From e6125d56dc3b9fe966e2b5e538391c5f2d4fd833 Mon Sep 17 00:00:00 2001
From: ljl <17743125563@163.com>
Date: Wed, 11 Dec 2024 10:55:32 +0800
Subject: [PATCH] spi-stats:fix validate select sql.

---
 .../serv/pg/stats_pg_conf_fact_col_serv.rs    |  4 +-
 .../src/serv/pg/stats_pg_conf_fact_serv.rs    |  2 +-
 .../src/serv/pg/stats_pg_sync_serv.rs         | 61 +++++--------------
 3 files changed, 17 insertions(+), 50 deletions(-)

diff --git a/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_col_serv.rs b/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_col_serv.rs
index ac090c3b..3846da47 100644
--- a/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_col_serv.rs
+++ b/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_col_serv.rs
@@ -33,7 +33,7 @@ pub(crate) async fn add(fact_conf_key: &str, add_req: &StatsConfFactColAddReq, f
         return Err(funs.err().conflict("fact_col_conf", "add", "The fact config not exists.", "409-spi-stats-fact-conf-not-exist"));
     }
     if let Some(rel_sql) = &add_req.rel_sql {
-        if !stats_pg_sync_serv::validate_fact_col_sql(rel_sql) {
+        if !stats_pg_sync_serv::validate_select_sql(rel_sql) {
             return Err(funs.err().conflict("fact_col_conf", "add", "The rel_sql is not a valid sql.", "409-spi-stats-fact-col-conf-rel-sql-not-valid"));
         }
     }
@@ -219,7 +219,7 @@ pub(crate) async fn modify(
     //     ));
     // }
     if let Some(rel_sql) = &modify_req.rel_sql {
-        if !stats_pg_sync_serv::validate_fact_col_sql(rel_sql) {
+        if !stats_pg_sync_serv::validate_select_sql(rel_sql) {
             return Err(funs.err().conflict("fact_col_conf", "add", "The rel_sql is not a valid sql.", "409-spi-stats-fact-col-conf-rel-sql-not-valid"));
         }
     }
diff --git a/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs b/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs
index 3c22f7a1..34eb905e 100644
--- a/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs
+++ b/backend/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs
@@ -42,7 +42,7 @@ pub(crate) async fn add(add_req: &StatsConfFactAddReq, funs: &TardisFunsInst, ct
         ));
     }
     if let Some(sync_sql) = &add_req.sync_sql {
-        if !stats_pg_sync_serv::validate_fact_sql(sync_sql)? {
+        if !stats_pg_sync_serv::validate_select_sql(sync_sql) {
             return Err(funs.err().conflict("fact_conf", "add", "The sync_sql is not a valid sql.", "409-spi-stats-fact-conf-sync-sql-not-valid"));
         }
     }
diff --git a/backend/spi/spi-stats/src/serv/pg/stats_pg_sync_serv.rs b/backend/spi/spi-stats/src/serv/pg/stats_pg_sync_serv.rs
index aeb23d67..54b315cd 100644
--- a/backend/spi/spi-stats/src/serv/pg/stats_pg_sync_serv.rs
+++ b/backend/spi/spi-stats/src/serv/pg/stats_pg_sync_serv.rs
@@ -360,33 +360,10 @@ fn process_sql(sql: &str, fact_record: &HashMap<String, Value>) -> TardisResult<
     Ok((processed_sql.to_string(), values))
 }
 
-/// validate fact sql
-/// validate sql is select statement and not select *
-pub(crate) fn validate_fact_sql(sql: &str) -> TardisResult<bool> {
-    // todo
-    // let re = Regex::new(r"^select\s+[^*][\w\s,]+\s+from").expect("should compile regex");
-    // if re.is_match(&sql.trim().to_lowercase()) {
-    //     let param_fields = find_select_param_fields_from_sql(sql);
-    //     if param_fields.contains(&"idempotent_id".to_string()) {
-    //         return Ok(true);
-    //     } else {
-    //         return Err(TardisError::bad_request(
-    //             "[spi-stats] The sync_sql must contain idempotent_id",
-    //             "400-spi-stats-sync-sql-must-contain-idempotent-id",
-    //         ));
-    //     }
-    // }
-    // Ok(false)
-    Ok(true)
-}
-
-/// validate fact col sql
-/// validate sql is select statement and only select one field
-pub(crate) fn validate_fact_col_sql(sql: &str) -> bool {
-    // todo
-    // let re = Regex::new(r"^select\s+([^,]+)\s+from").expect("should compile regex");
-    // re.is_match(&sql.trim().to_lowercase())
-    true
+/// validate fact and fact col sql
+pub(crate) fn validate_select_sql(sql: &str) -> bool {
+    let re = Regex::new(r"(?i)^\s*select\b").expect("should compile regex");
+    re.is_match(&sql)
 }
 
 #[cfg(test)]
@@ -398,28 +375,18 @@ mod tests {
         db::sea_orm::Value,
     };
 
-    use crate::serv::pg::stats_pg_sync_serv::{process_sql, validate_fact_col_sql, validate_fact_sql};
-
-    #[test]
-    fn test_validate_fact_sql() {
-        let sql = "select id as idempotent_id from table";
-        assert_eq!(validate_fact_sql(sql).unwrap(), true);
-        let sql = "select idempotent_id,name from table";
-        assert_eq!(validate_fact_sql(sql).unwrap(), true);
-        let sql = "select * from table";
-        assert_eq!(validate_fact_sql(sql).unwrap(), false);
-        let sql = "update table set id = ${id} where id = ${id}";
-        assert_eq!(validate_fact_sql(sql).unwrap(), false);
-    }
+    use crate::serv::pg::stats_pg_sync_serv::{process_sql, validate_select_sql};
 
     #[test]
-    fn test_validate_fact_col_sql() {
-        let sql = "select idempotent_id from table";
-        assert_eq!(validate_fact_col_sql(sql), true);
-        let sql = "select idempotent_id,name from table";
-        assert_eq!(validate_fact_col_sql(sql), false);
-        let sql = "update table set id = ${id} where id = ${id}";
-        assert_eq!(validate_fact_col_sql(sql), false);
+    fn test_validate_select_sql() {
+        let sql = "SELECT * FROM users";
+        assert_eq!(validate_select_sql(sql), true);
+        let sql = " select name FROM users";
+        assert_eq!(validate_select_sql(sql), true);
+        let sql = "INSERT INTO users (name) VALUES ('John')";
+        assert_eq!(validate_select_sql(sql), false);
+        let sql = "UPDATE users SET name = 'John'";
+        assert_eq!(validate_select_sql(sql), false);
     }
 
     #[test]