From cc10554a32cdcbfac4584cb31f848cab087b493d Mon Sep 17 00:00:00 2001
From: Mathew Payne <geekmasher@gmail.com>
Date: Tue, 23 Aug 2022 13:04:15 +0100
Subject: [PATCH] Adding more advanced search controller

---
 .../Controllers/SearchController.java         | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 src/main/java/com/github/hackathon/advancedsecurityjava/Controllers/SearchController.java

diff --git a/src/main/java/com/github/hackathon/advancedsecurityjava/Controllers/SearchController.java b/src/main/java/com/github/hackathon/advancedsecurityjava/Controllers/SearchController.java
new file mode 100644
index 0000000..88d54d6
--- /dev/null
+++ b/src/main/java/com/github/hackathon/advancedsecurityjava/Controllers/SearchController.java
@@ -0,0 +1,50 @@
+package com.github.hackathon.advancedsecurityjava.Controllers;
+
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.github.hackathon.advancedsecurityjava.Application;
+import com.github.hackathon.advancedsecurityjava.Models.Book;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+
+@Controller
+public class SearchController {
+
+    @GetMapping("/search")
+    @ResponseBody
+    public List<Book> searchBooks(@RequestParam(name = "q", required = true) String search) {
+        List<Book> books = new ArrayList<Book>();
+
+        Application.logger.info("Search query: {}", search);
+
+        String query = "SELECT * FROM Books WHERE name LIKE '%" + search + "%' OR author LIKE '%" + search + "%'";
+        try(Connection connection = DriverManager.getConnection(Application.connectionString))
+        {
+            try (Statement statement = connection.createStatement()) {
+                ResultSet results = statement.executeQuery(query);
+
+                while (results.next()) {
+                    Book book = new Book(results.getString("name"), results.getString("author"), (results.getInt("read") == 1));
+
+                    books.add(book);
+                }
+            } catch (SQLException error) {
+                error.printStackTrace();
+            }
+        } catch (SQLException error) {
+            error.printStackTrace();
+        }
+
+        return books;
+    }
+}
\ No newline at end of file