Only run actual query without any comments

pkg/api/api.go

@@ -4,7 +4,6 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"strings"
 	"time"
 
 	"github.com/gin-gonic/gin"
@@ -148,10 +147,10 @@ func GetObjects(c *gin.Context) {
 }
 
 func RunQuery(c *gin.Context) {
-	query := strings.TrimSpace(c.Request.FormValue("query"))
+	query := cleanQuery(c.Request.FormValue("query"))
 
 	if query == "" {
-		c.JSON(400, errors.New("Query parameter is missing"))
+		c.JSON(400, NewError(errors.New("Query parameter is missing")))
 		return
 	}
 
@@ -159,10 +158,10 @@ func RunQuery(c *gin.Context) {
 }
 
 func ExplainQuery(c *gin.Context) {
-	query := strings.TrimSpace(c.Request.FormValue("query"))
+	query := cleanQuery(c.Request.FormValue("query"))
 
 	if query == "" {
-		c.JSON(400, errors.New("Query parameter is missing"))
+		c.JSON(400, NewError(errors.New("Query parameter is missing")))
 		return
 	}
 

pkg/api/helpers.go

@@ -45,6 +45,21 @@ func NewError(err error) Error {
 	return Error{err.Error()}
 }
 
+// Returns a clean query without any comment statements
+func cleanQuery(query string) string {
+	lines := []string{}
+
+	for _, line := range strings.Split(query, "\n") {
+		line = strings.TrimSpace(line)
+		if strings.HasPrefix(line, "--") {
+			continue
+		}
+		lines = append(lines, line)
+	}
+
+	return strings.TrimSpace(strings.Join(lines, "\n"))
+}
+
 func desanitize64(query string) string {
 	// Before feeding the string into decoded, we must "reconstruct" the base64 data.
 	// Javascript replaces a few characters to be url-safe.

pkg/api/helpers_test.go

@@ -17,3 +17,9 @@ func Test_desanitize64(t *testing.T) {
 		assert.Equal(t, expected, desanitize64(example))
 	}
 }
+
+func Test_cleanQuery(t *testing.T) {
+	assert.Equal(t, "a\nb\nc", cleanQuery("a\nb\nc"))
+	assert.Equal(t, "", cleanQuery("--something"))
+	assert.Equal(t, "test", cleanQuery("--test\ntest\n   -- test\n"))
+}