git/postgres
1
0
Fork 0
mirror of https://github.com/johndoe6345789/postgres.git synced 2026-04-24 13:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add password generator, Caprover deployment, and position as modern legacy tool replacement

Browse Source 
Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-08 01:37:58 +00:00
parent e4ec2b7d18
commit 684d8cd73c
6 changed files with 334 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/app/api/admin/query/route.ts
View File

@@ -15,7 +15,8 @@ function validateSelectQuery(query: string): boolean {
}
// Check for dangerous keywords (case insensitive)
const dangerous = /;\s*(?:drop|delete|update|insert|alter|create|truncate|exec|execute)\s/i;
// Includes common SQL modification commands and advanced features
const dangerous = /;\s*(?:drop|delete|update|insert|alter|create|truncate|exec|execute|merge|call|with)\s/i;
if (dangerous.test(trimmed)) {
return false;
}

7
src/app/api/admin/table-data/route.ts
View File

@@ -38,9 +38,10 @@ export async function POST(request: Request) {
);
}
// Table name is validated, sanitize and use
const safeTableName = String(tableName).replace(/\W/g, '');
const result = await db.execute(sql.raw(`SELECT * FROM "${safeTableName}" LIMIT 100`));
// Table name is validated against schema - safe to use the validated name
// The validation query above ensures the table exists in the public schema
const validatedTableName = (tablesResult.rows[0] as any).table_name;
const result = await db.execute(sql.raw(`SELECT * FROM "${validatedTableName}" LIMIT 100`));
return NextResponse.json({
rows: result.rows,