From ebb5c4e6f7fcc69372781a94c5a136c9a41ecd24 Mon Sep 17 00:00:00 2001 From: Marco Realacci <marco@marcorealacci.me> Date: Tue, 22 Nov 2022 22:02:44 +0100 Subject: [PATCH] Fix query errors --- cmd/webapi/load-configuration.go | 2 +- wasa.db => cmd/webapi/wasaphoto.db | Bin 61440 -> 53248 bytes service/api/helpers/get-limits.go | 2 +- service/api/photos.go | 33 +++++++++++++++++++++++------ service/database/database.go | 1 + service/database/db-comments.go | 14 ++++++------ service/database/db-likes.go | 8 +++---- service/database/db-photos.go | 17 +++++++++++++++ service/database/db-stream.go | 4 ++-- service/database/db-users.go | 24 ++++++++++----------- 10 files changed, 73 insertions(+), 32 deletions(-) rename wasa.db => cmd/webapi/wasaphoto.db (80%) diff --git a/cmd/webapi/load-configuration.go b/cmd/webapi/load-configuration.go index e9d17a7..cfd086f 100644 --- a/cmd/webapi/load-configuration.go +++ b/cmd/webapi/load-configuration.go @@ -26,7 +26,7 @@ type WebAPIConfiguration struct { } Debug bool DB struct { - Filename string `conf:"default:/tmp/decaf.db"` + Filename string `conf:"default:./wasaphoto.db"` } Data struct { Path string `conf:"default:/tmp/wasaphoto"` diff --git a/wasa.db b/cmd/webapi/wasaphoto.db similarity index 80% rename from wasa.db rename to cmd/webapi/wasaphoto.db index aa3c0d2a2d7f0d2607d13f585c83c47cb220d9e7..99da9f31e0f9a2b30959bb17adac2447d04b8b04 100644 GIT binary patch literal 53248 zcmeI*PfXiZ90zbarb!%NuhoP+#E{%b6GX&Q;{1ha>N4sgR0uT0+Bj5^lb8`LiCYr3 zX_u)K^|t$Vsx(dNu?Nn(@4{uL-FxURlcs6XcHDc<3B^E)yP+K5YbpNo{POdApJ&H7 zehwS=RvKMf-EwwXR##04*9B1&K2lXd5N^=dIDPepAe|ZMFVLxYY<|$}4dMODyW`{^ zVJv(okelR?{4oCWTYrvyKmK&|`RM(~+u=j`w?S`4Is_m90SG_<0uVS?VDFvLkfJE! zKIvN3rrm6OZg==-Y_Vh%%7$7le7s_)QJxl6XCtyKM|V5+PE;-%pO)3)8hx27D{;Q! z!M4+NDvf$nUM`l6C8OkBe`l>^EH4$+yT<0M8ziQdj5|ijC@vZsDo^S}=_(o_rmhuL zbNx0e!(w4$v2feq+wjCV+MYKKPiBE$6KB1&yjm!29xF>c`YIf)O)NGRR6bNhq0z3} zUv(Zf=^uR+Yq#t0<q8L>B>7}~Zz&Q|rl-Yyi!0WgR?BX8JN@aX*Rr4Nk8^+}tJ~Si z(O&#BTc~bz?Xy;RSb6(;Nm<fS)9{Ay0Mf#!1+%=iT%=W9HHziffX1Tjdc4IwEyd8+ z<)AV*CvI}b9(u=qxNEm-_KC%aNA<+Y*|ycP<Mf@eN1ug5%H*W@IL2eTTXe^=CxYAj zopW1dF#Lt!4%qL{;bwMwQZS@UOo)#gyrxyF-C?hgx0WpF+&a=s|9dYPP!Z3b#<t_# zBRo6WfDj%FzO%-oJQ7ow2?do8CI%h0toD^88;AF1MncNel(_#M=h||bP3Ox_Z*t9x z)=TZXxr+ln1bZv#;d%NK(o^}PC~q!sRvh-3dHmRVW67iP#G^-bh%r*_T2LuW4I*{( zQq|r}@EehzQXbvsuDlq06!4n5<?EkP*im)bE6NVz6Dw4+xO~ra&j#K-fyUtFjY+Tj z<mTJ0=zKB~3!I-d$+JrITpDKQQ+9zbkuL=D3;B^wFhBqT5P$##AOHafKmY;|fB*y_ zaA5**Nivm8)!wRQ@;R+upSQGhJ#TAPHc1!LRywQOc0DtnUA1;<PCP(!>y}-!)3&80 zs+qc$PS^5UHIdI~shqCo@+sZQrP4Ha!-<PDcQ&8Q&^TGGmawWcb}pw?lbNcP$XeNY z)w1W)I?ruIXq_bTLLe{5-{kiTs~`eF00Izz00bZa0SG_<0uX=z1RyY60a;Q+{yl=! zn`=0Mu%yWB+k)Qp{}X{cCr`+)!z~!L1_1~_00Izz00bZa0SG_<0uZ=b0<)4S`sofJ zv5bCt0t99xQ})vdfIr}W{c35Wwh({-1Rwwb2tWV=5P$##AOL}@Ccygt(;xlA009U< z00Izz00bZa0SG_<0uX?}B^F@!