blah/blahrs
1
0
Fork 0
mirror of https://github.com/Blah-IM/blahrs.git synced 2025-05-01 00:31:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(webapi): reject mark-seen for future msgs

Browse source
This commit is contained in:
oxalica 2024-09-21 14:58:51 -04:00
parent bc856f6c62
commit ad3e422902
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
blahd/src/database.rs
View file

@ -581,7 +581,26 @@ pub trait TransactionOps {
} }
fn mark_room_msg_seen(&self, rid: Id, uid: i64, cid: Id) -> Result<()> { fn mark_room_msg_seen(&self, rid: Id, uid: i64, cid: Id) -> Result<()> {
// TODO: Validate `cid`? let max_cid_in_room = prepare_cached_and_bind!(
self.conn(),
r"
SELECT MAX(`cid`)
FROM `msg` INDEXED BY `room_latest_msg`
WHERE `rid` = :rid
"
)
.raw_query()
.next()?
.map(|row| row.get(0))
.transpose()?
.unwrap_or(Id(0));
if max_cid_in_room < cid {
return Err(error_response!(
StatusCode::BAD_REQUEST,
"invalid_request",
"invalid cid",
));
}
let updated = prepare_cached_and_bind!( let updated = prepare_cached_and_bind!(
self.conn(), self.conn(),
r" r"

5
blahd/tests/webapi.rs
View file

@ -738,6 +738,11 @@ async fn last_seen(server: Server) {
.await .await
.unwrap(); .unwrap();
assert_eq!(rooms, RoomList::default()); assert_eq!(rooms, RoomList::default());
// Cannot see a future msg.
seen(&ALICE, Id::MAX)
.await
.expect_api_err(StatusCode::BAD_REQUEST, "invalid_request");
} }
#[rstest] #[rstest]