From c6f5e8245a5d1dbf21dc1e1e48ef562da9b402fe Mon Sep 17 00:00:00 2001
From: Pagwin <pgp2024@pagwin.xyz>
Date: Fri, 25 Apr 2025 22:42:19 -0400
Subject: [PATCH] realized I was allowing query injection to graph db for no
 reason

---
 src/server/graph.ts | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/server/graph.ts b/src/server/graph.ts
index f07f73e..33eac16 100644
--- a/src/server/graph.ts
+++ b/src/server/graph.ts
@@ -74,18 +74,19 @@ async function stops_json_node_import(
           n.originalId = $originalId,
           n.latitude = $lat,
           n.longitude = $lng,
-          n.source = '${provider}'
+          n.source = $provider
         ON MATCH SET
           n.originalId = $originalId,
           n.latitude = $lat,
           n.longitude = $lng,
-          n.source = '${provider}'
+          n.source = $provider
         `,
       {
         id: `${provider}_${node.id}`,
         originalId: node.id,
         lat: node.lat,
         lng: node.lng,
+        provider,
       },
     );
   }
@@ -116,14 +117,14 @@ async function stops_gtfs_node_import(
           s.longitude = $lng,
           s.url = $url,
           s.originalId = $originalId,
-          s.source = '${provider}'
+          s.source = $provider
         ON MATCH SET
           s.name = $name,
           s.latitude = $lat,
           s.longitude = $lng,
           s.url = $url,
           s.originalId = $originalId,
-          s.source = '${provider}'
+          s.source = $provider
         `,
       {
         id: `${provider}_` + stop.stop_id,
@@ -135,6 +136,7 @@ async function stops_gtfs_node_import(
         parentStation: stop.parent_station || null,
         zoneId: stop.zone_id || null,
         url: stop.stop_url || null,
+        provider,
       },
     );
   }