From 903a7dd869c9856100a0927c05d26b89bc389e91 Mon Sep 17 00:00:00 2001
From: "Jill \"oatmealine\" Monoids" <oatmealine@disroot.org>
Date: Mon, 2 Jan 2023 17:06:32 +0300
Subject: [PATCH] make search queries & level id lookups work

---
 src/endpoints/levels/getLevels.cr | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/endpoints/levels/getLevels.cr b/src/endpoints/levels/getLevels.cr
index 6f14485..5dffe1c 100644
--- a/src/endpoints/levels/getLevels.cr
+++ b/src/endpoints/levels/getLevels.cr
@@ -19,6 +19,16 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String {
 
   searchQuery = params["str"]? || ""
 
+  if searchQuery != ""
+    if searchQuery.to_i?
+      queryParams << "levels.id = #{searchQuery.to_i}"
+    else
+      # no sql injections to see here; clean_char only leaves A-Za-z0-9 intact
+      # todo: make this configurable w/ fuzzy search
+      queryParams << "levels.name like \"#{Clean.clean_char(searchQuery)}%\""
+    end
+  end
+
   # filters
   if params["featured"]? == "1"
     queryParams << "featured = 1"
@@ -132,8 +142,6 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String {
     # todo
   end
 
-  # todo: search query
-
   where_str = "where (#{queryParams.join(") and (")})"
   # todo: switch join users to left join to avoid losing levels to the shadow realm after a user vanishes
   query_base = "from levels join users on levels.user_id = users.id left join map_pack_links on map_pack_links.level_id = levels.id #{where_str} order by #{order}"