blah/blahrs
1
0
Fork 0
mirror of https://github.com/Blah-IM/blahrs.git synced 2025-06-30 19:45:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(webapi): reject mark-seen for future msgs

Browse source
This commit is contained in:
oxalica 2024-09-21 14:58:51 -04:00
parent bc856f6c62
commit ad3e422902
2 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

21
blahd/src/database.rs
View file

@ -581,7 +581,26 @@ pub trait TransactionOps {
}
fn mark_room_msg_seen(&self, rid: Id, uid: i64, cid: Id) -> Result<()> {
// TODO: Validate `cid`?
let max_cid_in_room = prepare_cached_and_bind!(
self.conn(),
r"
SELECT MAX(`cid`)
FROM `msg` INDEXED BY `room_latest_msg`
WHERE `rid` = :rid
"
)
.raw_query()
.next()?
.map(|row| row.get(0))
.transpose()?
.unwrap_or(Id(0));
if max_cid_in_room < cid {
return Err(error_response!(
StatusCode::BAD_REQUEST,
"invalid_request",
"invalid cid",
));
}
let updated = prepare_cached_and_bind!(
self.conn(),
r"