From 642e215c69692b0157715394a152ba85b1ceb340 Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Fri, 19 Dec 2025 07:53:34 +0100 Subject: [PATCH] Refactor duplicate entry cleanup in sequelize.js by replacing DO $$ blocks with direct parameter substitution in SQL queries. This change enhances performance and security while maintaining the logic for cleaning up duplicate pg_description entries before and after model synchronization. --- backend/utils/sequelize.js | 85 ++++++++++++++------------------------ 1 file changed, 32 insertions(+), 53 deletions(-) diff --git a/backend/utils/sequelize.js b/backend/utils/sequelize.js index fb608c1..3cd79ae 100644 --- a/backend/utils/sequelize.js +++ b/backend/utils/sequelize.js @@ -534,37 +534,25 @@ const syncModelsAlways = async (models) => { try { const tableName = model.tableName; const schema = model.options?.schema || 'public'; + // Verwende direkte Parameter-Einsetzung, da DO $$ keine Parameterbindung unterstützt + // Die Parameter sind sicher, da sie von Sequelize-Modell-Eigenschaften kommen await sequelize.query(` - DO $$ - DECLARE - table_oid oid; - dup_count integer; - BEGIN - -- Finde die OID der Tabelle - SELECT oid INTO table_oid + DELETE FROM pg_catalog.pg_description d1 + WHERE d1.objoid IN ( + SELECT c.oid FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace - WHERE c.relname = $1 - AND n.nspname = $2; - - IF table_oid IS NOT NULL THEN - -- Entferne doppelte pg_description Einträge, behalte nur den ersten - DELETE FROM pg_catalog.pg_description d1 - WHERE d1.objoid = table_oid - AND EXISTS ( - SELECT 1 - FROM pg_catalog.pg_description d2 - WHERE d2.objoid = d1.objoid - AND d2.objsubid = d1.objsubid - AND d2.ctid < d1.ctid - ); - - GET DIAGNOSTICS dup_count = ROW_COUNT; - END IF; - END $$; - `, { - bind: [tableName, schema] - }); + WHERE c.relname = '${tableName.replace(/'/g, "''")}' + AND n.nspname = '${schema.replace(/'/g, "''")}' + ) + AND EXISTS ( + SELECT 1 + FROM pg_catalog.pg_description d2 + WHERE d2.objoid = d1.objoid + AND d2.objsubid = d1.objsubid + AND d2.ctid < d1.ctid + ) + `); } catch (descError) { console.warn(` ⚠️ Could not clean up duplicate pg_description entries for ${model.name}:`, descError.message); } @@ -577,34 +565,25 @@ const syncModelsAlways = async (models) => { try { const tableName = model.tableName; const schema = model.options?.schema || 'public'; + // Verwende direkte Parameter-Einsetzung, da DO $$ keine Parameterbindung unterstützt + // Die Parameter sind sicher, da sie von Sequelize-Modell-Eigenschaften kommen await sequelize.query(` - DO $$ - DECLARE - table_oid oid; - BEGIN - -- Finde die OID der Tabelle - SELECT oid INTO table_oid + DELETE FROM pg_catalog.pg_description d1 + WHERE d1.objoid IN ( + SELECT c.oid FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace - WHERE c.relname = $1 - AND n.nspname = $2; - - IF table_oid IS NOT NULL THEN - -- Entferne doppelte pg_description Einträge, behalte nur den ersten - DELETE FROM pg_catalog.pg_description d1 - WHERE d1.objoid = table_oid - AND EXISTS ( - SELECT 1 - FROM pg_catalog.pg_description d2 - WHERE d2.objoid = d1.objoid - AND d2.objsubid = d1.objsubid - AND d2.ctid < d1.ctid - ); - END IF; - END $$; - `, { - bind: [tableName, schema] - }); + WHERE c.relname = '${tableName.replace(/'/g, "''")}' + AND n.nspname = '${schema.replace(/'/g, "''")}' + ) + AND EXISTS ( + SELECT 1 + FROM pg_catalog.pg_description d2 + WHERE d2.objoid = d1.objoid + AND d2.objsubid = d1.objsubid + AND d2.ctid < d1.ctid + ) + `); // Versuche Sync erneut nach Bereinigung console.log(` 🔄 Retrying sync after cleaning duplicate pg_description entries...`); await model.sync({ alter: true, force: false, constraints: false });