diff options
author | Vika <vika@fireburn.ru> | 2024-07-09 22:43:21 +0300 |
---|---|---|
committer | Vika <vika@fireburn.ru> | 2024-07-09 22:44:01 +0300 |
commit | 2e9c292bb989ffff2c99aa2a6062962c913b3586 (patch) | |
tree | 9c148d9e8fcbd7756ab8d27ae110075beea8e615 /src/database/postgres | |
parent | 644e19aa08b2629d4b69281e14d702f0b9673687 (diff) | |
download | kittybox-2e9c292bb989ffff2c99aa2a6062962c913b3586.tar.zst |
database: use Url to represent user authorities
This makes the interface more consistent and resistant to misuse.
Diffstat (limited to 'src/database/postgres')
-rw-r--r-- | src/database/postgres/mod.rs | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/src/database/postgres/mod.rs b/src/database/postgres/mod.rs index 71c4d58..7813045 100644 --- a/src/database/postgres/mod.rs +++ b/src/database/postgres/mod.rs @@ -1,4 +1,3 @@ -#![allow(unused_variables)] use std::borrow::Cow; use std::str::FromStr; @@ -111,11 +110,11 @@ WHERE } #[tracing::instrument(skip(self))] - async fn put_post(&self, post: &'_ serde_json::Value, user: &'_ str) -> Result<()> { + async fn put_post(&self, post: &'_ serde_json::Value, user: &url::Url) -> Result<()> { tracing::debug!("New post: {}", post); sqlx::query("INSERT INTO kittybox.mf2_json (uid, mf2, owner) VALUES ($1 #>> '{properties,uid,0}', $1, $2)") .bind(post) - .bind(user) + .bind(user.authority()) .execute(&self.db) .await .map(|_| ()) @@ -247,14 +246,14 @@ WHERE } #[tracing::instrument(skip(self))] - async fn get_channels(&self, user: &'_ str) -> Result<Vec<MicropubChannel>> { + async fn get_channels(&self, user: &url::Url) -> Result<Vec<MicropubChannel>> { /*sqlx::query_as::<_, MicropubChannel>("SELECT name, uid FROM kittybox.channels WHERE owner = $1") .bind(user) .fetch_all(&self.db) .await .map_err(|err| err.into())*/ sqlx::query_as::<_, MicropubChannel>(r#"SELECT mf2 #>> '{properties,name,0}' as name, uid FROM kittybox.mf2_json WHERE '["h-feed"]'::jsonb @> mf2['type'] AND owner = $1"#) - .bind(user) + .bind(user.authority()) .fetch_all(&self.db) .await .map_err(|err| err.into()) @@ -264,10 +263,12 @@ WHERE async fn read_feed_with_limit( &self, url: &'_ str, - after: &'_ Option<String>, + after: Option<&str>, limit: usize, - user: &'_ Option<String>, + // BUG: this doesn't seem to be used?! + user: Option<&url::Url>, ) -> Result<Option<serde_json::Value>> { + unimplemented!("read_feed_with_limit is insecure and deprecated"); let mut feed = match sqlx::query_as::<_, (serde_json::Value,)>(" SELECT jsonb_set( mf2, @@ -331,7 +332,7 @@ ORDER BY mf2 #>> '{properties,published,0}' DESC url: &'_ str, cursor: Option<&'_ str>, limit: usize, - user: Option<&'_ str> + user: Option<&url::Url> ) -> Result<Option<(serde_json::Value, Option<String>)>> { let mut txn = self.db.begin().await?; sqlx::query("SET TRANSACTION ISOLATION LEVEL REPEATABLE READ, READ ONLY") @@ -384,7 +385,7 @@ LIMIT $2" ) .bind(url) .bind(limit as i64) - .bind(user) + .bind(user.map(url::Url::to_string)) .bind(cursor) .fetch_all(&mut *txn) .await @@ -405,9 +406,9 @@ LIMIT $2" } #[tracing::instrument(skip(self))] - async fn get_setting<S: Setting<'a>, 'a>(&'_ self, user: &'_ str) -> Result<S> { + async fn get_setting<S: Setting<'a>, 'a>(&'_ self, user: &url::Url) -> Result<S> { match sqlx::query_as::<_, (serde_json::Value,)>("SELECT kittybox.get_setting($1, $2)") - .bind(user) + .bind(user.authority()) .bind(S::ID) .fetch_one(&self.db) .await @@ -418,9 +419,9 @@ LIMIT $2" } #[tracing::instrument(skip(self))] - async fn set_setting<S: Setting<'a> + 'a, 'a>(&self, user: &'a str, value: S::Data) -> Result<()> { + async fn set_setting<S: Setting<'a> + 'a, 'a>(&self, user: &'a url::Url, value: S::Data) -> Result<()> { sqlx::query("SELECT kittybox.set_setting($1, $2, $3)") - .bind(user) + .bind(user.authority()) .bind(S::ID) .bind(serde_json::to_value(S::new(value)).unwrap()) .execute(&self.db) |