feat(sql): Add new DML (DELETE, UPDATE)

build/delete.go

@@ -0,0 +1,28 @@
+package build
+
+import (
+	"fmt"
+	"log"
+
+	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/sql"
+)
+
+func Delete(s *schema.Table, where map[string]any) (*string, error) {
+	if err := sql.ValidateIdent(s.Name); err != nil {
+		return nil, err
+	}
+
+	if len(where) == 0 {
+		return nil, fmt.Errorf("WHERE clause is required for DELETE to prevent accidental deletion of all rows")
+	}
+
+	whereClause, err := sql.BuildWhereClause(where)
+	if err != nil {
+		return nil, err
+	}
+
+	ddl := fmt.Sprintf(sql.DML_DELETE, sql.QuoteIdent(s.Name), whereClause)
+	log.Printf("DDL: %s", ddl)
+	return &ddl, nil
+}

build/insert.go

@@ -2,27 +2,32 @@ package build
 
 import (
 	"fmt"
+	"log"
+	"sort"
 	"strings"
 
 	"git.secnex.io/secnex/pgson/schema"
 	"git.secnex.io/secnex/pgson/sql"
 )
 
-func Insert(s *schema.Table) (*string, error) {
-	if err := sql.ValidateIdent(s.Name); err != nil {
-		return nil, err
+func Insert(s *schema.Table, data map[string]any) (*string, error) {
+	cols := []string{}
+	values := []string{}
+	// Keys of the data map
+	keys := make([]string, 0, len(data))
+	for k := range data {
+		keys = append(keys, k)
 	}
-
-	var cols, values []string
-
-	for _, f := range s.Schema {
-		if err := sql.ValidateIdent(f.Name); err != nil {
+	sort.Strings(keys)
+	for _, k := range keys {
+		if err := sql.ValidateIdent(k); err != nil {
+			log.Printf("Invalid column identifier: %s", k)
 			return nil, err
 		}
-		cols = append(cols, sql.QuoteIdent(f.Name))
-		values = append(values, "?")
+		cols = append(cols, sql.QuoteIdent(k))
+		values = append(values, sql.QuoteValue(data[k]))
 	}
-
-	dmlParts := fmt.Sprintf(sql.DML_INSERT_INTO, sql.QuoteIdent(s.Name), strings.Join(cols, ", "), strings.Join(values, ", "))
-	return &dmlParts, nil
+	ddl := fmt.Sprintf(sql.DML_INSERT_INTO, sql.QuoteIdent(s.Name), strings.Join(cols, ", "), strings.Join(values, ", "))
+	log.Printf("DDL: %s", ddl)
+	return &ddl, nil
 }

build/update.go

@@ -0,0 +1,64 @@
+package build
+
+import (
+	"fmt"
+	"log"
+	"sort"
+	"strings"
+
+	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/sql"
+)
+
+func Update(s *schema.Table, data map[string]any, where map[string]any) (*string, error) {
+	if err := sql.ValidateIdent(s.Name); err != nil {
+		return nil, err
+	}
+
+	if len(data) == 0 {
+		return nil, fmt.Errorf("no columns to update")
+	}
+
+	if len(where) == 0 {
+		return nil, fmt.Errorf("WHERE clause is required for UPDATE to prevent accidental updates")
+	}
+
+	var setParts []string
+	keys := make([]string, 0, len(data))
+	for k := range data {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	for _, k := range keys {
+		if err := sql.ValidateIdent(k); err != nil {
+			log.Printf("Invalid column identifier: %s", k)
+			return nil, err
+		}
+		setParts = append(setParts, fmt.Sprintf("%s = %s", sql.QuoteIdent(k), sql.QuoteValue(data[k])))
+	}
+
+	whereClause, err := sql.BuildWhereClause(where)
+	if err != nil {
+		return nil, err
+	}
+
+	ddl := fmt.Sprintf(sql.DML_UPDATE, sql.QuoteIdent(s.Name), strings.Join(setParts, ", "), whereClause)
+	log.Printf("DDL: %s", ddl)
+	return &ddl, nil
+}
+
+func UpdateDeletedAt(s *schema.Table, where map[string]any) (*string, error) {
+	if err := sql.ValidateIdent(s.Name); err != nil {
+		return nil, err
+	}
+
+	whereClause, err := sql.BuildWhereClause(where)
+	if err != nil {
+		return nil, err
+	}
+
+	ddl := fmt.Sprintf(sql.DML_UPDATE, sql.QuoteIdent(s.Name), "deleted_at = CURRENT_TIMESTAMP", whereClause)
+	log.Printf("DDL: %s", ddl)
+	return &ddl, nil
+}

pgson.go

@@ -19,6 +19,6 @@ func NewSchema(json []byte) (*schema.Table, error) {
 	return schema.NewTable(json)
 }
 
