fix:#36 fixed tests, naming, and removed old duplicated code

services/data-manager/service/db/dbEvents.go

@@ -18,6 +18,7 @@ package db
 
 import (
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/pocketbase/pocketbase/daos"
 	"github.com/pocketbase/pocketbase/tools/types"
 	"htwkalender/data-manager/model"
@@ -138,11 +139,11 @@ func buildIcalQueryForModules(modulesUuid []string) dbx.Expression {
 	// following the pattern of only containing alphanumeric characters and dashes
 
 	for _, moduleUuid := range modulesUuid {
-		if !IsSafeIdentifier(moduleUuid) {
+		err := uuid.Validate(moduleUuid)
+		if err != nil {
 			slog.Warn("Module UUID is not safe: ", "moduleUuid", moduleUuid)
 			return dbx.HashExp{}
 		}
-
 	}
 
 	// build where conditions for each module

services/data-manager/service/db/dbEvents_test.go

@@ -38,13 +38,13 @@ func Test_buildIcalQueryForModules(t *testing.T) {
 		},
 		{
 			name: "one module",
-			args: args{modules: []string{"test"}},
-			want: dbx.HashExp{"uuid": "test"},
+			args: args{modules: []string{"77eddc32-c49d-5d0a-8c36-17b266396641"}},
+			want: dbx.HashExp{"uuid": "77eddc32-c49d-5d0a-8c36-17b266396641"},
 		},
 		{
 			name: "two modules",
-			args: args{modules: []string{"test", "test2"}},
-			want: dbx.Or(dbx.HashExp{"uuid": "test"}, dbx.HashExp{"uuid": "test2"}),
+			args: args{modules: []string{"9e5081e6-4c56-57b9-9965-f6dc74559755", "48cd8c4e-fb70-595c-9dfb-7035f56326d9"}},
+			want: dbx.Or(dbx.HashExp{"uuid": "9e5081e6-4c56-57b9-9965-f6dc74559755"}, dbx.HashExp{"uuid": "48cd8c4e-fb70-595c-9dfb-7035f56326d9"}),
 		},
 	}
 	for _, tt := range tests {

services/data-manager/service/db/dbFunctions.go

@@ -19,26 +19,9 @@ package db
 import (
 	"github.com/pocketbase/pocketbase"
 	"github.com/pocketbase/pocketbase/models"
-	"log/slog"
-	"regexp"
 )
 
 func FindCollection(app *pocketbase.PocketBase, collectionName string) (*models.Collection, error) {
 	collection, dbError := app.Dao().FindCollectionByNameOrId(collectionName)
 	return collection, dbError
 }
-
-// IsSafeIdentifier check uuids against sql injection
-// uuids are generated by the system and are not user input
-// following the pattern of only containing alphanumeric characters and dashes
-func IsSafeIdentifier(uuid string) bool {
-	// Define a regular expression that matches only valid UUID characters (alphanumeric and dashes)
-	validUUIDPattern := `^[a-zA-Z0-9-]+$`
-	match, err := regexp.MatchString(validUUIDPattern, uuid)
-	if err != nil {
-		// Handle the error according to your application's needs
-		slog.Warn("Invalid UUID pattern", "uuid", uuid)
-		return false
-	}
-	return match
-}

services/data-manager/service/db/dbFunctions_test.go

@@ -1,50 +0,0 @@
-package db
-
-import "testing"
-
-func TestIsSafeIdentifier(t *testing.T) {
-	type args struct {
-		uuid string
-	}
-	tests := []struct {
-		name string
-		args args
-		want bool
-	}{
-		{
-			name: "Test safe identifier",
-			args: args{
-				uuid: "1234567890-1234567890-1234567890-1234567890",
-			},
-			want: true,
-		},
-		{
-			name: "Test safe identifier",
-			args: args{
-				uuid: "1234567890-1234567890-1234567890-1234567890",
-			},
-			want: true,
-		},
-		{
-			name: "Test safe identifier",
-			args: args{
-				uuid: "77eddc32-c49d-5d0a-8c36-17b266396641",
-			},
-			want: true,
-		},
-		{
-			name: "Test unsafe identifier",
-			args: args{
-				uuid: "77eddc32-c49d-5d0a-8c36-17/1!!b266396641-",
-			},
-			want: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := IsSafeIdentifier(tt.args.uuid); got != tt.want {
-				t.Errorf("IsSafeIdentifier() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}