Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openclaw/apps/web/app/api/workspace/execute/route.ts

42 lines
1.0 KiB
TypeScript
Raw Normal View History

feat(apps): expand platform API with objects, chat, store, cron, and webhooks Enables apps to access the full DenchClaw platform — CRUD on workspace objects, AI chat with streaming, inter-app messaging, KV store, HTTP proxy, webhooks, cron scheduling, and widget display mode.
2026-03-17 14:42:01 -07:00
import { duckdbQueryAsync } from "@/lib/workspace";
export const dynamic = "force-dynamic";
export const runtime = "nodejs";
const BLOCKED_PATTERN =
/^\s*(DROP\s+DATABASE|ATTACH|DETACH|COPY|EXPORT|INSTALL|LOAD|PRAGMA|\.)/i;
export async function POST(req: Request) {
let body: { sql?: string };
try {
body = await req.json();
} catch {
return Response.json({ error: "Invalid JSON body" }, { status: 400 });
}
const { sql } = body;
if (!sql || typeof sql !== "string") {
return Response.json(
{ error: "Missing 'sql' field in request body" },
{ status: 400 },
);
}
if (BLOCKED_PATTERN.test(sql)) {
return Response.json(
{ error: "This SQL statement is not allowed" },
{ status: 403 },
);
}
try {
const rows = await duckdbQueryAsync(sql);
return Response.json({ rows: rows ?? [], ok: true });
} catch (err) {
return Response.json(
{ error: err instanceof Error ? err.message : "Query failed" },
{ status: 500 },
);
}
}
Reference in New Issue Copy Permalink