From 4b4246fafa106c808bb8362a5fe149b831186a49 Mon Sep 17 00:00:00 2001
From: Bryce Covert <bryce@pelo.tech>
Date: Fri, 29 Apr 2022 11:24:09 -0700
Subject: [PATCH] cleanses user's queries.

---
 src/clj/auto_ap/graphql/accounts.clj |  4 +++-
 src/clj/auto_ap/graphql/utils.clj    | 11 +++++++++++
 src/clj/auto_ap/graphql/vendors.clj  |  9 +++++----
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/clj/auto_ap/graphql/accounts.clj b/src/clj/auto_ap/graphql/accounts.clj
index d0d364d0..df41f850 100644
--- a/src/clj/auto_ap/graphql/accounts.clj
+++ b/src/clj/auto_ap/graphql/accounts.clj
@@ -5,6 +5,7 @@
    [auto-ap.graphql.utils
     :refer [->graphql
             <-graphql
+            cleanse-query
             assert-admin
             assert-can-see-client
             enum->keyword
@@ -66,7 +67,8 @@
 (defn search [context {query :query client :client_id} _]
   (when client
     (assert-can-see-client (:id context) client))
-  (let [num (some-> (re-find #"([0-9]+)" query)
+  (let [query (cleanse-query query)
+        num (some-> (re-find #"([0-9]+)" query)
                     second
                     (not-empty )
                     Integer/parseInt)]
diff --git a/src/clj/auto_ap/graphql/utils.clj b/src/clj/auto_ap/graphql/utils.clj
index 1cf7ddf3..4e0422ec 100644
--- a/src/clj/auto_ap/graphql/utils.clj
+++ b/src/clj/auto_ap/graphql/utils.clj
@@ -123,3 +123,14 @@
 (defn assert-none-locked [client-id dates]
   (doseq [d dates]
     (assert-not-locked client-id d)))
+
+(defn cleanse-query [q]
+  (let [parts (-> q
+               (str/replace #"[\[\]\+\*]" "")
+               (str/split #"\s+"))
+        exacts (butlast parts)
+        partial (last parts)]
+    (as-> exacts e
+         (mapv #(str "+" %) e)
+         (conj e (str partial "*"))
+         (str/join " " e))))
diff --git a/src/clj/auto_ap/graphql/vendors.clj b/src/clj/auto_ap/graphql/vendors.clj
index 10bb3849..2a4454bb 100644
--- a/src/clj/auto_ap/graphql/vendors.clj
+++ b/src/clj/auto_ap/graphql/vendors.clj
@@ -5,6 +5,7 @@
    [auto-ap.graphql.utils
     :refer [->graphql
             <-graphql
+            cleanse-query
             assert-admin
             assert-failure
             enum->keyword
@@ -148,19 +149,19 @@
                                  (:id args))))
 
 (defn search [context args _]
-  (let [data (if (is-admin? (:id context))
+  (let [search-query (cleanse-query (:query args))
+        data (if (is-admin? (:id context))
                (d/q '[:find ?n ?i ?s
                       :in $ ?q
                       :where [(fulltext $ :vendor/search-terms ?q) [[?i ?n _ ?s]]]]
                     (d/db conn)
-                    (:query args))
+                    search-query)
                (d/q '[:find ?n ?i ?s
                       :in $ ?q
                       :where [(fulltext $ :vendor/search-terms ?q) [[?i ?n _ ?s]]]
                       (not [?i :vendor/hidden true])]
                     (d/db conn)
-                    (:query args)))]
-    
+                    search-query))]
     (->> data
          (sort-by (comp - last))
          (map (fn [[n i]]