use actix_web::HttpResponse;
use crate::api::response::bad_request;
use crate::parser::query_builder::sanitize_identifier;
pub(super) fn validate_identifier(
value: &str,
parameter_name: &str,
) -> Result<String, HttpResponse> {
let trimmed = value.trim();
if trimmed.is_empty() {
return Err(bad_request(
"Invalid request",
format!("{parameter_name} is required"),
));
}
if sanitize_identifier(trimmed).is_none() {
return Err(bad_request(
"Invalid request",
format!("Invalid {parameter_name} parameter"),
));
}
Ok(trimmed.to_string())
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn validate_identifier_rejects_empty_values() {
let result = validate_identifier(" ", "table_name");
assert!(result.is_err());
}
#[test]
fn validate_identifier_rejects_invalid_identifiers() {
let result = validate_identifier("users;drop", "table_name");
assert!(result.is_err());
}
#[test]
fn validate_identifier_accepts_valid_identifiers() {
let value =
validate_identifier(" users ", "table_name").expect("valid identifier should pass");
assert_eq!(value, "users");
}
}