Add Reef Check entities #1052
Add Reef Check entities #1052
Conversation
| @ApiProperty() | ||
| @VirtualColumn({ | ||
| query: (survey) => ` | ||
| SELECT satellite_temperature | ||
| FROM daily_data | ||
| WHERE DATE(daily_data.date) = DATE(${survey}.date) | ||
| AND daily_data.site_id = ${survey}.site_id | ||
| LIMIT 1 | ||
| `, | ||
| }) | ||
| satelliteTemperature: string; |
There was a problem hiding this comment.
This is based on surveys service
aqualink-app/packages/api/src/surveys/surveys.service.ts
Lines 247 to 252 in 343573b
@ericboucher please verify whether this is the right way to compute the satellite temperature.
There was a problem hiding this comment.
So ultimately we are pulling data from daily_data ? I think that's correct but it also means that we need to update the daily data table for all the site/survey date combos
There was a problem hiding this comment.
As it would be quite inefficient to load all past data for all sites
There was a problem hiding this comment.
Indeed that would require to add the daily_data entry for the date of the survey
![pullrequest[bot]](https://avatars.githubusercontent.com/in/3434?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ This pull request was sent to the PullRequest network for review. Expert reviewers are now being matched to your request based on the code's requirements. Stay tuned!
What to expect from this code review:
- Comments posted to any areas of potential concern or improvement.
- Detailed feedback or actions needed to resolve issues that are found.
- Turnaround times vary, but we aim to be swift.
@K-Markopoulos you can click here to see the review status or cancel the code review job.
There was a problem hiding this comment.
PullRequest Breakdown
Reviewable lines of change
+ 1,453
- 4
99% TypeScript
1% JSON
<1% MarkdownGenerated lines of change
+ 10
- 84
Type of change
Feature - These changes are adding a new feature or improvement to existing code.
| 1 Message | |
|---|---|
| Due to its size, this pull request will likely have a little longer turnaround time and will probably require multiple passes from our reviewers. |
There was a problem hiding this comment.
Nice work here. I noticed just one issue noted inline for your consideration.
Reviewed with ❤️ by PullRequest
| query: (survey) => ` | ||
| SELECT satellite_temperature | ||
| FROM daily_data | ||
| WHERE DATE(daily_data.date) = DATE(${survey}.date) |
There was a problem hiding this comment.
Potential SQL injection vulnerability. I'd recommend applying validation on survey within this function to guard against this, even if this is not vulnerable today, but future refactors could inadvertently introduce this. Having this function check that the survey matches a regex is good security practice.
🔺 Vulnerability (Error)
There was a problem hiding this comment.
Thanks for the feedback on this. Based on the VirtualColumn description, the survey var is not user specified/input and it seems to be an alias to the entity name, therefore I think It's unlikely to cause an sql injection. As I understand it, an SQL injection is possible if someone renames the class to match the injection string, but even that would probably be invalid syntax.
That said, are you still concerned about this change? Should we sanitize the value before using it or simply hardcode the alias?
| @@ -0,0 +1,700 @@ | |||
| /* eslint-disable fp/no-mutating-methods */ | |||
There was a problem hiding this comment.
Let's add a bit more comments in this file to make sure we will know how to adapt it and run it again with new data (and/or overlapping data).
|
Great work, let's add comments and also expand the README to make a note of this addition |
Integrate provided Reef Check Data into Aqualink.
ReefCheckSite,ReefCheckSurvey,ReefCheckOrganism,ReefCheckSubstrate