#query-parser #parser #sql-query #url-parameters #query-string

inquerest

A complex url parameter parser for rest filter queries

20 releases

0.3.1 Aug 7, 2020
0.3.0 Jan 6, 2020
0.2.2 Mar 8, 2017
0.1.5 Nov 14, 2016
0.0.6 Nov 24, 2015

#8 in #url-parameters


Used in curtain

MIT license

16KB

inquerest

Inquerest can parse complex url query into a SQL abstract syntax tree.

Example this url:

 /person?age=lt.42&(student=eq.true|gender=eq.'M')&group_by=sum(age),grade,gender&having=min(age)=gt.42&order_by=age.desc,height.asc&page=20&page_size=100

will be parsed into:

Select {
        from_table: FromTable {
            from: Table {
                name: "person",
            },
            join: None,
        },
        filter: Some(
            BinaryOperation(
                BinaryOperation {
                    left: BinaryOperation(
                        BinaryOperation {
                            left: Column(
                                Column {
                                    name: "age",
                                },
                            ),
                            operator: Lt,
                            right: Value(
                                Number(
                                    42.0,
                                ),
                            ),
                        },
                    ),
                    operator: And,
                    right: Nested(
                        BinaryOperation(
                            BinaryOperation {
                                left: BinaryOperation(
                                    BinaryOperation {
                                        left: Column(
                                            Column {
                                                name: "student",
                                            },
                                        ),
                                        operator: Eq,
                                        right: Value(
                                            Bool(
                                                true,
                                            ),
                                        ),
                                    },
                                ),
                                operator: Or,
                                right: BinaryOperation(
                                    BinaryOperation {
                                        left: Column(
                                            Column {
                                                name: "gender",
                                            },
                                        ),
                                        operator: Eq,
                                        right: Value(
                                            String(
                                                "M",
                                            ),
                                        ),
                                    },
                                ),
                            },
                        ),
                    ),
                },
            ),
        ),
        group_by: Some(
            [
                Function(
                    Function {
                        name: "sum",
                        params: [
                            Column(
                                Column {
                                    name: "age",
                                },
                            ),
                        ],
                    },
                ),
                Column(
                    Column {
                        name: "grade",
                    },
                ),
                Column(
                    Column {
                        name: "gender",
                    },
                ),
            ],
        ),
        having: Some(
            BinaryOperation(
                BinaryOperation {
                    left: Function(
                        Function {
                            name: "min",
                            params: [
                                Column(
                                    Column {
                                        name: "age",
                                    },
                                ),
                            ],
                        },
                    ),
                    operator: Gt,
                    right: Value(
                        Number(
                            42.0,
                        ),
                    ),
                },
            ),
        ),
        projection: None,
        order_by: Some(
            [
                Order {
                    expr: Column(
                        Column {
                            name: "age",
                        },
                    ),
                    direction: Some(
                        Desc,
                    ),
                },
                Order {
                    expr: Column(
                        Column {
                            name: "height",
                        },
                    ),
                    direction: Some(
                        Asc,
                    ),
                },
            ],
        ),
        range: Some(
            Page(
                Page {
                    page: 20,
                    page_size: 100,
                },
            ),
        ),
    }

Which translate to the sql statement:

SELECT * FROM person WHERE age < 42 AND (student = true OR gender = 'M') GROUP BY sum(age), grade, gender HAVING min(age) > 42 ORDER BY age DESC, height ASC LIMIT 100 OFFSET 1900 ROWS

Note: However, you don't want to convert to the sql statement directly to avoid sql injection attack. You need to validate the tables and columns if it is allowed to be accessed by the user. You also need to extract the values yourself and supply it as a parameterized value into your ORM.

Please support this project:

Become a patron

License: MIT

Dependencies

~6.5MB
~118K SLoC