From 40500e6eda16116157690cf51d96255bc7a8f8ad Mon Sep 17 00:00:00 2001
From: Denis Bykhov <80476319+BykhovDenis@users.noreply.github.com>
Date: Wed, 22 Dec 2021 15:21:15 +0600
Subject: [PATCH] Elastic search query escaping (#706)

Signed-off-by: Denis Bykhov <80476319+BykhovDenis@users.noreply.github.com>
---
 server/core/src/fulltext.ts                  | 1 +
 server/core/src/storage.ts                   | 2 +-
 server/core/src/types.ts                     | 7 +------
 server/elastic/src/__tests__/adapter.test.ts | 2 +-
 server/elastic/src/adapter.ts                | 7 ++++---
 5 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/server/core/src/fulltext.ts b/server/core/src/fulltext.ts
index 80516f01f4..54c26c25ba 100644
--- a/server/core/src/fulltext.ts
+++ b/server/core/src/fulltext.ts
@@ -116,6 +116,7 @@ export class FullTextIndex implements WithFind {
   ): Promise<FindResult<T>> {
     console.log('search', query)
     const { _id, $search, ...mainQuery } = query
+    if ($search === undefined) return []
     const docs = await this.adapter.search($search)
     console.log(docs)
     const ids: Ref<Doc>[] = []
diff --git a/server/core/src/storage.ts b/server/core/src/storage.ts
index 1838e4bc61..3047132485 100644
--- a/server/core/src/storage.ts
+++ b/server/core/src/storage.ts
@@ -164,7 +164,7 @@ class TServerStorage implements ServerStorage {
   ): Promise<FindResult<T>> {
     return await ctx.with('find-all', {}, (ctx) => {
       const domain = this.hierarchy.getDomain(clazz)
-      if (Object.keys(query)[0] === '$search') {
+      if (query.$search !== undefined && query.$search.length > 0) {
         return ctx.with('full-text-find-all', {}, (ctx) => this.fulltext.findAll(ctx, clazz, query, options))
       }
       return ctx.with('db-find-all', { _class: clazz, domain }, () =>
diff --git a/server/core/src/types.ts b/server/core/src/types.ts
index a65a64f60b..74a6221782 100644
--- a/server/core/src/types.ts
+++ b/server/core/src/types.ts
@@ -58,18 +58,13 @@ export interface IndexedDoc {
   data?: string
 }
 
-/**
- * @public
- */
-export type SearchQuery = any // TODO: replace with DocumentQuery
-
 /**
  * @public
  */
 export interface FullTextAdapter {
   index: (doc: IndexedDoc) => Promise<TxResult>
   update: (id: Ref<Doc>, update: Record<string, any>) => Promise<TxResult>
-  search: (query: SearchQuery) => Promise<IndexedDoc[]>
+  search: (search: string) => Promise<IndexedDoc[]>
 }
 
 /**
diff --git a/server/elastic/src/__tests__/adapter.test.ts b/server/elastic/src/__tests__/adapter.test.ts
index d72b9d7b57..eb31f9520d 100644
--- a/server/elastic/src/__tests__/adapter.test.ts
+++ b/server/elastic/src/__tests__/adapter.test.ts
@@ -30,7 +30,7 @@ describe('client', () => {
       content0: 'hey there!'
     }
     await adapter.index(doc)
-    const hits = await adapter.search({})
+    const hits = await adapter.search('')
     console.log(hits)
   })
 
diff --git a/server/elastic/src/adapter.ts b/server/elastic/src/adapter.ts
index e701e1092d..1a35c45eaf 100644
--- a/server/elastic/src/adapter.ts
+++ b/server/elastic/src/adapter.ts
@@ -15,7 +15,7 @@
 //
 
 import type { Doc, Ref, TxResult } from '@anticrm/core'
-import type { FullTextAdapter, IndexedDoc, SearchQuery } from '@anticrm/server-core'
+import type { FullTextAdapter, IndexedDoc } from '@anticrm/server-core'
 
 import { Client } from '@elastic/elasticsearch'
 
@@ -27,15 +27,16 @@ class ElasticAdapter implements FullTextAdapter {
   }
 
   async search (
-    query: SearchQuery
+    search: string
   ): Promise<IndexedDoc[]> {
+    const query = search.replace(/[\\/+\-=&><!()|{}^"~*&:[\]]/g, '\\$&')
     try {
       const result = await this.client.search({
         index: this.db,
         body: {
           query: {
             multi_match: {
-              query: query.$search,
+              query: query,
               fields: [
                 'content0',
                 'content1',