Fix query errors

This commit is contained in:
Marco Realacci 2022-11-22 22:02:44 +01:00
parent 09adc06e18
commit ebb5c4e6f7
10 changed files with 73 additions and 32 deletions

View file

@ -26,7 +26,7 @@ type WebAPIConfiguration struct {
} }
Debug bool Debug bool
DB struct { DB struct {
Filename string `conf:"default:/tmp/decaf.db"` Filename string `conf:"default:./wasaphoto.db"`
} }
Data struct { Data struct {
Path string `conf:"default:/tmp/wasaphoto"` Path string `conf:"default:/tmp/wasaphoto"`

Binary file not shown.

View file

@ -6,7 +6,7 @@ import (
) )
const ( const (
DEFAULT_LIMIT = 10 // todo: move to config DEFAULT_LIMIT = 15 // don't know if should be moved to config
DEFAULT_OFFSET = 0 DEFAULT_OFFSET = 0
) )

View file

@ -15,7 +15,7 @@ import (
func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) { func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
defer r.Body.Close() //defer r.Body.Close()
uid := ps.ByName("user_id") uid := ps.ByName("user_id")
@ -70,14 +70,35 @@ func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprout
func (rt *_router) GetPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) { func (rt *_router) GetPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
uid := ps.ByName("user_id") if !authorization.SendErrorIfNotLoggedIn(ctx.Auth.Authorized, rt.db, w, rt.baseLogger) {
photo_id := ps.ByName("photo_id") // We want the user to be authenticated
if !helpers.VerifyUserOrNotFound(rt.db, uid, w, rt.baseLogger) {
return return
} }
path := rt.dataPath + "/photos/" + uid + "/" + photo_id + ".jpg" uid := ps.ByName("user_id")
photo_id_str := ps.ByName("photo_id")
photo_id, err := strconv.ParseInt(photo_id_str, 10, 64)
if err != nil {
helpers.SendBadRequest(w, "Invalid photo id", rt.baseLogger)
return
}
// This is also checking if the requesting user is banned by the author of the photo
exists, err := rt.db.PhotoExists(uid, photo_id, ctx.Auth.GetUserID())
if err != nil {
helpers.SendInternalError(err, "Database error: PhotoExists", w, rt.baseLogger)
return
}
if !exists {
helpers.SendNotFound(w, "Resource not found", rt.baseLogger)
return
}
path := rt.dataPath + "/photos/" + uid + "/" + photo_id_str + ".jpg"
file, err := os.Open(path) file, err := os.Open(path)

View file

@ -60,6 +60,7 @@ type AppDatabase interface {
PostPhoto(uid string) (DBTransaction, int64, error) PostPhoto(uid string) (DBTransaction, int64, error)
DeletePhoto(uid string, photo int64) (bool, error) DeletePhoto(uid string, photo int64) (bool, error)
PhotoExists(uid string, photo int64, requesting_uid string) (bool, error)
GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, offset int) (QueryResult, *[]structures.UIDName, error) GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, offset int) (QueryResult, *[]structures.UIDName, error)
LikePhoto(uid string, photo int64, liker_uid string) (QueryResult, error) LikePhoto(uid string, photo int64, liker_uid string) (QueryResult, error)

View file

@ -89,15 +89,17 @@ func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid stri
return ERR_NOT_FOUND, nil, err return ERR_NOT_FOUND, nil, err
} }
rows, err := db.c.Query(`SELECT "c"."id", "c"."user", "c"."comment", "c"."date" FROM "comments" AS "c" rows, err := db.c.Query(`SELECT "c"."id", "c"."user", "c"."comment", "c"."date", "u"."name"
FROM "comments" AS "c", "users" AS "u"
WHERE "c"."photo" = ? WHERE "c"."photo" = ?
AND "c"."user" NOT IN ( AND "c"."user" NOT IN (
SELECT "bans"."user" FROM "bans" SELECT "bans"."user" FROM "bans"
WHERE "bans"."user" = ? WHERE "bans"."user" = "c"."user"
AND "bans"."ban" = "c"."user" AND "bans"."ban" = ?
) )
OFFSET ? AND "u"."uid" = "c"."user"
LIMIT ?`, photo_id, requesting_uid, start_index, limit) LIMIT ?
OFFSET ?`, photo_id, requesting_uid, limit, start_index)
if err != nil { if err != nil {
return ERR_INTERNAL, nil, err return ERR_INTERNAL, nil, err
@ -109,7 +111,7 @@ func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid stri
for rows.Next() { for rows.Next() {
var c structures.Comment var c structures.Comment
err = rows.Scan(&c.CommentID, &c.UID, &c.Comment, &c.Date) err = rows.Scan(&c.CommentID, &c.UID, &c.Comment, &c.Date, &c.Name)
if err != nil { if err != nil {
return ERR_INTERNAL, nil, err return ERR_INTERNAL, nil, err
} }

