From 5d4450919ff7c450c99778d0825745fe7a28b146 Mon Sep 17 00:00:00 2001
From: AbegaM <ebenezermelkamu@gmail.com>
Date: Tue, 18 Jul 2023 11:52:13 +0300
Subject: [PATCH] Add error handling for filters

---
 core/src/controllers/rows.js | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/core/src/controllers/rows.js b/core/src/controllers/rows.js
index ed81cd9..c78d728 100644
--- a/core/src/controllers/rows.js
+++ b/core/src/controllers/rows.js
@@ -73,16 +73,31 @@ const listTableRows = async (req, res) => {
   // filtering is case insensitive
   // e.g. ?_filters=name:John,age:20
   // will filter by name like '%John%' and age like '%20%'
+  let filters = [];
+  try {
+    filters = _filters.split(',').map((filter) => {
+      let [key, value] = filter.split(':');
+
+      let field = key.split('__')[0];
+      let fieldOperator = key.split('__')[1];
+
+      if (!fieldOperator) {
+        fieldOperator = 'eq';
+      } else if (!operators[fieldOperator]) {
+        throw new Error(
+          `Invalid field operator "${fieldOperator}" for field "${field}". You can only use the following operators after the "${field}" field: __lt, __gt, __lte, __gte, __eq, __neq.`
+        );
+      }
 
-  const filters = _filters.split(',').map((filter) => {
-    let [key, value] = filter.split(':');
-
-    let field = key.split('__')[0];
-    let fieldOperator = key.split('__')[1];
-    let operator = operators[fieldOperator ? fieldOperator : 'eq'];
-
-    return { field, operator, value };
-  });
+      let operator = operators[fieldOperator];
+      return { field, operator, value };
+    });
+  } catch (error) {
+    return res.status(400).json({
+      message: error.message,
+      error: error,
+    });
+  }
 
   let whereString = '';
   if (_filters !== '') {