Enhance pagination and search functionality for nodes in JSON endpoints

[zhuoyuan-liu]

#635

This PR:

• Implemented paginated retrieval of nodes by environment with target filters.
• Added counting methods for total nodes and filtered search results.
• Updated front-end to forward ordering parameters for server-side handling.

For now, the query speed is about 10,000× faster than before with 10K nodes, and we can clearly see changes in both the database queries and the request URLs

[2.572ms] [rows:25] SELECT * FROM "osquery_nodes" WHERE environment = 'dev' AND "osquery_nodes"."deleted_at" IS NULL ORDER BY last_seen DESC LIMIT 25

[Copilot]

Pull Request Overview

This PR implements server-side pagination and search functionality for node management endpoints to improve performance with large datasets. The implementation includes paginated node retrieval, counting methods for accurate pagination metadata, and client-side ordering parameter forwarding.

• Added server-side pagination with LIMIT/OFFSET queries instead of loading all nodes into memory
• Implemented separate counting methods for total and filtered node counts
• Updated frontend to pass DataTables ordering parameters to the backend

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
pkg/nodes/nodes.go	Added paginated retrieval methods with ordering and counting functionality
cmd/admin/handlers/json-nodes.go	Updated handler to use paginated queries and process ordering parameters
cmd/admin/templates/table.html	Modified frontend to forward DataTables ordering parameters to server

Comments suppressed due to low confidence (2)

cmd/admin/handlers/json-nodes.go:1

• The orderBy parameter is directly concatenated into the SQL ORDER BY clause without validation. This could potentially lead to SQL injection if the mapDTColumnToDB function doesn't properly sanitize all possible inputs. Consider using a whitelist validation or GORM's safe ordering methods.

package handlers

cmd/admin/handlers/json-nodes.go:1

• The orderBy parameter is directly concatenated into the SQL ORDER BY clause without validation. This could potentially lead to SQL injection if the mapDTColumnToDB function doesn't properly sanitize all possible inputs. Consider using a whitelist validation or GORM's safe ordering methods.

package handlers

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The limit validation logic is duplicated between GetByEnvPage and SearchByEnvPage methods. Consider extracting this into a helper function to avoid code duplication.

[Copilot]

The complex search query with multiple LIKE conditions is duplicated between SearchByEnvPage and CountSearchByEnv. Consider extracting this query building logic into a helper method to ensure consistency and maintainability.

[Copilot]

The complex search query with multiple LIKE conditions is duplicated between SearchByEnvPage and CountSearchByEnv. Consider extracting this query building logic into a helper method to ensure consistency and maintainability.