diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-08-20 22:47:19 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-08-20 21:47:19 +0100 |
| commit | 570fa7c3598118ded6df7ced0a5326f54e7a43e2 (patch) | |
| tree | 9575a6f3016c73b7109c88f68a2a512981cf19e4 /internal/db/bundb | |
| parent | [docs] Textual updates on markdown files (#756) (diff) | |
| download | gotosocial-570fa7c3598118ded6df7ced0a5326f54e7a43e2.tar.xz | |
[bugfix] Fix potential dereference of accounts on own instance (#757)
* add GetAccountByUsernameDomain
* simplify search
* add escape to not deref accounts on own domain
* check if local + we have account by ap uri
Diffstat (limited to 'internal/db/bundb')
| -rw-r--r-- | internal/db/bundb/account.go | 20 | ||||
| -rw-r--r-- | internal/db/bundb/account_test.go | 12 |
2 files changed, 32 insertions, 0 deletions
diff --git a/internal/db/bundb/account.go b/internal/db/bundb/account.go index 201de6f02..95c3d80d8 100644 --- a/internal/db/bundb/account.go +++ b/internal/db/bundb/account.go @@ -84,6 +84,26 @@ func (a *accountDB) GetAccountByURL(ctx context.Context, url string) (*gtsmodel. ) } +func (a *accountDB) GetAccountByUsernameDomain(ctx context.Context, username string, domain string) (*gtsmodel.Account, db.Error) { + return a.getAccount( + ctx, + func() (*gtsmodel.Account, bool) { + return a.cache.GetByUsernameDomain(username, domain) + }, + func(account *gtsmodel.Account) error { + q := a.newAccountQ(account).Where("account.username = ?", username) + + if domain != "" { + q = q.Where("account.domain = ?", domain) + } else { + q = q.Where("account.domain IS NULL") + } + + return q.Scan(ctx) + }, + ) +} + func (a *accountDB) getAccount(ctx context.Context, cacheGet func() (*gtsmodel.Account, bool), dbQuery func(*gtsmodel.Account) error) (*gtsmodel.Account, db.Error) { // Attempt to fetch cached account account, cached := cacheGet() diff --git a/internal/db/bundb/account_test.go b/internal/db/bundb/account_test.go index 59b51386d..3c19e84d9 100644 --- a/internal/db/bundb/account_test.go +++ b/internal/db/bundb/account_test.go @@ -58,6 +58,18 @@ func (suite *AccountTestSuite) TestGetAccountByIDWithExtras() { suite.NotEmpty(account.HeaderMediaAttachment.URL) } +func (suite *AccountTestSuite) TestGetAccountByUsernameDomain() { + testAccount1 := suite.testAccounts["local_account_1"] + account1, err := suite.db.GetAccountByUsernameDomain(context.Background(), testAccount1.Username, testAccount1.Domain) + suite.NoError(err) + suite.NotNil(account1) + + testAccount2 := suite.testAccounts["remote_account_1"] + account2, err := suite.db.GetAccountByUsernameDomain(context.Background(), testAccount2.Username, testAccount2.Domain) + suite.NoError(err) + suite.NotNil(account2) +} + func (suite *AccountTestSuite) TestUpdateAccount() { testAccount := suite.testAccounts["local_account_1"] |