Spaces:

amaye15
/

DuckDB-UI

Sleeping

App Files Files Community

amaye15 commited on Apr 9

Commit

850182e

1 Parent(s): 3bcb6cf

API

Browse files

Files changed (1) hide show

main.py +54 -21

main.py CHANGED Viewed

@@ -91,36 +91,69 @@ class ApiResponse(BaseModel):
     message: str
     details: Optional[Any] = None
-# --- Helper Functions (keep existing) ---
 def safe_identifier(name: str) -> str:
-    """Quotes an identifier safely using DuckDB."""
     if not name or not isinstance(name, str):
          raise HTTPException(status_code=400, detail=f"Invalid identifier provided: {name}")
-    try:
-        with duckdb.connect(':memory:') as temp_conn:
-            quoted = temp_conn.sql(f"SELECT '{name}'::IDENTIFIER").fetchone()
-            if quoted:
-                return quoted[0]
-            else:
-                 raise HTTPException(status_code=500, detail="Failed to quote identifier")
-    except duckdb.Error as e:
-         logger.error(f"Error quoting identifier '{name}': {e}")
-         raise HTTPException(status_code=400, detail=f"Invalid identifier '{name}': {e}")
 def generate_column_sql(columns: List[ColumnDefinition]) -> str:
     """Generates the column definition part of a CREATE TABLE statement."""
     defs = []
     for col in columns:
         col_name_safe = safe_identifier(col.name)
-        allowed_types_prefix = ['INTEGER', 'VARCHAR', 'TEXT', 'BOOLEAN', 'FLOAT', 'DOUBLE', 'DATE', 'TIMESTAMP', 'BLOB', 'BIGINT', 'DECIMAL', 'LIST', 'STRUCT', 'MAP', 'UNION']
-        type_upper = col.type.strip().upper()
-        is_allowed = False
-        for prefix in allowed_types_prefix:
-            if type_upper.startswith(prefix):
-                is_allowed = True
-                break
-        if not is_allowed:
-             raise HTTPException(status_code=400, detail=f"Unsupported or potentially invalid data type: {col.type}")
         defs.append(f"{col_name_safe} {col.type}")
     return ", ".join(defs)

     message: str
     details: Optional[Any] = None
+# # --- Helper Functions (keep existing) ---
+# def safe_identifier(name: str) -> str:
+#     """Quotes an identifier safely using DuckDB."""
+#     if not name or not isinstance(name, str):
+#          raise HTTPException(status_code=400, detail=f"Invalid identifier provided: {name}")
+#     try:
+#         with duckdb.connect(':memory:') as temp_conn:
+#             quoted = temp_conn.sql(f"SELECT '{name}'::IDENTIFIER").fetchone()
+#             if quoted:
+#                 return quoted[0]
+#             else:
+#                  raise HTTPException(status_code=500, detail="Failed to quote identifier")
+#     except duckdb.Error as e:
+#          logger.error(f"Error quoting identifier '{name}': {e}")
+#          raise HTTPException(status_code=400, detail=f"Invalid identifier '{name}': {e}")
 def safe_identifier(name: str) -> str:
+    """Quotes an identifier safely for DuckDB SQL."""
     if not name or not isinstance(name, str):
          raise HTTPException(status_code=400, detail=f"Invalid identifier provided: {name}")
+    # Escape any double quotes within the identifier itself
+    escaped_name = name.replace('"', '""')
+    # Always enclose in double quotes for safety, especially with keywords or special chars
+    return f'"{escaped_name}"'
+# def generate_column_sql(columns: List[ColumnDefinition]) -> str:
+#     """Generates the column definition part of a CREATE TABLE statement."""
+#     defs = []
+#     for col in columns:
+#         col_name_safe = safe_identifier(col.name)
+#         allowed_types_prefix = ['INTEGER', 'VARCHAR', 'TEXT', 'BOOLEAN', 'FLOAT', 'DOUBLE', 'DATE', 'TIMESTAMP', 'BLOB', 'BIGINT', 'DECIMAL', 'LIST', 'STRUCT', 'MAP', 'UNION']
+#         type_upper = col.type.strip().upper()
+#         is_allowed = False
+#         for prefix in allowed_types_prefix:
+#             if type_upper.startswith(prefix):
+#                 is_allowed = True
+#                 break
+#         if not is_allowed:
+#              raise HTTPException(status_code=400, detail=f"Unsupported or potentially invalid data type: {col.type}")
+#         defs.append(f"{col_name_safe} {col.type}")
+#     return ", ".join(defs)
 def generate_column_sql(columns: List[ColumnDefinition]) -> str:
     """Generates the column definition part of a CREATE TABLE statement."""
     defs = []
     for col in columns:
         col_name_safe = safe_identifier(col.name)
+        # --- REMOVE OR COMMENT OUT THE STRICT VALIDATION ---
+        # allowed_types_prefix = ['INTEGER', 'VARCHAR', 'TEXT', 'BOOLEAN', 'FLOAT', 'DOUBLE', 'DATE', 'TIMESTAMP', 'BLOB', 'BIGINT', 'DECIMAL', 'LIST', 'STRUCT', 'MAP', 'UNION']
+        # type_upper = col.type.strip().upper()
+        # is_allowed = False
+        # for prefix in allowed_types_prefix:
+        #      # Allow types like VARCHAR(255), DECIMAL(10,2), LIST<INT>, STRUCT<a INT> etc.
+        #     if type_upper.startswith(prefix):
+        #         is_allowed = True
+        #         break
+        # if not is_allowed:
+        #      raise HTTPException(status_code=400, detail=f"Unsupported or potentially invalid data type: {col.type}")
+        # --- END REMOVAL ---
+        # Trust DuckDB to validate the full type string including constraints
         defs.append(f"{col_name_safe} {col.type}")
     return ", ".join(defs)