From ee4a3b90cc1acab95ab8b3164404a87eeade6816 Mon Sep 17 00:00:00 2001
From: Yuriy Lytvynchuk <yuriy.litv@gmail.com>
Date: Fri, 8 Apr 2022 23:01:51 +0300
Subject: [PATCH] Query: add SQL string with parameters

---
 .../sql/query/DefaultQueryLogComponent.java   |  74 +++++++++-
 .../query/DefaultQueryLogComponentTest.java   | 128 ++++++++++++++++++
 2 files changed, 201 insertions(+), 1 deletion(-)
 create mode 100644 dao/src/test/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponentTest.java

diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponent.java b/dao/src/main/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponent.java
index 17c60c8be9..4a8d9e4d4d 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponent.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponent.java
@@ -17,10 +17,16 @@ package org.thingsboard.server.dao.sql.query;
 
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.jdbc.core.SqlParameter;
+import org.springframework.jdbc.core.SqlParameterValue;
 import org.springframework.jdbc.core.namedparam.NamedParameterUtils;
+import org.springframework.jdbc.core.namedparam.ParsedSql;
+import org.springframework.jdbc.core.namedparam.SqlParameterSource;
 import org.springframework.stereotype.Component;
 
 import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
 
 @Component
 @Slf4j
@@ -35,7 +41,7 @@ public class DefaultQueryLogComponent implements QueryLogComponent {
     public void logQuery(QueryContext ctx, String query, long duration) {
         if (logSqlQueries && duration > logQueriesThreshold) {
 
-            String sqlToUse = NamedParameterUtils.substituteNamedParameters(query, ctx);
+            String sqlToUse = substituteParametersInSqlString(query, ctx);
 
