liatrio · mitchell-liatrio · May 23, 2024
diff --git a/src/main/java/com/liatrio/dojo/devopsknowledgeshareapi/PostController.java b/src/main/java/com/liatrio/dojo/devopsknowledgeshareapi/PostController.java
@@ -21,19 +21,33 @@
 
     @GetMapping("/posts")
     public Collection<Post> posts() {
-        log.info("{}: recieved a GET request", deploymentType);
+        log.info("{}: received a GET request", deploymentType);
         return repository.findAll().stream().collect(Collectors.toList());
     }
 
     @PostMapping("/posts")
     public Post post(@RequestBody Post post, HttpServletResponse resp) {
-        log.info("{}: recieved a POST request", deploymentType);
+        log.info("{}: received a POST request", deploymentType);
         return repository.save(post);
     }
 
     @DeleteMapping("/posts/{id}")
     public void deletePost(@PathVariable("id") String id) {
-        log.info("{}: recieved a DELETE request", deploymentType);
+        log.info("{}: received a DELETE request", deploymentType);
         repository.deleteById(Long.parseLong(id));
     }
+
+    @GetMapping("/posts/{id}")
+    public Post getPostById(@PathVariable("id") String id) {
+        log.info("{}: received a GET request for post with id {}", deploymentType, id);
+        return repository.findById(Long.parseLong(id)).orElse(null);
+    }
+
+    @GetMapping("/posts/search")
+    public Collection<Post> searchPosts(@RequestParam("query") String query) {
+        log.info("{}: received a GET request to search posts with query: {}", deploymentType, query);
+        // WARNING: This code is vulnerable to SQL injection
+        String sql = "SELECT * FROM posts WHERE title LIKE '%" + query + "%'";
+        return repository.search(sql);
+    }
 }