Fix #96
This solves the error 500 on the /api/me endpoint. Replace token search query `=` with `LIKE` to fix sqlite complaining about no valid tokens. Also checked with MySQL and it still works after the change.
This commit is contained in:
parent
161f7a8de2
commit
aeab30db8a
12
database.go
12
database.go
|
@ -388,7 +388,7 @@ func (db *datastore) GetUserNameFromToken(accessToken string) (string, error) {
|
||||||
|
|
||||||
var oneTime bool
|
var oneTime bool
|
||||||
var username string
|
var username string
|
||||||
err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&username, &oneTime)
|
err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&username, &oneTime)
|
||||||
switch {
|
switch {
|
||||||
case err == sql.ErrNoRows:
|
case err == sql.ErrNoRows:
|
||||||
return "", ErrBadAccessToken
|
return "", ErrBadAccessToken
|
||||||
|
@ -413,7 +413,7 @@ func (db *datastore) GetUserDataFromToken(accessToken string) (int64, string, er
|
||||||
var userID int64
|
var userID int64
|
||||||
var oneTime bool
|
var oneTime bool
|
||||||
var username string
|
var username string
|
||||||
err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &username, &oneTime)
|
err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &username, &oneTime)
|
||||||
switch {
|
switch {
|
||||||
case err == sql.ErrNoRows:
|
case err == sql.ErrNoRows:
|
||||||
return 0, "", ErrBadAccessToken
|
return 0, "", ErrBadAccessToken
|
||||||
|
@ -452,7 +452,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo
|
||||||
}
|
}
|
||||||
|
|
||||||
var oneTime bool
|
var oneTime bool
|
||||||
err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &sudo, &oneTime)
|
err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &sudo, &oneTime)
|
||||||
switch {
|
switch {
|
||||||
case err == sql.ErrNoRows:
|
case err == sql.ErrNoRows:
|
||||||
return -1, false
|
return -1, false
|
||||||
|
@ -469,7 +469,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo
|
||||||
}
|
}
|
||||||
|
|
||||||
func (db *datastore) DeleteToken(accessToken []byte) error {
|
func (db *datastore) DeleteToken(accessToken []byte) error {
|
||||||
res, err := db.Exec("DELETE FROM accesstokens WHERE token = ?", accessToken)
|
res, err := db.Exec("DELETE FROM accesstokens WHERE token LIKE ?", accessToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -484,7 +484,7 @@ func (db *datastore) DeleteToken(accessToken []byte) error {
|
||||||
// userID.
|
// userID.
|
||||||
func (db *datastore) FetchLastAccessToken(userID int64) string {
|
func (db *datastore) FetchLastAccessToken(userID int64) string {
|
||||||
var t []byte
|
var t []byte
|
||||||
err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > NOW()) ORDER BY created DESC LIMIT 1", userID).Scan(&t)
|
err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > "+db.now()+") ORDER BY created DESC LIMIT 1", userID).Scan(&t)
|
||||||
switch {
|
switch {
|
||||||
case err == sql.ErrNoRows:
|
case err == sql.ErrNoRows:
|
||||||
return ""
|
return ""
|
||||||
|
@ -529,7 +529,7 @@ func (db *datastore) GetTemporaryOneTimeAccessToken(userID int64, validSecs int,
|
||||||
|
|
||||||
expirationVal := "NULL"
|
expirationVal := "NULL"
|
||||||
if validSecs > 0 {
|
if validSecs > 0 {
|
||||||
expirationVal = fmt.Sprintf("DATE_ADD(NOW(), INTERVAL %d SECOND)", validSecs)
|
expirationVal = fmt.Sprintf("DATE_ADD("+db.now()+", INTERVAL %d SECOND)", validSecs)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = db.Exec("INSERT INTO accesstokens (token, user_id, one_time, expires) VALUES (?, ?, ?, "+expirationVal+")", string(binTok), userID, oneTime)
|
_, err = db.Exec("INSERT INTO accesstokens (token, user_id, one_time, expires) VALUES (?, ?, ?, "+expirationVal+")", string(binTok), userID, oneTime)
|
||||||
|
|
Loading…
Reference in New Issue