Whenever I execute the following endpoint I get an ID type error.
Request GET /lists/45 failed with status code 500. error: invalid input syntax for type uuid: "45"
The problematic endpoint:
// @get('/blabla/{color}', { //---> Works!
@get('/lists/{color}', { //---> Error!
responses: {
'200': {
description: 'Query all lists by color',
},
},
})
async getListByColor(@param.path.string('color') color: number): Promise<number> {
return this.listsRepository.dataSource.execute("SELECT * FROM public.lists as li WHERE li.color = " + color);
}
The other endpoint works fine:
@get('/lists/{id}', {
responses: {
'200': {
description: 'Lists model instance',
content: {
'application/json': {
schema: getModelSchemaRef(Lists, {includeRelations: true}),
},
},
},
},
})
async findById(
@param.path.string('id') id: string,
@param.filter(Lists, {exclude: 'where'}) filter?: FilterExcludingWhere<Lists>
): Promise<Lists> {
return this.listsRepository.findById(id, filter);
}
The 2 endpoints, /lists/{color} and /lists/{id} are indistinguishable for the REST Router as both paths would resolve to /lists/{an arbitrary string}.
Hence, the Router may be routing the traffic to the wrong endpoint that requires a UUID-datatype id. Hence, the database engine-level error.
Please also be aware that the first example is susceptible to an SQL injection attack. Please consider using Parameterized SQL instead.