-func ReadJsonFileToMap(path string) ([]map[string]any, error) {
+func ReadJsonFileToMap(path string) (map[string]any, error) {
 	return utils.ReadJsonFileToMap(path)
 }

query.go

@@ -9,6 +9,18 @@ func CreateTable(schema *schema.Table) (*string, error) {
 	return build.CreateTable(schema)
 }
 
-func Insert(schema *schema.Table) (*string, error) {
-	return build.Insert(schema)
+func Insert(schema *schema.Table, data map[string]any) (*string, error) {
+	return build.Insert(schema, data)
+}
+
+func Update(schema *schema.Table, data map[string]any, where map[string]any) (*string, error) {
+	return build.Update(schema, data, where)
+}
+
+func Delete(schema *schema.Table, where map[string]any) (*string, error) {
+	return build.UpdateDeletedAt(schema, where)
+}
+
+func HardDelete(schema *schema.Table, where map[string]any) (*string, error) {
+	return build.Delete(schema, where)
 }

sql/dml.go

@@ -2,4 +2,6 @@ package sql
 
 var (
 	DML_INSERT_INTO = "INSERT INTO %s (%s) VALUES (%s);"
+	DML_UPDATE      = "UPDATE %s SET %s%s;"
+	DML_DELETE      = "DELETE FROM %s%s;"
 )

sql/validate.go

@@ -3,6 +3,7 @@ package sql
 import (
 	"fmt"
 	"regexp"
+	"sort"
 	"strings"
 
 	"git.secnex.io/secnex/pgson/schema"
@@ -118,3 +119,68 @@ func ValidateComment(comment *string) error {
 func QuoteIdent(name string) string {
 	return `"` + strings.ReplaceAll(name, `"`, `""`) + `"`
 }
+
+// QuoteLiteral escapes a string literal for use in SQL queries
+// It doubles single quotes to prevent SQL injection
+func QuoteLiteral(s string) string {
+	return "'" + strings.ReplaceAll(s, "'", "''") + "'"
+}
+
+// QuoteValue formats a value according to its type for use in SQL queries
+// It handles strings, numbers, booleans, null, and UUIDs safely
+func QuoteValue(v any) string {
+	if v == nil {
+		return "NULL"
+	}
+
+	switch val := v.(type) {
+	case string:
+		// Check if it's a valid UUID format
+		if matched, _ := regexp.MatchString(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`, strings.ToLower(val)); matched {
+			return QuoteLiteral(val)
+		}
+		return QuoteLiteral(val)
+	case int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
+		return fmt.Sprintf("%v", val)
+	case float32, float64:
+		return fmt.Sprintf("%v", val)
+	case bool:
+		if val {
+			return "TRUE"
+		}
+		return "FALSE"
+	default:
+		// For unknown types, convert to string and escape
+		return QuoteLiteral(fmt.Sprintf("%v", val))
+	}
+}
+
+// BuildWhereClause safely builds a WHERE clause from conditions
+// conditions is a map of column names to values (uses = operator)
+// Returns empty string if no conditions provided
+func BuildWhereClause(conditions map[string]any) (string, error) {
+	if len(conditions) == 0 {
+		return "", nil
+	}
+
+	var clauses []string
+	keys := make([]string, 0, len(conditions))
+	for k := range conditions {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	for _, col := range keys {
+		if err := ValidateIdent(col); err != nil {
+			return "", fmt.Errorf("invalid column identifier in WHERE clause: %s", col)
+		}
+		value := conditions[col]
+		if value == nil {
+			clauses = append(clauses, fmt.Sprintf("%s IS NULL", QuoteIdent(col)))
+		} else {
+			clauses = append(clauses, fmt.Sprintf("%s = %s", QuoteIdent(col), QuoteValue(value)))
+		}
+	}
+
+	return " WHERE " + strings.Join(clauses, " AND "), nil
+}

utils/json.go

@@ -5,8 +5,8 @@ import (
 	"os"
 )
 
-func JsonToMap(j []byte) ([]map[string]any, error) {
-	var data []map[string]any
+func JsonToMap(j []byte) (map[string]any, error) {
+	var data map[string]any
 	err := json.Unmarshal(j, &data)
 	if err != nil {
 		return nil, err
@@ -14,7 +14,7 @@ func JsonToMap(j []byte) ([]map[string]any, error) {
 	return data, nil
 }
 
-func ReadJsonFileToMap(path string) ([]map[string]any, error) {
+func ReadJsonFileToMap(path string) (map[string]any, error) {
 	data, err := os.ReadFile(path)
 	if err != nil {
 		return nil, err