Commit b14c1d2c authored by Luna's avatar Luna 📟

users: harden search handler

the "described issue with the official client" was leaking of
messages that aren't in the client's cache, causing a crash.

from now on, search uses `UserStorage.get_user_guilds` and does
filtering on both SQL and python levels before returning it as a result.
parent 011fc099
...@@ -380,7 +380,7 @@ async def _get_mentions(): ...@@ -380,7 +380,7 @@ async def _get_mentions():
print('args', j) print('args', j)
guild_query = 'AND guild_id = $2' if 'guild_id' in j else '' guild_query = 'AND message.guild_id = $2' if 'guild_id' in j else ''
role_query = "OR content LIKE '%<@&%'" if j['roles'] else '' role_query = "OR content LIKE '%<@&%'" if j['roles'] else ''
everyone_query = "OR content LIKE '%@everyone%'" if j['everyone'] else '' everyone_query = "OR content LIKE '%@everyone%'" if j['everyone'] else ''
mention_user = f'<@{user_id}>' mention_user = f'<@{user_id}>'
...@@ -390,11 +390,17 @@ async def _get_mentions(): ...@@ -390,11 +390,17 @@ async def _get_mentions():
if guild_query: if guild_query:
args.append(j['guild_id']) args.append(j['guild_id'])
guild_ids = await app.user_storage.get_user_guilds(user_id)
gids = ','.join(str(guild_id) for guild_id in guild_ids)
rows = await app.db.fetch(f""" rows = await app.db.fetch(f"""
SELECT id SELECT messages.id
FROM messages FROM messages
JOIN channels ON messages.channel_id = channels.id
WHERE ( WHERE (
content LIKE '%'||$1||'%' channels.channel_type = 0
AND messages.guild_id IN ({gids})
AND content LIKE '%'||$1||'%'
{role_query} {role_query}
{everyone_query} {everyone_query}
{guild_query} {guild_query}
...@@ -405,10 +411,12 @@ async def _get_mentions(): ...@@ -405,10 +411,12 @@ async def _get_mentions():
res = [] res = []
for row in rows: for row in rows:
message = await app.storage.get_message(row['id']) message = await app.storage.get_message(row['id'])
chan = await app.storage.get_channel(int(message['channel_id'])) gid = int(message['guild_id'])
if not chan:
print('ignore wee woo') # ignore messages pre-messages.guild_id
if gid not in guild_ids:
continue continue
res.append( res.append(
message message
) )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment