From a102f97c3eead290ec51e6ed898805baf7fe67d5 Mon Sep 17 00:00:00 2001 From: Michael Demetriou Date: Mon, 10 Jun 2019 00:43:19 +0300 Subject: [PATCH] Fix #96 This solves the error 500 on the /api/me endpoint. Replace token search query `=` with `LIKE` to fix sqlite complaining about no valid tokens. Also checked with MySQL and it still works after the change. --- database.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/database.go b/database.go index b52f27b..3af659d 100644 --- a/database.go +++ b/database.go @@ -388,7 +388,7 @@ func (db *datastore) GetUserNameFromToken(accessToken string) (string, error) { var oneTime bool var username string - err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&username, &oneTime) + err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&username, &oneTime) switch { case err == sql.ErrNoRows: return "", ErrBadAccessToken @@ -413,7 +413,7 @@ func (db *datastore) GetUserDataFromToken(accessToken string) (int64, string, er var userID int64 var oneTime bool var username string - err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &username, &oneTime) + err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &username, &oneTime) switch { case err == sql.ErrNoRows: return 0, "", ErrBadAccessToken @@ -452,7 +452,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo } var oneTime bool - err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &sudo, &oneTime) + err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &sudo, &oneTime) switch { case err == sql.ErrNoRows: return -1, false @@ -469,7 +469,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo } func (db *datastore) DeleteToken(accessToken []byte) error { - res, err := db.Exec("DELETE FROM accesstokens WHERE token = ?", accessToken) + res, err := db.Exec("DELETE FROM accesstokens WHERE token LIKE ?", accessToken) if err != nil { return err } @@ -484,7 +484,7 @@ func (db *datastore) DeleteToken(accessToken []byte) error { // userID. func (db *datastore) FetchLastAccessToken(userID int64) string { var t []byte - err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > NOW()) ORDER BY created DESC LIMIT 1", userID).Scan(&t) + err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > "+db.now()+") ORDER BY created DESC LIMIT 1", userID).Scan(&t) switch { case err == sql.ErrNoRows: return "" @@ -529,7 +529,7 @@ func (db *datastore) GetTemporaryOneTimeAccessToken(userID int64, validSecs int, expirationVal := "NULL" if validSecs > 0 { - expirationVal = fmt.Sprintf("DATE_ADD(NOW(), INTERVAL %d SECOND)", validSecs) + expirationVal = fmt.Sprintf("DATE_ADD("+db.now()+", INTERVAL %d SECOND)", validSecs) } _, err = db.Exec("INSERT INTO accesstokens (token, user_id, one_time, expires) VALUES (?, ?, ?, "+expirationVal+")", string(binTok), userID, oneTime)