             log.info("QUERY: {} took {} ms", query, duration);
             log.info("QUERY SQL TO USE: {} took {} ms", sqlToUse, duration);
@@ -43,4 +49,70 @@ public class DefaultQueryLogComponent implements QueryLogComponent {
             Arrays.asList(ctx.getParameterNames()).forEach(param -> log.info("QUERY PARAM: {} -> {}", param, ctx.getValue(param)));
         }
     }
+
+    String substituteParametersInSqlString(String sql, SqlParameterSource paramSource) {
+
+        ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
+        List<SqlParameter> declaredParams = NamedParameterUtils.buildSqlParameterList(parsedSql, paramSource);
+        StringBuilder actualSql = new StringBuilder(parsedSql.toString());
+
+        if (declaredParams.isEmpty()) {
+            return sql;
+        }
+
+        for (SqlParameter parSQL: declaredParams) {
+            String paramName = parSQL.getName();
+            if (!paramSource.hasValue(paramName)) {
+                continue;
+            }
+
+            Object value = paramSource.getValue(paramName);
+            if (value instanceof SqlParameterValue) {
+                value = ((SqlParameterValue)value).getValue();
+            }
+
+            if (!(value instanceof Iterable)) {
+
+                String ValueForSQLQuery = getValueForSQLQuery(value);
+                String sqlTemp = sql.replace(":" + paramName, ValueForSQLQuery);
+                sql = sqlTemp;
+                continue;
+            }
+
+            //Iterable
+            int count = 0;
+            String valueArrayStr = "";
+
+            for (Object valueTemp: (Iterable)value) {
+
+                if (count > 0) {
+                    valueArrayStr+=", ";
+                }
+
+                String ValueForSQLQuery = getValueForSQLQuery(valueTemp);
+                valueArrayStr += ValueForSQLQuery;
+                ++count;
+            }
+
+            if (!valueArrayStr.isEmpty()){
+                String sqlTemp = sql.replace(":" + paramName, valueArrayStr);
+                sql = sqlTemp;
+            }
+        }
+
+        return sql;
+    }
+
+    String getValueForSQLQuery(Object valueParameter) {
+
+        if (valueParameter instanceof String) {
+            return "'" + valueParameter + "'";
+        }
+
+        if (valueParameter instanceof UUID) {
+            return "'" + valueParameter.toString() + "'";
+        }
+
+        return valueParameter.toString();
+    }
 }
diff --git a/dao/src/test/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponentTest.java b/dao/src/test/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponentTest.java
new file mode 100644
index 0000000000..db65c8d360
--- /dev/null
+++ b/dao/src/test/java/org/thingsboard/server/dao/sql/query/DefaultQueryLogComponentTest.java
@@ -0,0 +1,128 @@
+
+package org.thingsboard.server.dao.sql.query;
+
+import com.datastax.oss.driver.api.core.uuid.Uuids;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.thingsboard.server.common.data.EntityType;
+import org.thingsboard.server.common.data.id.TenantId;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.junit.Assert.assertEquals;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = DefaultQueryLogComponent.class)
+class DefaultQueryLogComponentTest {
+
+    private TenantId tenantId;
+    private QueryContext ctx;
+
+    @Autowired
+    private DefaultQueryLogComponent queryLog;
+
+    @BeforeEach
+    void setUp() {
+        tenantId = new TenantId(Uuids.timeBased());
+        ctx = new QueryContext(new QuerySecurityContext(tenantId, null, EntityType.ALARM));
+    }
+
+    @Test
+    void substituteParametersInSqlString_StringType() {
+
+        String Name = "Mery";
+        String id = "ID_1";
+        String sql = "Select * from Table Where name = :name AND id = :id";
+        String sqlToUse = "Select * from Table Where name = 'Mery' AND id = 'ID_1'";
+
+        ctx.addStringParameter("name", Name);
+        ctx.addStringParameter("id", id);
+
+        String sqlToUse2 = queryLog.substituteParametersInSqlString(sql, ctx);
+        assertEquals(sqlToUse, sqlToUse2);
+    }
+
+    @Test
+    void substituteParametersInSqlString_DoubleLongType() {
+
+        double sum = 10.55;
+        long price = 100000;
+        String sql = "Select * from Table Where sum = :sum AND price = :price";
+        String sqlToUse = "Select * from Table Where sum = 10.55 AND price = 100000";
+
+        ctx.addDoubleParameter("sum", sum);
+        ctx.addLongParameter("price", price);
+
+        String sqlToUse2 = queryLog.substituteParametersInSqlString(sql, ctx);
+        assertEquals(sqlToUse, sqlToUse2);
+    }
+
+    @Test
+    void substituteParametersInSqlString_BooleanType() {
+
+        boolean check = true;
+        String sql = "Select * from Table Where check = :check AND mark = :mark";
+        String sqlToUse = "Select * from Table Where check = true AND mark = false";
+
+        ctx.addBooleanParameter("check", check);
+        ctx.addBooleanParameter("mark", false);
+
+        String sqlToUse2 = queryLog.substituteParametersInSqlString(sql, ctx);
+        assertEquals(sqlToUse, sqlToUse2);
+    }
+
+    @Test
+    void substituteParametersInSqlString_UuidType() {
+
+        UUID guid = Uuids.timeBased();
+        String sql = "Select * from Table Where guid = :guid";
+        String sqlToUse = "Select * from Table Where guid = '" + guid.toString() + "'";
+
+        ctx.addUuidParameter("guid", guid);
+
+        String sqlToUse2 = queryLog.substituteParametersInSqlString(sql, ctx);
+        assertEquals(sqlToUse, sqlToUse2);
+    }
+
+    @Test
+    void substituteParametersInSqlString_StringListType() {
+
+        List<String> ids = new ArrayList<>();
+        ids.add("ID_1");
+        ids.add("ID_2");
+        ids.add("ID_3");
+        ids.add("ID_4");
+
+        String sql = "Select * from Table Where id IN (:ids)";
+        String sqlToUse = "Select * from Table Where id IN ('ID_1', 'ID_2', 'ID_3', 'ID_4')";
+
+        ctx.addStringListParameter("ids", ids);
+
+        String sqlToUse2 = queryLog.substituteParametersInSqlString(sql, ctx);
+        assertEquals(sqlToUse, sqlToUse2);
+    }
+
+    @Test
+    void substituteParametersInSqlString_UuidListType() {
+
+        List<UUID> guids = new ArrayList<>();
+        guids.add(UUID.fromString("634a8d03-6871-4e01-94d0-876bf3e67dff"));
+        guids.add(UUID.fromString("3adbb5b8-4dc6-4faf-80dc-681a7b518b5e"));
+        guids.add(UUID.fromString("63a50f0c-2058-4d1d-8f15-812eb7f84412"));
+
+        String sql = "Select * from Table Where guid IN (:guids)";
+        String sqlToUse = "Select * from Table Where guid IN ('634a8d03-6871-4e01-94d0-876bf3e67dff', '3adbb5b8-4dc6-4faf-80dc-681a7b518b5e', '63a50f0c-2058-4d1d-8f15-812eb7f84412')";
+
+        ctx.addUuidListParameter("guids", guids);
+
+        String sqlToUse2 = queryLog.substituteParametersInSqlString(sql, ctx);
+        assertEquals(sqlToUse, sqlToUse2);
+    }
+}
+