feat: add filter_by parameter to conversation search with variables s…#801
Open
ViaSocket-Git wants to merge 1 commit intotestingfrom
Open
feat: add filter_by parameter to conversation search with variables s…#801ViaSocket-Git wants to merge 1 commit intotestingfrom
ViaSocket-Git wants to merge 1 commit intotestingfrom
Conversation
![windsurf-bot[bot]](https://avatars.githubusercontent.com/in/1066231?s=60&v=4){kind=small}
Comment on lines
+115
to
+117
| Sequelize.literal( | ||
| `EXISTS (SELECT 1 FROM jsonb_each_text("conversation_logs"."variables") AS kv WHERE kv.value ILIKE '%${escapedKeyword}%')` | ||
| ) |
Contributor
There was a problem hiding this comment.
The SQL query is vulnerable to SQL injection. Even though you're escaping single quotes with replace(/'/g, "''"), this is not sufficient protection. Consider using parameterized queries with Sequelize's built-in mechanisms instead of string interpolation in Sequelize.literal().
Suggested change
| Sequelize.literal( | |
| `EXISTS (SELECT 1 FROM jsonb_each_text("conversation_logs"."variables") AS kv WHERE kv.value ILIKE '%${escapedKeyword}%')` | |
| ) | |
| Sequelize.literal( | |
| 'EXISTS (SELECT 1 FROM jsonb_each_text("conversation_logs"."variables") AS kv WHERE kv.value ILIKE ?)', | |
| [`%${filters.keyword}%`] | |
| ) |
Or better yet, use Sequelize's built-in JSON operators if available for your database.
Husainbw786
reviewed
Apr 6, 2026
Collaborator
Husainbw786
left a comment
Husainbw786
left a comment
There was a problem hiding this comment.
Found 2 issues to address before merging:
- The new
jsonb_each_text(conversation_logs.variables)predicate can fail whenvariablesis NULL or not a JSON object. Please wrap it withCOALESCE(..., {}::jsonb)(and ideally guard for non-object JSON) before expanding it.\n\n2. When a search hit comes only fromvariables, the response builder still falls back tomsg.user || msg.llm_message || msg.chatbot_message, so the API does not show the matched variable value/snippet. That makesfilter_by=variableslook broken from the client side even though the SQL matched a row. Consider extracting the matched variable text (or at least returning an explicitmatched_in: "variables").\n\nOptional optimization:formattedThreads.forEach(... matchedMessages.filter(...))is O(T*M). GroupmatchedMessagesbythread_idonce before the loop to reduce repeated scans.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…upport