Introduce new /$DB/-/query endpoint, soft replaces /$DB?sql=... (#2363)

* Introduce new default /$DB/-/query endpoint * Fix a lot of tests * Update pyodide test to use query endpoint * Link to /fixtures/-/query in a few places * Documentation for QueryView --------- Co-authored-by: Simon Willison <swillison@gmail.com>
2025-12-10 16:51:24 +01:00 · 2024-07-15 10:33:51 -07:00 · 2024-07-15 10:33:51 -07:00 · a23c2aee00
commit a23c2aee00
parent 56adfff8d2
21 changed files with 148 additions and 83 deletions
--- a/datasette/app.py
+++ b/datasette/app.py
@ -37,7 +37,7 @@ from jinja2.exceptions import TemplateNotFound
 from .events import Event
 from .views import Context
 from .views.base import ureg
-from .views.database import database_download, DatabaseView, TableCreateView
+from .views.database import database_download, DatabaseView, TableCreateView, QueryView
 from .views.index import IndexView
 from .views.special import (
    JsonDataView,
@ -1578,6 +1578,10 @@ class Datasette:
            r"/(?P<database>[^\/\.]+)(\.(?P<format>\w+))?$",
        )
        add_route(TableCreateView.as_view(self), r"/(?P<database>[^\/\.]+)/-/create$")
+        add_route(
+            wrap_view(QueryView, self),
+            r"/(?P<database>[^\/\.]+)/-/query(\.(?P<format>\w+))?$",
+        )
        add_route(
            wrap_view(table_view, self),
            r"/(?P<database>[^\/\.]+)/(?P<table>[^\/\.]+)(\.(?P<format>\w+))?$",
--- a/datasette/templates/database.html
+++ b/datasette/templates/database.html
@ -21,7 +21,7 @@
 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}

 {% if allow_execute_sql %}
-    <form class="sql" action="{{ urls.database(database) }}" method="get">
+    <form class="sql" action="{{ urls.database(database) }}/-/query" method="get">
        <h3>Custom SQL query</h3>
        <p><textarea id="sql-editor" name="sql">{% if tables %}select * from {{ tables[0].name|escape_sqlite }}{% else %}select sqlite_version(){% endif %}</textarea></p>
        <p>
@ -36,7 +36,7 @@
        <p>The following databases are attached to this connection, and can be used for cross-database joins:</p>
        <ul class="bullets">
            {% for db_name in attached_databases %}
-                <li><strong>{{ db_name }}</strong> - <a href="?sql=select+*+from+[{{ db_name }}].sqlite_master+where+type='table'">tables</a></li>
+                <li><strong>{{ db_name }}</strong> - <a href="{{ urls.database(db_name) }}/-/query?sql=select+*+from+[{{ db_name }}].sqlite_master+where+type='table'">tables</a></li>
            {% endfor %}
        </ul>
    </div>
--- a/datasette/views/database.py
+++ b/datasette/views/database.py
@ -58,6 +58,11 @@ class DatabaseView(View):

        sql = (request.args.get("sql") or "").strip()
        if sql:
+            redirect_url = "/" + request.url_vars.get("database") + "/-/query"
+            if request.url_vars.get("format"):
+                redirect_url += "." + request.url_vars.get("format")
+            redirect_url += "?" + request.query_string
+            return Response.redirect(redirect_url)
            return await QueryView()(request, datasette)

        if format_ not in ("html", "json"):
@ -433,6 +438,8 @@ class QueryView(View):
    async def get(self, request, datasette):
        from datasette.app import TableNotFound

+        await datasette.refresh_schemas()
+
        db = await datasette.resolve_database(request)
        database = db.name

@ -686,6 +693,7 @@ class QueryView(View):
            if allow_execute_sql and is_validated_sql and ":_" not in sql:
                edit_sql_url = (
                    datasette.urls.database(database)
+                    + "/-/query"
                    + "?"
                    + urlencode(
                        {