From 18a6f274141f41f071cb66aff2240483e76aa065 Mon Sep 17 00:00:00 2001 From: tecc Date: Fri, 2 Jun 2023 16:11:18 +0200 Subject: [PATCH] fix: Insure against undefined `opts` parameter in fetchProfiles --- server/routes/profile.js | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/server/routes/profile.js b/server/routes/profile.js index b3afb0d39..8c1bdbd96 100644 --- a/server/routes/profile.js +++ b/server/routes/profile.js @@ -67,7 +67,7 @@ const verifyLinks = (links, authenticators, username, linksMetadata) => { return verifiedLinks; } -class ProfileOptions { +export class ProfileOptions { default_props = { enabled: true, default_value: true @@ -202,10 +202,11 @@ class ProfileOptions { * @param db * @param {string} username * @param {boolean} self - * @param {ProfileOptions} opts + * @param {ProfileOptions | null} opts * @return {Promise<{}>} */ -const fetchProfiles = async (db, username, self, opts) => { +const fetchProfiles = async (db, username, self, opts = undefined) => { + opts = opts ?? new ProfileOptions({}); // This is a backup in-case it isn't specified (even though it should be) const user = await db.get(SQL`SELECT id FROM users WHERE usernameNorm = ${normalise(username)}`); if (!user) { return {}; @@ -271,7 +272,7 @@ const fetchProfiles = async (db, username, self, opts) => { return p; }; -export const profilesSnapshot = async (db, username, opts) => { +export const profilesSnapshot = async (db, username, opts = undefined) => { return JSON.stringify(await fetchProfiles(db, username, true, opts), null, 4); } @@ -695,7 +696,7 @@ router.post('/profile/save', handleErrorAsync(async (req, res) => { if (sus.length && !await hasAutomatedReports(req.db, req.user.id)) { await req.db.get(SQL` INSERT INTO reports (id, userId, reporterId, isAutomatic, comment, isHandled, snapshot) - VALUES (${ulid()}, ${req.user.id}, null, 1, ${sus.join(', ')}, 0, ${await profilesSnapshot(req.db, normalise(req.user.username))}); + VALUES (${ulid()}, ${req.user.id}, null, 1, ${sus.join(', ')}, 0, ${await profilesSnapshot(req.db, normalise(req.user.username), new ProfileOptions({}))}); `); } @@ -706,7 +707,7 @@ router.post('/profile/save', handleErrorAsync(async (req, res) => { await req.db.get(SQL`UPDATE users SET inactiveWarning = null WHERE id = ${req.user.id}`); - return res.json(await fetchProfiles(req.db, req.user.username, true, new ProfileOptions({}))); + return res.json(await fetchProfiles(req.db, req.user.username, true)); })); router.post('/profile/delete/:locale', handleErrorAsync(async (req, res) => { @@ -716,7 +717,7 @@ router.post('/profile/delete/:locale', handleErrorAsync(async (req, res) => { await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${req.user.id} AND locale = ${req.params.locale}`); - return res.json(await fetchProfiles(req.db, req.user.username, true, new ProfileOptions({}))); + return res.json(await fetchProfiles(req.db, req.user.username, true)); })); router.post('/profile/report/:username', handleErrorAsync(async (req, res) => {