Merge pull request #181 from mk3008/feat_dynamic_condition

feat: enhance SqlParamInjector with improved column validation handling

Author: mk3008

package-lock.json

@@ -1,6 +1,6 @@
 {
     "name": "rawsql-ts",
-    "version": "0.11.23-beta",
+    "version": "0.11.24-beta",
     "description": "[beta]High-performance SQL parser and AST analyzer written in TypeScript. Provides fast parsing and advanced transformation capabilities.",
     "main": "dist/src/index.js",
     "module": "dist/esm/index.js",

packages/core/package.json

@@ -1,7 +1,7 @@
 import { SelectQuery, SimpleSelectQuery } from "../models/SelectQuery";
 import { BinarySelectQuery } from "../models/BinarySelectQuery";
 import { SelectableColumnCollector } from "./SelectableColumnCollector";
-import { BinaryExpression, FunctionCall, ParameterExpression, ParenExpression, ValueComponent, ValueList, SqlParameterValue } from "../models/ValueComponent";
+import { BinaryExpression, FunctionCall, ParameterExpression, ParenExpression, ValueComponent, ValueList, SqlParameterValue, ColumnReference } from "../models/ValueComponent";
 import { UpstreamSelectQueryFinder } from "./UpstreamSelectQueryFinder";
 import { SelectQueryParser } from "../parsers/SelectQueryParser";
 
@@ -13,6 +13,8 @@ export interface SqlParamInjectorOptions {
     ignoreCaseAndUnderscore?: boolean;
     /** Whether to allow injection when all parameters are undefined (defaults to false for safety) */
     allowAllUndefined?: boolean;
+    /** Whether to skip column validation entirely (defaults to false for safety) */
+    skipColumnValidation?: boolean;
 }
 
 // Type for state parameter values - can be simple values, conditions, or complex objects
@@ -510,6 +512,25 @@ export class SqlParamInjector {
         injectComplexConditions: Function,
         validateOperators: Function
     ): void {
+        // Skip column validation if option is enabled
+        if (this.options.skipColumnValidation) {
+            // if object, validate its keys
+            if (this.isValidatableObject(stateValue)) {
+                validateOperators(stateValue, allowedOps, name);
+            }
+            
+            // Create a column reference using the name directly
+            const columnRef = new ColumnReference(null, name);
+            
+            // Handle complex conditions if needed
+            if (this.isValidatableObject(stateValue)) {
+                injectComplexConditions(query, columnRef, name, stateValue);
+            } else {
+                injectSimpleCondition(query, columnRef, name, stateValue);
+            }
+            return;
+        }
+        
         const queries = finder.find(query, name);
         if (queries.length === 0) {
             throw new Error(`Column '${name}' not found in query`);

packages/core/src/transformers/SqlParamInjector.ts

@@ -85,6 +85,44 @@ describe('SqlParamInjector', () => {
         expect(params).toEqual({ articleId: 100 });
     });
 
+    test('should skip column validation for undefined values', () => {
+        // Arrange: parse base query with limited columns
+        const baseQuery = SelectQueryParser.parse('select a.article_id from article as a') as SimpleSelectQuery;
+        // Arrange: state with undefined value for non-existent column - should not throw error
+        const state = { nonExistentColumn: undefined, article_id: 100 };
+
+        // Act: inject parameters - should not throw error for undefined values
+        const injector = new SqlParamInjector();
+        const injectedQuery = injector.inject(baseQuery, state);
+
+        // Act: format SQL and extract parameters
+        const formatter = new SqlFormatter();
+        const { formattedSql, params } = formatter.format(injectedQuery);
+
+        // Assert: only defined values should be in WHERE clause
+        expect(formattedSql).toBe('select "a"."article_id" from "article" as "a" where "a"."article_id" = :article_id');
+        expect(params).toEqual({ article_id: 100 });
+    });
+
+    test('should skip column validation when skipColumnValidation option is enabled', () => {
+        // Arrange: parse base query with limited columns
+        const baseQuery = SelectQueryParser.parse('select a.article_id from article as a') as SimpleSelectQuery;
+        // Arrange: state with non-existent column - should not throw error with skipColumnValidation
+        const state = { nonExistentColumn: 'value' };
+
+        // Act: inject parameters with skipColumnValidation option
+        const injector = new SqlParamInjector({ skipColumnValidation: true });
+        const injectedQuery = injector.inject(baseQuery, state);
+
+        // Act: format SQL and extract parameters
+        const formatter = new SqlFormatter();
+        const { formattedSql, params } = formatter.format(injectedQuery);
+
+        // Assert: WHERE clause should be added even for non-existent column
+        expect(formattedSql).toBe('select "a"."article_id" from "article" as "a" where "nonExistentColumn" = :nonExistentColumn');
+        expect(params).toEqual({ nonExistentColumn: 'value' });
+    });
+
     test('injects state using custom tableColumnResolver', () => {
         // Custom tableColumnResolver returns columns for "users" table
         const customResolver = (tableName: string) => {