From 3b3fa14496358deb0313242fd85f01dfed01e729 Mon Sep 17 00:00:00 2001 From: shockrah Date: Tue, 19 Jan 2021 19:43:21 -0800 Subject: [PATCH] * Db::Messages::get_time_range now handles case where start_time >= end_time Which means we won't get weird requests from clients anymore(hopefully) * Route handler for /message/time_range now handles db::Response::RestrictedInput Responds with a simple 400 and nothing else --- server-api/db/src/messages.rs | 49 +++++++++++++++++++++-------------- server-api/src/messages.rs | 21 ++++++++------- 2 files changed, 40 insertions(+), 30 deletions(-) diff --git a/server-api/db/src/messages.rs b/server-api/db/src/messages.rs index 3bb27b5..068bb60 100644 --- a/server-api/db/src/messages.rs +++ b/server-api/db/src/messages.rs @@ -156,29 +156,38 @@ impl Message { } pub async fn get_time_range(p: &Pool, channel_id: UBigInt, start: BigInt, end: BigInt) -> Result, SqlError> { - let conn = p.get_conn().await?; - let q = "SELECT id, time, content, author_id FROM messages WHERE channel_id = :channel AND time >= :start AND time < :end"; + //! @returns on success : Set(Vec) + //! @returns on userfail: RestrictedInput(message) + //! @returns on error : Err(SqlError) - let select_result = conn.prep_exec( - q, params!{ - "start" => start, - "end" => end, - "channel" => channel_id + if start >= end { + Ok(Response::RestrictedInput("Invalid start/end parameters".into())) + } + else { + let conn = p.get_conn().await?; + let q = "SELECT id, time, content, author_id FROM messages WHERE channel_id = :channel AND time >= :start AND time < :end"; + + let select_result = conn.prep_exec( + q, params!{ + "start" => start, + "end" => end, + "channel" => channel_id + }).await?; + + let(_conn, messages) = select_result.map_and_drop(|row| { + type Tuple = (UBigInt, BigInt, String, UBigInt); + let (id, time, content, author_id): Tuple = mysql_async::from_row(row); + Self { + id, + time, + content, + author_id, + channel_id + } }).await?; - let(_conn, messages) = select_result.map_and_drop(|row| { - type Tuple = (UBigInt, BigInt, String, UBigInt); - let (id, time, content, author_id): Tuple = mysql_async::from_row(row); - Self { - id, - time, - content, - author_id, - channel_id - } - }).await?; - - Ok(Response::Set(messages)) + Ok(Response::Set(messages)) + } } } diff --git a/server-api/src/messages.rs b/server-api/src/messages.rs index f838272..c2d4008 100644 --- a/server-api/src/messages.rs +++ b/server-api/src/messages.rs @@ -34,19 +34,20 @@ pub async fn get_by_time(pool: &Pool, response: &mut Response, params: Val match (channel, start_time, end_time) { (Some(channel), Some(start), Some(end)) => { match Message::get_time_range(pool, channel, start, end).await { - Ok(data) => { - response.headers_mut().insert( - "Content-Type", - HeaderValue::from_static("application/json")); - - let msg_vec = match data { - db::Response::Set(data) => data, - _ => Vec::new() + Ok(db_response) => { + match db_response { + db::Response::Set(messages) => { + response.headers_mut().insert( + "Content-Type", + HeaderValue::from_static("application/json")); + let payload = json!({"messages": messages}); + *response.body_mut() = Body::from(payload.to_string()); + }, + db::Response::RestrictedInput(_/*error message to log*/) => *response.status_mut() = StatusCode::BAD_REQUEST, + _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR }; // this absolute lack of data streaming is prolly gonna suck like // a whoe in hell week for performance but lets pretend servers don't get massive - let payload = json!({"messages": msg_vec}); - *response.body_mut() = Body::from(payload.to_string()); }, Err(e) => { eprintln!("{}", e);