Have been dabbling in rsql-parser recently for creating a search filter for REST API. What does this mean? One doesn't need to write static queries for each search filter eg /users?age=30 /users?active=no. RSQL qill use the search string and dynamically incorporate it into a the query. So you just have one library instead of writing tons of queries.
We chose rsql-parser is it seems it has had a certain amount of adoption. At some point, a person mentioned that he wrote another library on top of rsql-parser - combining it with query-dsl because rsql-parser is not type safe.
What is type safe queries? One definition is
Type-safe queries refer to a writing database query statement mechanism that allows developers to verify the correctness of database query statements at compile time. Normally developers write database queries in string literal style therefore compiler has no way to check if the statements are incorrect.
I suspect another reason the archelix-rsql was written because of issues of sql-injection - a good client would call /users?age=30 but a hackercould write /users?age=delete * from user
Another reason could be lack of control. I wouldn't want the client to just about search any column in the entire table but restrct the search to only those fields that API designer wishes to provide.
No comments:
Post a Comment