Feat/blacklist

README.md

@@ -171,6 +171,14 @@ Request : `/cars?search=creationyear:2018 AND price<300000 AND (color:Yellow OR
 15. Using the BETWEEN operator
 Request : `/cars?search=creationyear BETWEEN 2017 AND 2019`
 
+## Blocking the search on a field
+```java
+@GetMapping
+public List<User> getUsers(@SearchSpec(blackListedFields = {"password"}) Specification<User> specs) {
+  return userRepository.findAll(Specification.where(specs));
+}
+```
+
 <!-- TROUBLESHOOTING -->
 ## Troubleshooting
 

src/main/kotlin/com/sipios/springsearch/QueryVisitorImpl.kt

@@ -4,6 +4,8 @@ import com.sipios.springsearch.anotation.SearchSpec
 import com.sipios.springsearch.grammar.QueryBaseVisitor
 import com.sipios.springsearch.grammar.QueryParser
 import org.springframework.data.jpa.domain.Specification
+import org.springframework.http.HttpStatus
+import org.springframework.web.server.ResponseStatusException
 
 class QueryVisitorImpl<T>(private val searchSpecAnnotation: SearchSpec) : QueryBaseVisitor<Specification<T>>() {
     private val valueRegExp = Regex(pattern = "^(?<prefix>\\*?)(?<value>.+?)(?<suffix>\\*?)$")
@@ -32,6 +34,7 @@ class QueryVisitorImpl<T>(private val searchSpecAnnotation: SearchSpec) : QueryB
 
     override fun visitIsCriteria(ctx: QueryParser.IsCriteriaContext): Specification<T> {
         val key = ctx.key().text
+        verifyBlackList(key)
         val op = if (ctx.IS() != null) {
             SearchOperation.IS
         } else {
@@ -42,6 +45,7 @@ class QueryVisitorImpl<T>(private val searchSpecAnnotation: SearchSpec) : QueryB
 
     override fun visitEqArrayCriteria(ctx: QueryParser.EqArrayCriteriaContext): Specification<T> {
         val key = ctx.key().text
+        verifyBlackList(key)
         val op = if (ctx.IN() != null) {
             SearchOperation.IN_ARRAY
         } else {
@@ -58,6 +62,7 @@ class QueryVisitorImpl<T>(private val searchSpecAnnotation: SearchSpec) : QueryB
 
     override fun visitBetweenCriteria(ctx: QueryParser.BetweenCriteriaContext): Specification<T> {
         val key = ctx.key().text
+        verifyBlackList(key)
         val leftValue = if (ctx.left.STRING() != null) {
             clearString(ctx.left.text)
         } else {
@@ -93,6 +98,7 @@ class QueryVisitorImpl<T>(private val searchSpecAnnotation: SearchSpec) : QueryB
         } else {
             ctx.value().text
         }
+        verifyBlackList(key)
         val matchResult = this.valueRegExp.find(value)
         val op = SearchOperation.getSimpleOperation(ctx.op().text) ?: throw IllegalArgumentException("Invalid operation")
         val criteria = SearchCriteria(
@@ -106,6 +112,16 @@ class QueryVisitorImpl<T>(private val searchSpecAnnotation: SearchSpec) : QueryB
         return SpecificationImpl(criteria, searchSpecAnnotation)
     }
 
+    private fun verifyBlackList(key: String?) {
+        val blackList = this.searchSpecAnnotation.blackListedFields
+        if (blackList.contains(key)) {
+            throw ResponseStatusException(
+                HttpStatus.BAD_REQUEST,
+                "Field $key is blacklisted"
+            )
+        }
+    }
+
     private fun clearString(value: String) = value
         .removeSurrounding("'")
         .removeSurrounding("\"")

src/main/kotlin/com/sipios/springsearch/anotation/SearchSpec.kt

@@ -16,5 +16,10 @@ annotation class SearchSpec(
     /**
      * A flag to indicate if the search needs to be case-sensitive or not
      */
-    val caseSensitiveFlag: Boolean = true
+    val caseSensitiveFlag: Boolean = true,
+
+    /**
+     * A list of fields that should be excluded from the search
+     */
+    val blackListedFields: Array<String> = []
 )