filter

package

v0.3.0 Latest Latest Go to latest Published: Jun 8, 2026 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/DonaldMurillo/gofastr

Links

Open Source Insights

Documentation ¶

Index ¶

func ApplySortToQuery(qb *query.QueryBuilder, sorts []ParsedSort)
func ApplyToCountQuery(cb *query.CountBuilder, filters []ParsedFilter)
func ApplyToQuery(qb *query.QueryBuilder, filters []ParsedFilter)
type FilterOp
type ParsedFilter
- func ParseFilters(r *http.Request, fields []schema.Field) ([]ParsedFilter, error)
type ParsedSort
- func ParseSort(r *http.Request, fields []schema.Field) ([]ParsedSort, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ApplySortToQuery ¶

func ApplySortToQuery(qb *query.QueryBuilder, sorts []ParsedSort)

applySortToQuery applies parsed sorts to a query builder.

func ApplyToCountQuery ¶

func ApplyToCountQuery(cb *query.CountBuilder, filters []ParsedFilter)

applyFiltersToCountQuery applies parsed filters to a count builder.

func ApplyToQuery ¶

func ApplyToQuery(qb *query.QueryBuilder, filters []ParsedFilter)

applyFiltersToQuery applies parsed filters to a query builder.

Types ¶

type FilterOp ¶

type FilterOp string

FilterOp represents a comparison operator for query filtering.

const (
	OpEq   FilterOp = "eq"
	OpGt   FilterOp = "gt"
	OpLt   FilterOp = "lt"
	OpGte  FilterOp = "gte"
	OpLte  FilterOp = "lte"
	OpLike FilterOp = "like"
	OpIn   FilterOp = "in"
)

type ParsedFilter ¶

type ParsedFilter struct {
	Field string
	Op    FilterOp
	Value string
}

ParsedFilter represents a single parsed filter from query parameters.

func ParseFilters ¶

func ParseFilters(r *http.Request, fields []schema.Field) ([]ParsedFilter, error)

ParseFilters extracts filters from query parameters based on entity fields. Supported patterns:

?field=value        → equals
?field_gt=value     → greater than
?field_lt=value     → less than
?field_gte=value    → greater than or equal
?field_lte=value    → less than or equal
?field_like=value   → LIKE (contains)
?field_in=v1,v2,v3  → IN

Only fields present in the schema are accepted. Hidden fields are excluded from the allow-list (mirroring ParseSort): building a WHERE predicate on a column the caller can't read turns row-count/result changes into a value-disclosure oracle — an attacker could probe a Hidden column (e.g. a password hash) via ?password_hash_like=… and exfiltrate it prefix by prefix. A Hidden field name is treated as an unknown filter param and never produces a ParsedFilter.

type ParsedSort ¶

type ParsedSort struct {
	Field string
	Desc  bool
}

ParsedSort represents sort direction for a field.

func ParseSort ¶

func ParseSort(r *http.Request, fields []schema.Field) ([]ParsedSort, error)

ParseSort extracts sort information from query parameters. Supported: ?sort=field (ascending), ?sort=-field (descending).

Hidden fields are excluded from the allow-list: sorting by a hidden column reveals row ordering by a value the caller can't read, which is an information-disclosure path. Unknown fields fail closed with a 400-shaped error rather than being silently ignored — silent drop turns probe attempts into "the API works the same with or without this param" oracles that mask broken client code.

Source Files ¶

View all Source files

filter.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL