* Db::Messages::get_time_range now handles case where

start_time >= end_time Which means we won't get weird requests from clients anymore(hopefully) * Route handler for /message/time_range now handles db::Response::RestrictedInput Responds with a simple 400 and nothing else
2021-01-19 19:43:21 -08:00
parent 5c4bc6f96f
commit 3b3fa14496
2 changed files with 40 additions and 30 deletions
--- a/server-api/db/src/messages.rs
+++ b/server-api/db/src/messages.rs
@@ -156,29 +156,38 @@ impl Message {
    }
    
    pub async fn get_time_range(p: &Pool, channel_id: UBigInt, start: BigInt, end: BigInt) -> Result<Response<Self>, SqlError> {
-        let conn = p.get_conn().await?;
-        let q = "SELECT id, time, content, author_id FROM messages WHERE channel_id = :channel AND time >= :start AND time < :end";
+        //! @returns on success : Set(Vec<Messages>)
+        //! @returns on userfail: RestrictedInput(message)
+        //! @returns on error   : Err(SqlError)

-        let select_result = conn.prep_exec(
-            q, params!{
-                "start" => start,
-                "end" => end,
-                "channel" => channel_id
+        if start >= end { 
+            Ok(Response::RestrictedInput("Invalid start/end parameters".into()))
+        }
+        else {
+            let conn = p.get_conn().await?;
+            let q = "SELECT id, time, content, author_id FROM messages WHERE channel_id = :channel AND time >= :start AND time < :end";
+
+            let select_result = conn.prep_exec(
+                q, params!{
+                    "start" => start,
+                    "end" => end,
+                    "channel" => channel_id
+                }).await?;
+
+            let(_conn, messages) = select_result.map_and_drop(|row| {
+                type Tuple = (UBigInt, BigInt, String, UBigInt);
+                let (id, time, content, author_id): Tuple = mysql_async::from_row(row);
+                Self {
+                    id,
+                    time,
+                    content,
+                    author_id,
+                    channel_id
+                }
            }).await?;

-        let(_conn, messages) = select_result.map_and_drop(|row| {
-            type Tuple = (UBigInt, BigInt, String, UBigInt);
-            let (id, time, content, author_id): Tuple = mysql_async::from_row(row);
-            Self {
-                id,
-                time,
-                content,
-                author_id,
-                channel_id
-            }
-        }).await?;
-
-        Ok(Response::Set(messages))
+            Ok(Response::Set(messages))
+        }
    }

 }