From 0c72ee6b1d88cbff2b57223b349cc9d581ad400a Mon Sep 17 00:00:00 2001
From: rijkvanzanten <rijkvanzanten@me.com>
Date: Thu, 12 Nov 2020 14:12:05 -0500
Subject: [PATCH] Fix deep filters in app, fix current-user/current-role in
 filters

---
 api/src/app.ts                                     |  8 ++++----
 api/src/utils/validate-query.ts                    |  2 ++
 app/src/utils/filters-to-query/filters-to-query.ts | 13 ++++++++++++-
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/api/src/app.ts b/api/src/app.ts
index 1888c788ad..9a51a1f274 100644
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -112,6 +112,10 @@ export default async function createApp() {
 		app.use(rateLimiter);
 	}
 
+	app.use(authenticate);
+
+	app.use(checkIP);
+
 	app.use(sanitizeQuery);
 
 	app.use(cache);
@@ -120,10 +124,6 @@ export default async function createApp() {
 
 	app.use('/auth', authRouter);
 
-	app.use(authenticate);
-
-	app.use(checkIP);
-
 	app.use('/graphql', graphqlRouter);
 
 	app.use('/activity', activityRouter);
diff --git a/api/src/utils/validate-query.ts b/api/src/utils/validate-query.ts
index 9f8e617718..3c8cee42ff 100644
--- a/api/src/utils/validate-query.ts
+++ b/api/src/utils/validate-query.ts
@@ -42,6 +42,8 @@ function validateFilter(filter: Query['filter']) {
 	for (let [key, nested] of Object.entries(filter)) {
 		if (key === '_and' || key === '_or') {
 			nested.forEach(validateFilter);
+		} else if (isPlainObject(nested)) {
+			validateFilter(nested);
 		} else if (key.startsWith('_')) {
 			const value = nested;
 
diff --git a/app/src/utils/filters-to-query/filters-to-query.ts b/app/src/utils/filters-to-query/filters-to-query.ts
index e71871dc7a..a8f1f15de6 100644
--- a/app/src/utils/filters-to-query/filters-to-query.ts
+++ b/app/src/utils/filters-to-query/filters-to-query.ts
@@ -13,7 +13,18 @@ export default function filtersToQuery(filters: readonly Filter[]) {
 
 		if (!value) continue;
 
-		filterList.push({ [field]: { [`_${operator}`]: value } });
+		if (field.includes('.')) {
+			let filter: Record<string, any> = { [`_${operator}`]: value };
+			const path = field.split('.');
+
+			for (const field of path.reverse()) {
+				filter = { [field]: filter };
+			}
+
+			filterList.push(filter);
+		} else {
+			filterList.push({ [field]: { [`_${operator}`]: value } });
+		}
 	}
 
 	let filterQuery: Record<string, any> = {};