Skip to main content

QueryBuilderIntegration

fraiseql_server::encryption::query_builder

Struct QueryBuilderIntegration 

Source 
pub struct QueryBuilderIntegration { /* private fields */ }
Expand description

Query builder integration for encrypted field validation

Validates queries to ensure encrypted fields are not used in operations that require plaintext comparison (WHERE, ORDER BY, JOIN).

Implementations§

Source§

impl QueryBuilderIntegration

Source

pub fn new(encrypted_fields: Vec<String>) -> Self

Create new query builder integration

Source

pub fn validate_where_clause(&self, fields: &[&str]) -> Result<(), SecretsError>

Validate that encrypted fields are not used in WHERE clause

Encrypted fields cannot be directly compared due to non-deterministic encryption (random nonces). Queries using encrypted fields in WHERE must use alternative approaches like:

  • Deterministic hash of plaintext
  • Separate plaintext index
  • Application-level filtering
Source

pub fn validate_order_by_clause( &self, fields: &[&str], ) -> Result<(), SecretsError>

Validate that encrypted fields are not used in ORDER BY clause

Encrypted fields cannot be compared for sorting because ciphertext does not preserve plaintext order.

Source

pub fn validate_join_condition( &self, fields: &[&str], ) -> Result<(), SecretsError>

Validate that encrypted fields are not used in JOIN condition

Encrypted fields cannot be compared in JOIN conditions because ciphertext is non-deterministic (different every time even for same plaintext).

Source

pub fn validate_group_by_clause( &self, fields: &[&str], ) -> Result<(), SecretsError>

Validate that encrypted fields are not used in GROUP BY clause

Source

pub fn validate_is_null_on_encrypted( &self, _field: &str, ) -> Result<(), SecretsError>

Validate IS NULL can be used on encrypted fields

IS NULL checks NULL at database level (before encryption), so it works correctly with encrypted fields.

Source

pub fn validate_clause( &self, clause_type: ClauseType, fields: &[&str], ) -> Result<(), SecretsError>

Validate clause type contains allowed fields

Source

pub fn encrypted_fields(&self) -> Vec<String>

Get encrypted field names

Source

pub fn is_encrypted(&self, field: &str) -> bool

Check if field is encrypted

Source

pub fn get_encrypted_fields_in_list(&self, fields: &[&str]) -> Vec<String>

Get encrypted fields that appear in field list

Source

pub fn validate_query( &self, query_type: QueryType, where_fields: &[&str], order_by_fields: &[&str], join_fields: &[&str], ) -> Result<(), SecretsError>

Validate entire query structure

Performs comprehensive validation across multiple clauses.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> Allocation for T
where T: RefUnwindSafe + Send + Sync,