feat(sql): SQL Injection

utils/sql.go

@@ -1,80 +0,0 @@
-package utils
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-)
-
-func SQLQuoteIdent(id string) string {
-	return `"` + strings.ReplaceAll(id, `"`, `""`) + `"`
-}
-
-func SQLQuoteValue(value any) string {
-	switch v := value.(type) {
-	case string:
-		escaped := strings.ReplaceAll(v, "'", "''")
-		return fmt.Sprintf("'%s'", escaped)
-	case int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
-		return fmt.Sprintf("%v", value)
-	case float32, float64:
-		return fmt.Sprintf("%v", value)
-	case bool:
-		return fmt.Sprintf("%v", value)
-	case nil:
-		return "NULL"
-	}
-	str := fmt.Sprintf("%v", value)
-	escaped := strings.ReplaceAll(str, "'", "''")
-	return fmt.Sprintf("'%s'", escaped)
-}
-
-var identifierRe = regexp.MustCompile(`^[A-Za-z_][A-Za-z0-9_]{0,62}$`)
-
-func IsValidIdentifier(id string) bool {
-	return identifierRe.MatchString(id)
-}
-
-var allowedOnActions = map[string]bool{
-	"CASCADE":     true,
-	"SET NULL":    true,
-	"NO ACTION":   true,
-	"RESTRICT":    true,
-	"SET DEFAULT": true,
-}
-
-func SanitizeOnAction(s string) (string, error) {
-	if strings.TrimSpace(s) == "" {
-		return "", nil
-	}
-	u := strings.ToUpper(strings.Join(strings.Fields(s), " "))
-	if allowedOnActions[u] {
-		return u, nil
-	}
-	return "", fmt.Errorf("invalid action: %q", s)
-}
-
-var allowedDefaultFuncs = map[string]bool{
-	"CURRENT_TIMESTAMP":  true,
-	"NOW()":              true,
-	"UUID_GENERATE_V4()": true,
-}
-
-func IsValidDefault(val string) bool {
-	v := strings.TrimSpace(val)
-	if v == "" {
-		return false
-	}
-
-	if regexp.MustCompile(`^[+-]?\d+(\.\d+)?$`).MatchString(v) {
-		return true
-	}
-
-	if strings.HasPrefix(v, "'") && strings.HasSuffix(v, "'") {
-		return true
-	}
-	if allowedDefaultFuncs[strings.ToUpper(v)] {
-		return true
-	}
-	return false
-}