athena_rs 3.22.1

Hyper performant polyglot Database driver
Documentation
//! Schema-route identifier validation helpers.
//!
//! This module owns sanitization/validation for schema route query parameters
//! (schema/table identifiers), keeping validation concerns separate from auth
//! and client-pool context resolution.

use actix_web::HttpResponse;

use crate::api::response::bad_request;
use crate::parser::query_builder::sanitize_identifier;

/// Validates a SQL identifier used in schema route query parameters.
pub(super) fn validate_identifier(
    value: &str,
    parameter_name: &str,
) -> Result<String, HttpResponse> {
    let trimmed = value.trim();
    if trimmed.is_empty() {
        return Err(bad_request(
            "Invalid request",
            format!("{parameter_name} is required"),
        ));
    }
    if sanitize_identifier(trimmed).is_none() {
        return Err(bad_request(
            "Invalid request",
            format!("Invalid {parameter_name} parameter"),
        ));
    }
    Ok(trimmed.to_string())
}

#[cfg(test)]
mod tests {
    use super::*;

    /// Ensures empty values are rejected as required parameters.
    #[test]
    fn validate_identifier_rejects_empty_values() {
        let result = validate_identifier("   ", "table_name");
        assert!(result.is_err());
    }

    /// Ensures disallowed identifier characters are rejected.
    #[test]
    fn validate_identifier_rejects_invalid_identifiers() {
        let result = validate_identifier("users;drop", "table_name");
        assert!(result.is_err());
    }

    /// Ensures valid identifiers are accepted and normalized by trim.
    #[test]
    fn validate_identifier_accepts_valid_identifiers() {
        let value =
            validate_identifier("  users  ", "table_name").expect("valid identifier should pass");
        assert_eq!(value, "users");
    }
}