From b14c1d2c9a3ff9dd20837bcb5db62d4289b4b723 Mon Sep 17 00:00:00 2001 From: Luna Mendes Date: Tue, 20 Nov 2018 20:55:50 -0300 Subject: [PATCH] users: harden search handler the "described issue with the official client" was leaking of messages that aren't in the client's cache, causing a crash. from now on, search uses `UserStorage.get_user_guilds` and does filtering on both SQL and python levels before returning it as a result. --- litecord/blueprints/users.py | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/litecord/blueprints/users.py b/litecord/blueprints/users.py index 5413456..9c6de3a 100644 --- a/litecord/blueprints/users.py +++ b/litecord/blueprints/users.py @@ -380,7 +380,7 @@ async def _get_mentions(): print('args', j) - guild_query = 'AND guild_id = $2' if 'guild_id' in j else '' + guild_query = 'AND message.guild_id = $2' if 'guild_id' in j else '' role_query = "OR content LIKE '%<@&%'" if j['roles'] else '' everyone_query = "OR content LIKE '%@everyone%'" if j['everyone'] else '' mention_user = f'<@{user_id}>' @@ -390,11 +390,17 @@ async def _get_mentions(): if guild_query: args.append(j['guild_id']) + guild_ids = await app.user_storage.get_user_guilds(user_id) + gids = ','.join(str(guild_id) for guild_id in guild_ids) + rows = await app.db.fetch(f""" - SELECT id + SELECT messages.id FROM messages + JOIN channels ON messages.channel_id = channels.id WHERE ( - content LIKE '%'||$1||'%' + channels.channel_type = 0 + AND messages.guild_id IN ({gids}) + AND content LIKE '%'||$1||'%' {role_query} {everyone_query} {guild_query} @@ -405,10 +411,12 @@ async def _get_mentions(): res = [] for row in rows: message = await app.storage.get_message(row['id']) - chan = await app.storage.get_channel(int(message['channel_id'])) - if not chan: - print('ignore wee woo') + gid = int(message['guild_id']) + + # ignore messages pre-messages.guild_id + if gid not in guild_ids: continue + res.append( message )