|3z{jkOQ)HiK~gKK>z{}fB*y_009U<00Izz00f33 zuxk40;P0nz|6Te6f2N<l{eFV6`~SV`|AXN`U@H)S00bZa0SG_<0uX=z1Rwx`%PUay z^?bjdEB3(3i0SXyem~LJ{r>>@S|C5s5e5iA00Izz00bZa0SG_<0uX=z1TI*h5EwCq zTfRC4By?R%CN*6zC-V!5^g=p4mq;!o5(V);hDa@>a&8Fs`v0Xs{vt0gxPk}=0SG_< z0uX=z1Rwwb2tWV=5P-mN1x5qXv|MvqExX<AL_}#)e6a0wold}g{{NXko(;D^*ct>N z009U<00Izz00bZa0SG_<0;dE%5rd{IWN!I+?0<3FR;zZiX{lTE691<9$J6h=)xBK^ zvJ08)tNZ`>{r^+mNPqwYAOHafKmY;|fB*y_009VGDgpfezf0Aes0;)k009U<00Izz P00bZa0SG|gOo4v^?N0Z8 delta 762 zcmZuv&rcIU6yBlR-JPA?oz~JW?SfrbV_8#4z!+mB(n1zPD7e&`NIX=2)JP~)(wbh3 z0m{Xj%lilTaqvu<_#bdm<J}X9CoXzw;=zN{ZEJ!$$v1E2&6{t&_ugzD1h&rt?~E|! zIF2$141EkSFMZ3#+(<E@%IBOSopRKspXm{9;bZBPyeF?!fjrU(xke-+op?yp<a0F6 zZnD8vV<+AS8r*rRiF!Pa8sXZ~a=G;KMWt4$c4i76NgNQ?kp)+<9<x@LY9$L7oF@fy z{vpHTTrMrcs4@j2N%FGos!$|0(%>yg-Q7||eP{?ZZu`6|m5q(kX06(@>Qvsz796vX zoy<9=)pJ|su)L3>u%IT4w2UoZh=ph73(f;4|L0YhAPK2`zP4(auq8+0JqFACTb@8n zLAI3-+&#~`Bi!s4^sE8j@c@KqC?KUS!J&FRpx7b!LI>}c*Vaqb;;3)rU4@FeuA@fX zPr-Nk6TT?k_jQyHKmuQeF=Z0o;Az-Z`{64lL0jWE*Yk1%JN2-rN292*;4>~SZC2YL zaH8n#LPssO{eOig)GXsmOxg4&M>;*^c8!Rr8wT1_eY)qBa=B8kc8z#ZWY^o42}m1+ zq-MalHVu0WpR}v8T}OVhJ9BV@4o9t5thE2MdYvXCZhmGin_o0%oyB24%9i1ft~B|~ zujG*%YMPld>K&wlh=~j~!<iq{bA$WO_+vg}_R!?rz7XHyXp04WqmfuQA&dfXsq^`c GGNIo@!p5Wk diff --git a/service/api/helpers/get-limits.go b/service/api/helpers/get-limits.go index 2674d59..4e76960 100644 --- a/service/api/helpers/get-limits.go +++ b/service/api/helpers/get-limits.go @@ -6,7 +6,7 @@ import ( ) const ( - DEFAULT_LIMIT = 10 // todo: move to config + DEFAULT_LIMIT = 15 // don't know if should be moved to config DEFAULT_OFFSET = 0 ) diff --git a/service/api/photos.go b/service/api/photos.go index c8a835b..3c51297 100644 --- a/service/api/photos.go +++ b/service/api/photos.go @@ -15,7 +15,7 @@ import ( func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) { - defer r.Body.Close() + //defer r.Body.Close() uid := ps.ByName("user_id") @@ -70,14 +70,35 @@ func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprout func (rt *_router) GetPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) { - uid := ps.ByName("user_id") - photo_id := ps.ByName("photo_id") - - if !helpers.VerifyUserOrNotFound(rt.db, uid, w, rt.baseLogger) { + if !authorization.SendErrorIfNotLoggedIn(ctx.Auth.Authorized, rt.db, w, rt.baseLogger) { + // We want the user to be authenticated return } - path := rt.dataPath + "/photos/" + uid + "/" + photo_id + ".jpg" + uid := ps.ByName("user_id") + + photo_id_str := ps.ByName("photo_id") + photo_id, err := strconv.ParseInt(photo_id_str, 10, 64) + + if err != nil { + helpers.SendBadRequest(w, "Invalid photo id", rt.baseLogger) + return + } + + // This is also checking if the requesting user is banned by the author of the photo + exists, err := rt.db.PhotoExists(uid, photo_id, ctx.Auth.GetUserID()) + + if err != nil { + helpers.SendInternalError(err, "Database error: PhotoExists", w, rt.baseLogger) + return + } + + if !exists { + helpers.SendNotFound(w, "Resource not found", rt.baseLogger) + return + } + + path := rt.dataPath + "/photos/" + uid + "/" + photo_id_str + ".jpg" file, err := os.Open(path) diff --git a/service/database/database.go