Update to IDs as has been discussed, to change them from colons (:) to underscores (_) as this is more URL, S3 and file system safe. Also shortening most prefixes down to two characters.

2024-07-05 06:20:55 +12:00 · 2020-10-09 09:47:37 +01:00 · 2020-10-09 09:47:37 +01:00 · eea0bc5fb9
parent 1fd8d559aa
commit eea0bc5fb9
3 changed files with 42 additions and 20 deletions
--- a/packages/server/src/api/controllers/record.js
+++ b/packages/server/src/api/controllers/record.js
@ -1,10 +1,15 @@
 const CouchDB = require("../../db")
 const validateJs = require("validate.js")
 const linkRecords = require("../../db/linkedRecords")
-const { getRecordParams, generateRecordID } = require("../../db/utils")
+const {
+  getRecordParams,
+  generateRecordID,
+  DocumentTypes,
+  SEPARATOR,
+} = require("../../db/utils")
 const { cloneDeep } = require("lodash")

-const MODEL_VIEW_BEGINS_WITH = "all_model:"
+const MODEL_VIEW_BEGINS_WITH = `all${SEPARATOR}${DocumentTypes.MODEL}${SEPARATOR}`

 validateJs.extend(validateJs.validators.datetime, {
  parse: function(value) {
--- a/packages/server/src/db/utils.js
+++ b/packages/server/src/db/utils.js
@ -1,18 +1,20 @@
 const newid = require("./newid")

+const UNICODE_MAX = "\ufff0"
+const SEPARATOR = "_"
+
 const DocumentTypes = {
-  MODEL: "model",
-  RECORD: "record",
-  USER: "user",
-  AUTOMATION: "automation",
-  LINK: "link",
+  MODEL: "mo",
+  RECORD: "re",
+  USER: "us",
+  AUTOMATION: "au",
+  LINK: "li",
  APP: "app",
-  ACCESS_LEVEL: "accesslevel",
+  ACCESS_LEVEL: "ac",
 }

 exports.DocumentTypes = DocumentTypes
-
-const UNICODE_MAX = "\ufff0"
+exports.SEPARATOR = SEPARATOR

 /**
 * If creating DB allDocs/query params with only a single top level ID this can be used, this
@ -32,8 +34,8 @@ function getDocParams(docType, docId = null, otherProps = {}) {
  }
  return {
    ...otherProps,
-    startkey: `${docType}:${docId}`,
-    endkey: `${docType}:${docId}${UNICODE_MAX}`,
+    startkey: `${docType}${SEPARATOR}${docId}`,
+    endkey: `${docType}${SEPARATOR}${docId}${UNICODE_MAX}`,
  }
 }

@ -49,7 +51,7 @@ exports.getModelParams = (modelId = null, otherProps = {}) => {
 * @returns {string} The new model ID which the model doc can be stored under.
 */
 exports.generateModelID = () => {
-  return `${DocumentTypes.MODEL}:${newid()}`
+  return `${DocumentTypes.MODEL}${SEPARATOR}${newid()}`
 }

 /**
@ -64,7 +66,10 @@ exports.getRecordParams = (modelId, recordId = null, otherProps = {}) => {
  if (modelId == null) {
    throw "Cannot build params for records without a model ID"
  }
-  const endOfKey = recordId == null ? `${modelId}:` : `${modelId}:${recordId}`
+  const endOfKey =
+    recordId == null
+      ? `${modelId}${SEPARATOR}`
+      : `${modelId}${SEPARATOR}${recordId}`
  return getDocParams(DocumentTypes.RECORD, endOfKey, otherProps)
 }

@ -74,7 +79,7 @@ exports.getRecordParams = (modelId, recordId = null, otherProps = {}) => {
 * @returns {string} The new ID which a record doc can be stored under.
 */
 exports.generateRecordID = modelId => {
-  return `${DocumentTypes.RECORD}:${modelId}:${newid()}`
+  return `${DocumentTypes.RECORD}${SEPARATOR}${modelId}${SEPARATOR}${newid()}`
 }

 /**
@ -90,7 +95,7 @@ exports.getUserParams = (username = null, otherProps = {}) => {
 * @returns {string} The new user ID which the user doc can be stored under.
 */
 exports.generateUserID = username => {
-  return `${DocumentTypes.USER}:${username}`
+  return `${DocumentTypes.USER}${SEPARATOR}${username}`
 }

 /**
@ -105,7 +110,7 @@ exports.getAutomationParams = (automationId = null, otherProps = {}) => {
 * @returns {string} The new automation ID which the automation doc can be stored under.
 */
 exports.generateAutomationID = () => {
-  return `${DocumentTypes.AUTOMATION}:${newid()}`
+  return `${DocumentTypes.AUTOMATION}${SEPARATOR}${newid()}`
 }

 /**
@ -118,7 +123,7 @@ exports.generateAutomationID = () => {
 * @returns {string} The new link doc ID which the automation doc can be stored under.
 */
 exports.generateLinkID = (modelId1, modelId2, recordId1, recordId2) => {
-  return `${DocumentTypes.AUTOMATION}:${modelId1}:${modelId2}:${recordId1}:${recordId2}`
+  return `${DocumentTypes.AUTOMATION}${SEPARATOR}${modelId1}${SEPARATOR}${modelId2}${SEPARATOR}${recordId1}${SEPARATOR}${recordId2}`
 }

 /**
@ -126,7 +131,7 @@ exports.generateLinkID = (modelId1, modelId2, recordId1, recordId2) => {
 * @returns {string} The new app ID which the app doc can be stored under.
 */
 exports.generateAppID = () => {
-  return `${DocumentTypes.APP}:${newid()}`
+  return `${DocumentTypes.APP}${SEPARATOR}${newid()}`
 }

 /**
@ -141,7 +146,7 @@ exports.getAppParams = (appId = null, otherProps = {}) => {
 * @returns {string} The new access level ID which the access level doc can be stored under.
 */
 exports.generateAccessLevelID = () => {
-  return `${DocumentTypes.ACCESS_LEVEL}:${newid()}`
+  return `${DocumentTypes.ACCESS_LEVEL}${SEPARATOR}${newid()}`
 }

 /**
--- a/packages/server/src/utilities/sanitisedPath.js
+++ b/packages/server/src/utilities/sanitisedPath.js
@ -1,11 +1,23 @@
 const path = require("path")

 const regex = new RegExp(/:(?![\\/])/g)
+// set a limit on path depth, just incase recursion is occurring
+const MAX_ARGS = 50

 function sanitiseArgs(args) {
  let sanitised = []
+  let count = 0
  for (let arg of args) {
+    // if a known string is found don't continue, can't operate on it
+    if (typeof arg !== "string") {
+      throw "Sanitisation of paths can only occur on strings"
+    }
+    // maximum number of path args have been iterated on
+    if (count > MAX_ARGS) {
+      break
+    }
    sanitised.push(arg.replace(regex, ""))
+    count++
  }
  return sanitised
 }