New Listings view (#192)

* completing found listings

---------

Co-authored-by: Christian Kellner <Christian.Kellner1@ibm.com>

lib/services/storage/listingsStorage.js

@@ -166,3 +166,88 @@ export const storeListings = (jobId, providerId, listings) => {
     return str.replace(/\s*\([^)]*\)/g, '');
   }
 };
+
+/**
+ * Query listings with pagination, filtering and sorting.
+ *
+ * @param {Object} params
+ * @param {number} [params.pageSize=50]
+ * @param {number} [params.page=1]
+ * @param {string} [params.filter]
+ * @param {string|null} [params.sortField=null] - One of: 'created_at','price','size','provider','title'.
+ * @param {('asc'|'desc')} [params.sortDir='asc']
+ * @param {string} [params.userId] - Current user id used to scope listings (ignored for admins).
+ * @param {boolean} [params.isAdmin=false] - When true, returns all listings.
+ * @returns {{ totalNumber:number, page:number, result:Object[] }}
+ */
+export const queryListings = ({
+  pageSize = 50,
+  page = 1,
+  filter,
+  sortField = null,
+  sortDir = 'asc',
+  userId = null,
+  isAdmin = false,
+} = {}) => {
+  // sanitize inputs
+  const safePageSize = Number.isFinite(pageSize) && pageSize > 0 ? Math.min(500, Math.floor(pageSize)) : 50;
+  const safePage = Number.isFinite(page) && page > 0 ? Math.floor(page) : 1;
+  const offset = (safePage - 1) * safePageSize;
+
+  // build WHERE filter across common text columns
+  const whereParts = [];
+  const params = { limit: safePageSize, offset };
+  // user scoping (non-admin only): restrict to listings whose job belongs to user
+  if (!isAdmin) {
+    params.userId = userId || '__NO_USER__';
+    whereParts.push(`(j.user_id = @userId)`);
+  }
+  if (filter && String(filter).trim().length > 0) {
+    params.filter = `%${String(filter).trim()}%`;
+    whereParts.push(`(title LIKE @filter OR address LIKE @filter OR provider LIKE @filter OR link LIKE @filter)`);
+  }
+  const whereSql = whereParts.length ? `WHERE ${whereParts.join(' AND ')}` : '';
+  const whereSqlWithAlias = whereSql
+    .replace(/\btitle\b/g, 'l.title')
+    .replace(/\bdescription\b/g, 'l.description')
+    .replace(/\baddress\b/g, 'l.address')
+    .replace(/\bprovider\b/g, 'l.provider')
+    .replace(/\blink\b/g, 'l.link')
+    .replace(/\bj\.user_id\b/g, 'j.user_id');
+
+  // whitelist sortable fields to avoid SQL injection
+  const sortable = new Set(['created_at', 'price', 'size', 'provider', 'title', 'job_name', 'is_active']);
+  const safeSortField = sortField && sortable.has(sortField) ? sortField : null;
+  const safeSortDir = String(sortDir).toLowerCase() === 'desc' ? 'DESC' : 'ASC';
+  const orderSql = safeSortField ? `ORDER BY ${safeSortField} ${safeSortDir}` : 'ORDER BY created_at DESC';
+  const orderSqlWithAlias = orderSql
+    .replace(/\bcreated_at\b/g, 'l.created_at')
+    .replace(/\bprice\b/g, 'l.price')
+    .replace(/\bsize\b/g, 'l.size')
+    .replace(/\bprovider\b/g, 'l.provider')
+    .replace(/\btitle\b/g, 'l.title')
+    .replace(/\bjob_name\b/g, 'j.name');
+
+  // count total with same WHERE
+  const countRow = SqliteConnection.query(
+    `SELECT COUNT(1) as cnt
+     FROM listings l
+     LEFT JOIN jobs j ON j.id = l.job_id
+     ${whereSqlWithAlias}`,
+    params,
+  );
+  const totalNumber = countRow?.[0]?.cnt ?? 0;
+
+  // fetch page
+  const rows = SqliteConnection.query(
+    `SELECT l.*, j.name AS job_name
+     FROM listings l
+     LEFT JOIN jobs j ON j.id = l.job_id
+     ${whereSqlWithAlias}
+     ${orderSqlWithAlias}
+     LIMIT @limit OFFSET @offset`,
+    params,
+  );
+
+  return { totalNumber, page: safePage, result: rows };
+};