use Appwrite\Utopia\Database\Validator\Queries\Users; use Utopia\Database\Validator\Query\Limit; @@ -536,7 +537,11 @@ App::get('/v1/users') ->inject('dbForProject') ->action(function (array $queries, string $search, Response $response, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); @@ -756,7 +761,12 @@ App::get('/v1/users/:userId/logs') throw new Exception(Exception::USER_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + $grouped = Query::groupByType($queries); $limit = $grouped['limit'] ?? APP_LIMIT_COUNT; $offset = $grouped['offset'] ?? 0; @@ -834,7 +844,11 @@ App::get('/v1/users/:userId/targets') throw new Exception(Exception::USER_NOT_FOUND); } - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } $queries[] = Query::equal('userId', [$userId]); @@ -876,7 +890,11 @@ App::get('/v1/users/identities') ->inject('dbForProject') ->action(function (array $queries, string $search, Response $response, Database $dbForProject) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } if (!empty($search)) { $queries[] = Query::search('search', $search); diff --git a/app/controllers/api/vcs.php b/app/controllers/api/vcs.php index df18320cf2..6a9397eaef 100644 --- a/app/controllers/api/vcs.php +++ b/app/controllers/api/vcs.php @@ -4,6 +4,7 @@ use Appwrite\Auth\OAuth2\Github as OAuth2Github; use Utopia\App; use Appwrite\Event\Build; use Appwrite\Event\Delete; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Validator\Host; use Utopia\Database\Database; use Utopia\Database\Document; @@ -969,7 +970,11 @@ App::get('/v1/vcs/installations') ->inject('dbForProject') ->inject('dbForConsole') ->action(function (array $queries, string $search, Response $response, Document $project, Database $dbForProject, Database $dbForConsole) { - $queries = Query::parseQueries($queries); + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } $queries[] = Query::equal('projectInternalId', [$project->getInternalId()]); diff --git a/app/init.php b/app/init.php index 266c080c92..16cc9bf8c4 100644 --- a/app/init.php +++ b/app/init.php @@ -35,6 +35,7 @@ use Appwrite\OpenSSL\OpenSSL; use Appwrite\URL\URL as AppwriteURL; use Utopia\App; use Utopia\Database\Adapter\SQL; +use Utopia\Database\Exception\Query as QueryException; use Utopia\Logger\Logger; use Utopia\Cache\Adapter\Redis as RedisCache; use Utopia\Cache\Cache; diff --git a/tests/e2e/Services/Databases/DatabasesBase.php b/tests/e2e/Services/Databases/DatabasesBase.php index ee8dde00db..7f23705a1a 100644 --- a/tests/e2e/Services/Databases/DatabasesBase.php +++ b/tests/e2e/Services/Databases/DatabasesBase.php @@ -2063,6 +2063,18 @@ trait DatabasesBase $this->assertEquals(2017, $documents['body']['documents'][1]['releaseYear']); $this->assertCount(2, $documents['body']['documents']); + $documents = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'queries' => [ + '{"method":"contains","attribute":"title","values":[bad]}' + ], + ]); + + $this->assertEquals(400, $documents['headers']['status-code']); + $this->assertEquals('Invalid query: Syntax error', $documents['body']['message']); + $documents = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'],