View file

@ -22,12 +22,12 @@ func (db *appdbimpl) GetPhotoLikes(uid string, photo int64, requesting_uid strin
WHERE "likes"."photo_id" = ? WHERE "likes"."photo_id" = ?
AND "likes"."user" NOT IN ( AND "likes"."user" NOT IN (
SELECT "bans"."user" FROM "bans" SELECT "bans"."user" FROM "bans"
WHERE "bans"."user" = ? WHERE "bans"."user" = "likes"."user"
AND "bans"."ban" = "likes"."user" AND "bans"."ban" = ?
) )
AND "likes"."user" = "users"."uid" AND "likes"."user" = "users"."uid"
OFFSET ? LIMIT ?
LIMIT ?`, photo, requesting_uid, start_index, limit) OFFSET ?`, photo, requesting_uid, limit, start_index)
if err != nil { if err != nil {
return ERR_INTERNAL, nil, err return ERR_INTERNAL, nil, err
} }

View file

@ -52,3 +52,20 @@ func (db *appdbimpl) photoExists(uid string, photo int64) (bool, error) {
} }
return cnt > 0, nil return cnt > 0, nil
} }
func (db *appdbimpl) PhotoExists(uid string, photo int64, requesting_uid string) (bool, error) {
var cnt int64
err := db.c.QueryRow(`SELECT COUNT(*) FROM "photos"
WHERE "id" = ?
AND "user" = ?
AND "user" NOT IN (
SELECT "bans"."user" FROM "bans"
WHERE "bans"."user" = "photos"."user"
AND "bans"."ban" = ?
)`, photo, uid, requesting_uid).Scan(&cnt)
if err != nil {
return false, err
}
return cnt > 0, nil
}

View file

@ -26,8 +26,8 @@ func (db *appdbimpl) GetUserStream(uid string, start_index int, limit int) (*[]s
SELECT "user" FROM "bans" WHERE "ban" = ? SELECT "user" FROM "bans" WHERE "ban" = ?
) )
ORDER BY "p"."date" DESC ORDER BY "p"."date" DESC
OFFSET ? LIMIT ?
LIMIT ?`, uid, uid, start_index, limit) OFFSET ?`, uid, uid, limit, start_index)
if err != nil { if err != nil {
// Return the error // Return the error
return nil, err return nil, err

View file

@ -66,8 +66,8 @@ func (db *appdbimpl) GetUserFollowers(uid string, requesting_uid string, start_i
AND "follows"."follower" NOT IN ( AND "follows"."follower" NOT IN (
SELECT "bans"."user" FROM "bans" SELECT "bans"."user" FROM "bans"
WHERE "bans"."user" = ? WHERE "bans"."user" = "follows"."follower"
AND "bans"."ban" = "follows"."follower" AND "bans"."ban" = ?
) )
AND "followed" = ? AND "followed" = ?
@ -102,13 +102,13 @@ func (db *appdbimpl) GetUserFollowing(uid string, requesting_uid string, start_i
AND "follows"."followed" NOT IN ( AND "follows"."followed" NOT IN (
SELECT "bans"."user" FROM "bans" SELECT "bans"."user" FROM "bans"
WHERE "bans"."user" = ? WHERE "bans"."user" = "follows"."followed"
AND "bans"."ban" = "follows"."followed" AND "bans"."ban" = ?
) )
AND "follower" = ? AND "follower" = ?
OFFSET ? LIMIT ?
LIMIT ?`, uid, requesting_uid, start_index, offset) OFFSET ?`, uid, requesting_uid, offset, start_index)
following, err := db.uidNameQuery(rows, err) following, err := db.uidNameQuery(rows, err)
@ -237,11 +237,11 @@ func (db *appdbimpl) IsBanned(uid string, banner string) (bool, error) {
func (db *appdbimpl) GetUserBans(uid string, start_index int, limit int) (*[]structures.UIDName, error) { func (db *appdbimpl) GetUserBans(uid string, start_index int, limit int) (*[]structures.UIDName, error) {
rows, err := db.c.Query(`SELECT "ban", "user"."name" FROM "bans", "users" rows, err := db.c.Query(`SELECT "ban", "users"."name" FROM "bans", "users"
WHERE "bans"."ban" = "users"."uid" WHERE "bans"."ban" = "users"."uid"
AND "bans"."user" = ? AND "bans"."user" = ?
OFFSET ? LIMIT ?
LIMIT ?`, uid, start_index, limit) OFFSET ?`, uid, limit, start_index)
bans, err := db.uidNameQuery(rows, err) bans, err := db.uidNameQuery(rows, err)
@ -256,15 +256,15 @@ func (db *appdbimpl) GetUserBans(uid string, start_index int, limit int) (*[]str
func (db *appdbimpl) SearchByName(name string, requesting_uid string, start_index int, limit int) (*[]structures.UIDName, error) { func (db *appdbimpl) SearchByName(name string, requesting_uid string, start_index int, limit int) (*[]structures.UIDName, error) {
rows, err := db.c.Query(`SELECT "uid", "name" FROM "users" rows, err := db.c.Query(`SELECT "uid", "name" FROM "users"
WHERE "name" LIKE ? WHERE "name" LIKE '%' || ? || '%'
AND "uid" NOT IN ( AND "uid" NOT IN (
SELECT "bans"."user" FROM "bans" SELECT "bans"."user" FROM "bans"
WHERE "bans"."user" = "users"."uid" WHERE "bans"."user" = "users"."uid"
AND "bans"."ban" = ? AND "bans"."ban" = ?
) )
OFFSET ? LIMIT ?
LIMIT ?`, name, requesting_uid, start_index, limit) OFFSET ?`, name, requesting_uid, limit, start_index)
users, err := db.uidNameQuery(rows, err) users, err := db.uidNameQuery(rows, err)