From 43c6287445346f7fd3155c84d00fd4d598392fbe Mon Sep 17 00:00:00 2001 From: Oleg Silkin Date: Tue, 16 Jul 2019 20:20:33 -0400 Subject: [PATCH] Switches `LIKE` with `=` and cleans params before processing --- src/database.py | 16 ++++++++-------- src/handles.py | 33 ++++++++++++++++++++++----------- 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/src/database.py b/src/database.py index c71bdff..0f3e08c 100644 --- a/src/database.py +++ b/src/database.py @@ -29,7 +29,7 @@ def get_claim_comments(conn: sqlite3.Connection, claim_id: str, parent_id: str = """ SELECT comment, comment_id, channel_name, channel_id, channel_url, timestamp, signature, signing_ts, parent_id FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? AND parent_id IS NULL + WHERE claim_id = ? AND parent_id IS NULL LIMIT ? OFFSET ? """, (claim_id, page_size, page_size*(page - 1)) )] @@ -37,7 +37,7 @@ def get_claim_comments(conn: sqlite3.Connection, claim_id: str, parent_id: str = """ SELECT COUNT(*) FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? AND parent_id IS NULL + WHERE claim_id = ? AND parent_id IS NULL """, (claim_id, ) ) elif parent_id is None: @@ -45,7 +45,7 @@ def get_claim_comments(conn: sqlite3.Connection, claim_id: str, parent_id: str = """ SELECT comment, comment_id, channel_name, channel_id, channel_url, timestamp, signature, signing_ts, parent_id FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? + WHERE claim_id = ? LIMIT ? OFFSET ? """, (claim_id, page_size, page_size*(page - 1)) )] @@ -53,7 +53,7 @@ def get_claim_comments(conn: sqlite3.Connection, claim_id: str, parent_id: str = """ SELECT COUNT(*) FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? + WHERE claim_id = ? """, (claim_id,) ) else: @@ -61,7 +61,7 @@ def get_claim_comments(conn: sqlite3.Connection, claim_id: str, parent_id: str = """ SELECT comment, comment_id, channel_name, channel_id, channel_url, timestamp, signature, signing_ts, parent_id FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? AND parent_id = ? + WHERE claim_id = ? AND parent_id = ? LIMIT ? OFFSET ? """, (claim_id, parent_id, page_size, page_size*(page - 1)) )] @@ -69,7 +69,7 @@ def get_claim_comments(conn: sqlite3.Connection, claim_id: str, parent_id: str = """ SELECT COUNT(*) FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? AND parent_id = ? + WHERE claim_id = ? AND parent_id = ? """, (claim_id, parent_id) ) count = tuple(count.fetchone())[0] @@ -133,13 +133,13 @@ def get_comment_ids(conn: sqlite3.Connection, claim_id: str, parent_id: str = No if parent_id is None: curs = conn.execute(""" SELECT comment_id FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? AND parent_id IS NULL LIMIT ? OFFSET ? + WHERE claim_id = ? AND parent_id IS NULL LIMIT ? OFFSET ? """, (claim_id, page_size, page_size*abs(page - 1),) ) else: curs = conn.execute(""" SELECT comment_id FROM COMMENTS_ON_CLAIMS - WHERE claim_id LIKE ? AND parent_id LIKE ? LIMIT ? OFFSET ? + WHERE claim_id = ? AND parent_id = ? LIMIT ? OFFSET ? """, (claim_id, parent_id, page_size, page_size * abs(page - 1),) ) return [tuple(row)[0] for row in curs.fetchall()] diff --git a/src/handles.py b/src/handles.py index 94fa446..71f2e53 100644 --- a/src/handles.py +++ b/src/handles.py @@ -12,7 +12,7 @@ from src.database import DatabaseWriter from src.database import get_claim_comments from src.database import get_comments_by_id, get_comment_ids from src.database import obtain_connection -from src.writes import create_comment +from src.writes import create_comment_or_error logger = logging.getLogger(__name__) @@ -22,22 +22,24 @@ ERRORS = { 'UNKNOWN': {'code': -1, 'message': 'An unknown or very miscellaneous error'}, } +ID_LIST = {'claim_id', 'parent_id', 'comment_id', 'channel_id'} -def ping(*args): + +def ping(*args, **kwargs): return 'pong' -def handle_get_comment_ids(app, **kwargs): +def handle_get_comment_ids(app, kwargs): with obtain_connection(app['db_path']) as conn: return get_comment_ids(conn, **kwargs) -def handle_get_claim_comments(app, **kwargs): +def handle_get_claim_comments(app, kwargs): with obtain_connection(app['db_path']) as conn: return get_claim_comments(conn, **kwargs) -def handle_get_comments_by_id(app, **kwargs): +def handle_get_comments_by_id(app, kwargs): with obtain_connection(app['db_path']) as conn: return get_comments_by_id(conn, **kwargs) @@ -46,13 +48,13 @@ async def create_comment_scheduler(): return await aiojobs.create_scheduler(limit=1, pending_limit=0) -async def write_comment(**comment): +async def write_comment(comment): with DatabaseWriter._writer.connection as conn: - return await coroutine(create_comment)(conn, **comment) + return await coroutine(create_comment_or_error)(conn, **comment) -async def handle_create_comment(scheduler, **kwargs): - job = await scheduler.spawn(write_comment(**kwargs)) +async def handle_create_comment(scheduler, comment): + job = await scheduler.spawn(write_comment(comment)) return await job.wait() @@ -65,16 +67,25 @@ METHODS = { } +def clean_input_params(kwargs: dict): + for k, v in kwargs.items(): + if type(v) is str: + kwargs[k] = v.strip() + if k in ID_LIST: + kwargs[k] = v.lower() + + async def process_json(app, body: dict) -> dict: response = {'jsonrpc': '2.0', 'id': body['id']} if body['method'] in METHODS: method = body['method'] params = body.get('params', {}) + clean_input_params(params) try: if asyncio.iscoroutinefunction(METHODS[method]): - result = await METHODS[method](app['comment_scheduler'], **params) + result = await METHODS[method](app['comment_scheduler'], params) else: - result = METHODS[method](app, **params) + result = METHODS[method](app, params) response['result'] = result except TypeError as te: logger.exception('Got TypeError: %s', te)