major claude changes

app/search/views.py

@@ -1,3 +1,4 @@
+import logging
 from flask import request, jsonify
 
 from app.search import search
@@ -5,16 +6,27 @@ from app import db
 from sqlalchemy import or_
 from app.classes.customer import Customer_Customer, Customer_Customer_schema
 from app.classes.delivery import Delivery_Delivery, Delivery_Delivery_schema
+from flask_login import login_required
+
+logger = logging.getLogger(__name__)
+
+
+def escape_like(value: str) -> str:
+    """Escape special LIKE characters to prevent LIKE injection."""
+    if value is None:
+        return ""
+    return value.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_")
 
 
 @search.route("/customer", methods=["GET"])
+@login_required
 def search_customers():
     """
 
     """
-
     keyword = request.args.get('q')
-    search = "%{}%".format(keyword)
+    logger.info(f"GET /search/customer - Searching customers with keyword: {keyword}")
+    search = "%{}%".format(escape_like(keyword))
     search_type = (search[1])
     search = search.replace("!", "")
     search = search.replace("#", "")
@@ -66,12 +78,14 @@ def search_customers():
 
 
 @search.route("/delivery", methods=["GET"])
+@login_required
 def search_delivery():
     """
     pagination all customers
     """
     keyword = request.args.get('q')
-    search = "%{}%".format(keyword)
+    logger.info(f"GET /search/delivery - Searching deliveries with keyword: {keyword}")
+    search = "%{}%".format(escape_like(keyword))
     search_type = (search[1])
 
     delivery_ticket = (db.session