b/service/database/database.go index 28c027f..955c385 100644 --- a/service/database/database.go +++ b/service/database/database.go @@ -60,6 +60,7 @@ type AppDatabase interface { PostPhoto(uid string) (DBTransaction, int64, error) DeletePhoto(uid string, photo int64) (bool, error) + PhotoExists(uid string, photo int64, requesting_uid string) (bool, error) GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, offset int) (QueryResult, *[]structures.UIDName, error) LikePhoto(uid string, photo int64, liker_uid string) (QueryResult, error) diff --git a/service/database/db-comments.go b/service/database/db-comments.go index 4f2890c..20ef183 100644 --- a/service/database/db-comments.go +++ b/service/database/db-comments.go @@ -89,15 +89,17 @@ func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid stri return ERR_NOT_FOUND, nil, err } - rows, err := db.c.Query(`SELECT "c"."id", "c"."user", "c"."comment", "c"."date" FROM "comments" AS "c" + rows, err := db.c.Query(`SELECT "c"."id", "c"."user", "c"."comment", "c"."date", "u"."name" + FROM "comments" AS "c", "users" AS "u" WHERE "c"."photo" = ? AND "c"."user" NOT IN ( SELECT "bans"."user" FROM "bans" - WHERE "bans"."user" = ? - AND "bans"."ban" = "c"."user" + WHERE "bans"."user" = "c"."user" + AND "bans"."ban" = ? ) - OFFSET ? - LIMIT ?`, photo_id, requesting_uid, start_index, limit) + AND "u"."uid" = "c"."user" + LIMIT ? + OFFSET ?`, photo_id, requesting_uid, limit, start_index) if err != nil { return ERR_INTERNAL, nil, err @@ -109,7 +111,7 @@ func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid stri for rows.Next() { var c structures.Comment - err = rows.Scan(&c.CommentID, &c.UID, &c.Comment, &c.Date) + err = rows.Scan(&c.CommentID, &c.UID, &c.Comment, &c.Date, &c.Name) if err != nil { return ERR_INTERNAL, nil, err } diff --git a/service/database/db-likes.go b/service/database/db-likes.go index 164129e..3ff358f 100644 --- a/service/database/db-likes.go +++ b/service/database/db-likes.go @@ -22,12 +22,12 @@ func (db *appdbimpl) GetPhotoLikes(uid string, photo int64, requesting_uid strin WHERE "likes"."photo_id" = ? AND "likes"."user" NOT IN ( SELECT "bans"."user" FROM "bans" - WHERE "bans"."user" = ? - AND "bans"."ban" = "likes"."user" + WHERE "bans"."user" = "likes"."user" + AND "bans"."ban" = ? ) AND "likes"."user" = "users"."uid" - OFFSET ? - LIMIT ?`, photo, requesting_uid, start_index, limit) + LIMIT ? + OFFSET ?`, photo, requesting_uid, limit, start_index) if err != nil { return ERR_INTERNAL, nil, err } diff --git a/service/database/db-photos.go b/service/database/db-photos.go index 5ad16d0..95f857f 100644 --- a/service/database/db-photos.go +++ b/service/database/db-photos.go @@ -52,3 +52,20 @@ func (db *appdbimpl) photoExists(uid string, photo int64) (bool, error) { } return cnt > 0, nil } + +func (db *appdbimpl) PhotoExists(uid string, photo int64, requesting_uid string) (bool, error) { + + var cnt int64 + err := db.c.QueryRow(`SELECT