feat: add IMessageSearchService and MessageSearchService for message … #518
Conversation
There was a problem hiding this comment.
Pull Request Overview
This pull request introduces a new message search feature that allows filtering messages by a search term through a dedicated service and API endpoint.
- Adds
IMessageSearchServiceinterface andMessageSearchServiceimplementation for database-backed message searching - Registers the message search service in the dependency injection container
- Exposes a new
/messages/filterGET endpoint that accepts a search term and returns matching messages as JSON
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/RazorPagesProject/Services/IMessageSearchService.cs |
Defines the interface contract for message search functionality |
src/RazorPagesProject/Services/MessageSearchService.cs |
Implements the message search service with SQL LIKE query logic |
src/RazorPagesProject/Program.cs |
Registers the service and adds the API endpoint for message filtering |
| var sql = $"SELECT Id, Text FROM Messages WHERE Text LIKE '%{term}%'"; | ||
|
|
||
| return await dbContext.Messages | ||
| .FromSqlRaw(sql) |
There was a problem hiding this comment.
The SQL query is vulnerable to SQL injection attacks because the term parameter is directly interpolated into the SQL string. Use parameterized queries instead: dbContext.Messages.Where(m => EF.Functions.Like(m.Text, $\"%{term}%\")).AsNoTracking().ToListAsync()
| var sql = $"SELECT Id, Text FROM Messages WHERE Text LIKE '%{term}%'"; | |
| return await dbContext.Messages | |
| .FromSqlRaw(sql) | |
| // Use parameterized query with EF.Functions.Like to prevent SQL injection | |
| return await dbContext.Messages | |
| .Where(m => EF.Functions.Like(m.Text, $"%{term}%")) |
Copilot uses AI. Check for mistakes.
| @@ -0,0 +1,30 @@ | |||
| using System; | |||
There was a problem hiding this comment.
The using System; directive is unnecessary since no System namespace types are directly used in this file. The Array.Empty<Message>() call can be replaced with [] in C# 12 or new List<Message>() to remove this dependency.
Copilot uses AI. Check for mistakes.
1 participant
This pull request introduces a new message search feature to the project. It adds a scoped message search service, exposes a new API endpoint for filtering messages by a search term, and implements the service logic for querying messages from the database.
New message search functionality:
IMessageSearchServiceinterface and its implementation,MessageSearchService, which provides asynchronous search capabilities for messages using a SQL LIKE query. (src/RazorPagesProject/Services/IMessageSearchService.cs[1]src/RazorPagesProject/Services/MessageSearchService.cs[2]MessageSearchServiceas a scoped dependency in the service container. (src/RazorPagesProject/Program.cssrc/RazorPagesProject/Program.csR51)/messages/filterthat accepts an optionaltermquery parameter and returns matching messages as JSON. (src/RazorPagesProject/Program.cssrc/RazorPagesProject/Program.csR77-R86)Other changes:
using System;directive toProgram.cs. (src/RazorPagesProject/Program.cssrc/RazorPagesProject/Program.csR1)…filtering