package validator

import (
	"regexp"
	"strings"

	"github.com/go-playground/validator/v10"
)

// This allows just one order by
func validateSqlOrderBy(fl validator.FieldLevel) bool {
	// ensure ORDER BY query section is valid
	// only letters and numbers
	// this will prevent the sql injection test from sending an error
	// because it sets the ORDER BY of a query to
	// "CASE WHEN (‘1’=’1’) THEN vin ELSE year END asc"
	strings := strings.Split(fl.Field().String(), " ")
	ex := regexp.MustCompile(`^[a-zA-Z0-9_]*$`)
	for _, val := range strings {
		ok := ex.MatchString(val)
		if !ok {
			return false
		}
	}

	return true
}