COUNT(*) FROM "photos" + WHERE "id" = ? + AND "user" = ? + AND "user" NOT IN ( + SELECT "bans"."user" FROM "bans" + WHERE "bans"."user" = "photos"."user" + AND "bans"."ban" = ? + )`, photo, uid, requesting_uid).Scan(&cnt) + if err != nil { + return false, err + } + return cnt > 0, nil +} diff --git a/service/database/db-stream.go b/service/database/db-stream.go index 4d7ab8d..ce54c52 100644 --- a/service/database/db-stream.go +++ b/service/database/db-stream.go @@ -26,8 +26,8 @@ func (db *appdbimpl) GetUserStream(uid string, start_index int, limit int) (*[]s SELECT "user" FROM "bans" WHERE "ban" = ? ) ORDER BY "p"."date" DESC - OFFSET ? - LIMIT ?`, uid, uid, start_index, limit) + LIMIT ? + OFFSET ?`, uid, uid, limit, start_index) if err != nil { // Return the error return nil, err diff --git a/service/database/db-users.go b/service/database/db-users.go index a87768b..c05b561 100644 --- a/service/database/db-users.go +++ b/service/database/db-users.go @@ -66,8 +66,8 @@ func (db *appdbimpl) GetUserFollowers(uid string, requesting_uid string, start_i AND "follows"."follower" NOT IN ( SELECT "bans"."user" FROM "bans" - WHERE "bans"."user" = ? - AND "bans"."ban" = "follows"."follower" + WHERE "bans"."user" = "follows"."follower" + AND "bans"."ban" = ? ) AND "followed" = ? @@ -102,13 +102,13 @@ func (db *appdbimpl) GetUserFollowing(uid string, requesting_uid string, start_i AND "follows"."followed" NOT IN ( SELECT "bans"."user" FROM "bans" - WHERE "bans"."user" = ? - AND "bans"."ban" = "follows"."followed" + WHERE "bans"."user" = "follows"."followed" + AND "bans"."ban" = ? ) AND "follower" = ? - OFFSET ? - LIMIT ?`, uid, requesting_uid, start_index, offset) + LIMIT ? + OFFSET ?`, uid, requesting_uid, offset, start_index) following, err := db.uidNameQuery(rows, err) @@ -237,11 +237,11 @@ func (db *appdbimpl) IsBanned(uid string, banner string) (bool, error) { func (db *appdbimpl) GetUserBans(uid string, start_index int, limit int) (*[]structures.UIDName, error) { - rows, err := db.c.Query(`SELECT "ban", "user"."name" FROM "bans", "users" + rows, err := db.c.Query(`SELECT "ban", "users"."name" FROM "bans", "users" WHERE "bans"."ban" = "users"."uid" AND "bans"."user" = ? - OFFSET ? - LIMIT ?`, uid, start_index, limit) + LIMIT ? + OFFSET ?`, uid, limit, start_index) bans, err := db.uidNameQuery(rows, err) @@ -256,15 +256,15 @@ func (db *appdbimpl) GetUserBans(uid string, start_index int, limit int) (*[]str func (db *appdbimpl) SearchByName(name string, requesting_uid string, start_index int, limit int) (*[]structures.UIDName, error) { rows, err := db.c.Query(`SELECT "uid", "name" FROM "users" - WHERE "name" LIKE ? + WHERE "name" LIKE '%' || ? || '%' AND "uid" NOT IN ( SELECT "bans"."user" FROM "bans" WHERE "bans"."user" = "users"."uid" AND "bans"."ban" = ? ) - OFFSET ? - LIMIT ?`, name, requesting_uid, start_index, limit) + LIMIT ? + OFFSET ?`, name, requesting_uid, limit, start_index) users, err := db.uidNameQuery(rows, err)