better sanitize DB regex
parent
47d8f83a51
commit
346ffac255
|
@ -63,13 +63,13 @@ final class Storm(env: Env)(implicit mat: akka.stream.Materializer) extends Lila
|
|||
|
||||
def apiDashboardOf(username: String, days: Int) =
|
||||
Open { implicit ctx =>
|
||||
val userId = lila.user.User normalize username
|
||||
if (days < 0 || days > 365) notFoundJson("Invalid days parameter")
|
||||
else
|
||||
((days > 0) ?? env.storm.dayApi.apiHistory(userId, days)) zip env.storm.highApi.get(userId) map {
|
||||
case (history, high) =>
|
||||
Ok(env.storm.json.apiDashboard(high, history))
|
||||
}
|
||||
|
||||
lila.user.User.validateId(username) ?? { userId =>
|
||||
if (days < 0 || days > 365) notFoundJson("Invalid days parameter")
|
||||
else
|
||||
((days > 0) ?? env.storm.dayApi.apiHistory(userId, days)) zip env.storm.highApi.get(userId) map {
|
||||
case (history, high) =>
|
||||
Ok(env.storm.json.apiDashboard(high, history))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -54,12 +54,12 @@ final private class RelationRepo(coll: Coll, userRepo: lila.user.UserRepo)(impli
|
|||
.map(~_.flatMap(_.getAsOpt[List[User.ID]]("ids")))
|
||||
|
||||
def followingLike(userId: ID, term: String): Fu[List[ID]] =
|
||||
User.couldBeUsername(term) ?? {
|
||||
User.validateId(term) ?? { valid =>
|
||||
coll.secondaryPreferred.distinctEasy[ID, List](
|
||||
"u2",
|
||||
$doc(
|
||||
"u1" -> userId,
|
||||
"u2" $startsWith term.toLowerCase,
|
||||
"u2" $startsWith valid,
|
||||
"r" -> Follow
|
||||
)
|
||||
)
|
||||
|
|
|
@ -78,7 +78,7 @@ final class StudyTopicApi(topicRepo: StudyTopicRepo, userTopicRepo: StudyUserTop
|
|||
favsFu flatMap { favs =>
|
||||
topicRepo
|
||||
.coll {
|
||||
_.find($doc("_id".$startsWith(str, "i")))
|
||||
_.find($doc("_id".$startsWith(java.util.regex.Pattern.quote(str), "i")))
|
||||
.sort($sort.naturalAsc)
|
||||
.cursor[Bdoc](readPref)
|
||||
.list(nb - favs.size)
|
||||
|
|
|
@ -259,16 +259,18 @@ final class SwissApi(
|
|||
}
|
||||
|
||||
def searchPlayers(id: Swiss.Id, term: String, nb: Int): Fu[List[User.ID]] =
|
||||
User.couldBeUsername(term) ?? SwissPlayer.fields { f =>
|
||||
colls.player.primitive[User.ID](
|
||||
selector = $doc(
|
||||
f.swissId -> id,
|
||||
f.userId $startsWith term.toLowerCase
|
||||
),
|
||||
sort = $sort desc f.score,
|
||||
nb = nb,
|
||||
field = f.userId
|
||||
)
|
||||
User.validateId(term) ?? { valid =>
|
||||
SwissPlayer.fields { f =>
|
||||
colls.player.primitive[User.ID](
|
||||
selector = $doc(
|
||||
f.swissId -> id,
|
||||
f.userId $startsWith valid
|
||||
),
|
||||
sort = $sort desc f.score,
|
||||
nb = nb,
|
||||
field = f.userId
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
def pageOf(swiss: Swiss, userId: User.ID): Fu[Option[Int]] =
|
||||
|
|
|
@ -307,11 +307,11 @@ final class PlayerRepo(coll: Coll)(implicit ec: scala.concurrent.ExecutionContex
|
|||
.result
|
||||
|
||||
def searchPlayers(tourId: Tournament.ID, term: String, nb: Int): Fu[List[User.ID]] =
|
||||
User.couldBeUsername(term) ?? {
|
||||
User.validateId(term) ?? { valid =>
|
||||
coll.primitive[User.ID](
|
||||
selector = $doc(
|
||||
"tid" -> tourId,
|
||||
"uid" $startsWith term.toLowerCase
|
||||
"uid" $startsWith valid
|
||||
),
|
||||
sort = $sort desc "m",
|
||||
nb = nb,
|
||||
|
|
|
@ -225,6 +225,8 @@ object User {
|
|||
|
||||
def normalize(username: String) = username.toLowerCase
|
||||
|
||||
def validateId(name: String): Option[User.ID] = couldBeUsername(name) option normalize(name)
|
||||
|
||||
object BSONFields {
|
||||
val id = "_id"
|
||||
val username = "username"
|
||||
|
|
Loading…
Reference in New Issue