Bommels05/Modrinth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add slug validation (#168)

Browse Source
This commit is contained in:
BasiqueEvangelist 2021-02-23 18:04:10 +03:00 committed by GitHub
parent a02e08a879
commit e46ff3de8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 86 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
sqlx-data.json
View File

@ -235,6 +235,26 @@
] ]
} }
}, },
"0f29bb5ba767ebd0669c860994e48e3cb2674f0d53f6c4ab85c79d46b04cbb40": {
"query": "\n SELECT EXISTS(SELECT 1 FROM mods WHERE id=$1)\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "exists",
"type_info": "Bool"
}
],
"parameters": {
"Left": [
"Int8"
]
},
"nullable": [
null
]
}
},
"1220d15a56dbf823eaa452fbafa17442ab0568bc81a31fa38e16e3df3278e5f9": { "1220d15a56dbf823eaa452fbafa17442ab0568bc81a31fa38e16e3df3278e5f9": {
"query": "SELECT EXISTS(SELECT 1 FROM users WHERE id = $1)", "query": "SELECT EXISTS(SELECT 1 FROM users WHERE id = $1)",
"describe": { "describe": {
@ -3188,6 +3208,26 @@
] ]
} }
}, },
"ac840a3ba466cfa1f914a1e44fcc9052bd1e0e908140e7147d1ff72d1794cfbf": {
"query": "\n SELECT EXISTS(SELECT 1 FROM mods WHERE id=$1)\n ",
"describe": {
"columns": [
{
"ordinal": 0,
"name": "exists",
"type_info": "Bool"
}
],
"parameters": {
"Left": [
"Int8"
]
},
"nullable": [
null
]
}
},
"acbafe265c4b7a1c95b0494a0a03c8bd2cd778ae561ef5a662fa931ca26cf603": { "acbafe265c4b7a1c95b0494a0a03c8bd2cd778ae561ef5a662fa931ca26cf603": {
"query": "\n DELETE FROM mods_donations\n WHERE joining_mod_id = $1\n ", "query": "\n DELETE FROM mods_donations\n WHERE joining_mod_id = $1\n ",
"describe": { "describe": {

23
src/routes/mod_creation.rs
View File

@ -46,6 +46,8 @@ pub enum CreateError {
InvalidCategory(String), InvalidCategory(String),
#[error("Invalid file type for version file: {0}")] #[error("Invalid file type for version file: {0}")]
InvalidFileType(String), InvalidFileType(String),
#[error("Slug collides with other mod's id!")]
SlugCollision,
#[error("Authentication Error: {0}")] #[error("Authentication Error: {0}")]
Unauthorized(#[from] AuthenticationError), Unauthorized(#[from] AuthenticationError),
#[error("Authentication Error: {0}")] #[error("Authentication Error: {0}")]
@ -71,6 +73,7 @@ impl actix_web::ResponseError for CreateError {
CreateError::InvalidFileType(..) => StatusCode::BAD_REQUEST, CreateError::InvalidFileType(..) => StatusCode::BAD_REQUEST,
CreateError::Unauthorized(..) => StatusCode::UNAUTHORIZED, CreateError::Unauthorized(..) => StatusCode::UNAUTHORIZED,
CreateError::CustomAuthenticationError(..) => StatusCode::UNAUTHORIZED, CreateError::CustomAuthenticationError(..) => StatusCode::UNAUTHORIZED,
CreateError::SlugCollision => StatusCode::BAD_REQUEST,
} }
} }
@ -93,6 +96,7 @@ impl actix_web::ResponseError for CreateError {
CreateError::InvalidFileType(..) => "invalid_input", CreateError::InvalidFileType(..) => "invalid_input",
CreateError::Unauthorized(..) => "unauthorized", CreateError::Unauthorized(..) => "unauthorized",
CreateError::CustomAuthenticationError(..) => "unauthorized", CreateError::CustomAuthenticationError(..) => "unauthorized",
CreateError::SlugCollision => "invalid_input",
}, },
description: &self.to_string(), description: &self.to_string(),
}) })
@ -324,6 +328,25 @@ async fn mod_create_inner(
.try_for_each(|v| super::version_creation::check_version(v))?; .try_for_each(|v| super::version_creation::check_version(v))?;
} }
let slug_modid_option: Option<ModId> =
serde_json::from_str(&*format!("\"{}\"", create_data.mod_slug)).ok();
if let Some(slug_modid) = slug_modid_option {
let slug_modid: models::ids::ModId = slug_modid.into();
let results = sqlx::query!(
"
SELECT EXISTS(SELECT 1 FROM mods WHERE id=$1)
",
slug_modid as models::ids::ModId
)
.fetch_one(&mut *transaction)
.await
.map_err(|e| CreateError::DatabaseError(e.into()))?;
if results.exists.unwrap_or(true) {
return Err(CreateError::SlugCollision);
}
}
// Create VersionBuilders for the versions specified in `initial_versions` // Create VersionBuilders for the versions specified in `initial_versions`
versions = Vec::with_capacity(create_data.initial_versions.len()); versions = Vec::with_capacity(create_data.initial_versions.len());
for (i, data) in create_data.initial_versions.iter().enumerate() { for (i, data) in create_data.initial_versions.iter().enumerate() {

23
src/routes/mods.rs
View File

@ -588,6 +588,29 @@ pub async fn mod_edit(
)); ));
} }
if let Some(slug) = slug {
let slug_modid_option: Option<ModId> =
serde_json::from_str(&*format!("\"{}\"", slug)).ok();
if let Some(slug_modid) = slug_modid_option {
let slug_modid: database::models::ids::ModId = slug_modid.into();
let results = sqlx::query!(
"
SELECT EXISTS(SELECT 1 FROM mods WHERE id=$1)
",
slug_modid as database::models::ids::ModId
)
.fetch_one(&mut *transaction)
.await
.map_err(|e| ApiError::DatabaseError(e.into()))?;
if results.exists.unwrap_or(true) {
return Err(ApiError::InvalidInputError(
"Slug collides with other mod's id!".to_string(),
));
}
}
}
sqlx::query!( sqlx::query!(
" "
UPDATE mods UPDATE mods