Writefreely/writefreely
1
0
Fork 0
mirror of https://github.com/writeas/writefreely synced 2025-02-08 04:38:44 +01:00
Code Issues Releases Wiki Activity

Fix #96

Browse Source 
This solves the error 500 on the /api/me endpoint.

Replace token search query `=` with `LIKE` to fix sqlite complaining about
no valid tokens. Also checked with MySQL and it still works after the change.
This commit is contained in:
Michael Demetriou 2019-06-10 00:43:19 +03:00
parent b2a9429db0
commit 9570388d1d
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
database.go
View File

@ -387,7 +387,7 @@ func (db *datastore) GetUserNameFromToken(accessToken string) (string, error) {
var oneTime bool var oneTime bool
var username string var username string
err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&username, &oneTime) err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&username, &oneTime)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return "", ErrBadAccessToken return "", ErrBadAccessToken
@ -412,7 +412,7 @@ func (db *datastore) GetUserDataFromToken(accessToken string) (int64, string, er
var userID int64 var userID int64
var oneTime bool var oneTime bool
var username string var username string
err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &username, &oneTime) err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &username, &oneTime)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return 0, "", ErrBadAccessToken return 0, "", ErrBadAccessToken
@ -451,7 +451,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo
} }
var oneTime bool var oneTime bool
err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &sudo, &oneTime) err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &sudo, &oneTime)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return -1, false return -1, false
@ -468,7 +468,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo
} }
func (db *datastore) DeleteToken(accessToken []byte) error { func (db *datastore) DeleteToken(accessToken []byte) error {
res, err := db.Exec("DELETE FROM accesstokens WHERE token = ?", accessToken) res, err := db.Exec("DELETE FROM accesstokens WHERE token LIKE ?", accessToken)
if err != nil { if err != nil {
return err return err
} }
@ -483,7 +483,7 @@ func (db *datastore) DeleteToken(accessToken []byte) error {
// userID. // userID.
func (db *datastore) FetchLastAccessToken(userID int64) string { func (db *datastore) FetchLastAccessToken(userID int64) string {
var t []byte var t []byte
err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > NOW()) ORDER BY created DESC LIMIT 1", userID).Scan(&t) err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > "+db.now()+") ORDER BY created DESC LIMIT 1", userID).Scan(&t)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return "" return ""
@ -528,7 +528,7 @@ func (db *datastore) GetTemporaryOneTimeAccessToken(userID int64, validSecs int,
expirationVal := "NULL" expirationVal := "NULL"
if validSecs > 0 { if validSecs > 0 {
expirationVal = fmt.Sprintf("DATE_ADD(NOW(), INTERVAL %d SECOND)", validSecs) expirationVal = fmt.Sprintf("DATE_ADD("+db.now()+", INTERVAL %d SECOND)", validSecs)
} }
_, err = db.Exec("INSERT INTO accesstokens (token, user_id, one_time, expires) VALUES (?, ?, ?, "+expirationVal+")", string(binTok), userID, oneTime) _, err = db.Exec("INSERT INTO accesstokens (token, user_id, one_time, expires) VALUES (?, ?, ?, "+expirationVal+")", string(binTok), userID, oneTime)