TheCloud/PronounsPage
1
0
Fork 0
mirror of https://gitlab.com/PronounsPage/PronounsPage.git synced 2025-09-27 06:52:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: Insure against undefined opts parameter in fetchProfiles

Browse Source
This commit is contained in:
tecc 2023-06-02 16:11:18 +02:00
parent 5c68d11b80
commit 18a6f27414
No known key found for this signature in database
GPG Key ID: 400AAD881FCC028B
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
server/routes/profile.js
View File

@ -67,7 +67,7 @@ const verifyLinks = (links, authenticators, username, linksMetadata) => {
return verifiedLinks; return verifiedLinks;
} }
class ProfileOptions { export class ProfileOptions {
default_props = { default_props = {
enabled: true, enabled: true,
default_value: true default_value: true
@ -202,10 +202,11 @@ class ProfileOptions {
* @param db * @param db
* @param {string} username * @param {string} username
* @param {boolean} self * @param {boolean} self
* @param {ProfileOptions} opts * @param {ProfileOptions | null} opts
* @return {Promise<{}>} * @return {Promise<{}>}
*/ */
const fetchProfiles = async (db, username, self, opts) => { const fetchProfiles = async (db, username, self, opts = undefined) => {
opts = opts ?? new ProfileOptions({}); // This is a backup in-case it isn't specified (even though it should be)
const user = await db.get(SQL`SELECT id FROM users WHERE usernameNorm = ${normalise(username)}`); const user = await db.get(SQL`SELECT id FROM users WHERE usernameNorm = ${normalise(username)}`);
if (!user) { if (!user) {
return {}; return {};
@ -271,7 +272,7 @@ const fetchProfiles = async (db, username, self, opts) => {
return p; return p;
}; };
export const profilesSnapshot = async (db, username, opts) => { export const profilesSnapshot = async (db, username, opts = undefined) => {
return JSON.stringify(await fetchProfiles(db, username, true, opts), null, 4); return JSON.stringify(await fetchProfiles(db, username, true, opts), null, 4);
} }
@ -695,7 +696,7 @@ router.post('/profile/save', handleErrorAsync(async (req, res) => {
if (sus.length && !await hasAutomatedReports(req.db, req.user.id)) { if (sus.length && !await hasAutomatedReports(req.db, req.user.id)) {
await req.db.get(SQL` await req.db.get(SQL`
INSERT INTO reports (id, userId, reporterId, isAutomatic, comment, isHandled, snapshot) INSERT INTO reports (id, userId, reporterId, isAutomatic, comment, isHandled, snapshot)
VALUES (${ulid()}, ${req.user.id}, null, 1, ${sus.join(', ')}, 0, ${await profilesSnapshot(req.db, normalise(req.user.username))}); VALUES (${ulid()}, ${req.user.id}, null, 1, ${sus.join(', ')}, 0, ${await profilesSnapshot(req.db, normalise(req.user.username), new ProfileOptions({}))});
`); `);
} }
@ -706,7 +707,7 @@ router.post('/profile/save', handleErrorAsync(async (req, res) => {
await req.db.get(SQL`UPDATE users SET inactiveWarning = null WHERE id = ${req.user.id}`); await req.db.get(SQL`UPDATE users SET inactiveWarning = null WHERE id = ${req.user.id}`);
return res.json(await fetchProfiles(req.db, req.user.username, true, new ProfileOptions({}))); return res.json(await fetchProfiles(req.db, req.user.username, true));
})); }));
router.post('/profile/delete/:locale', handleErrorAsync(async (req, res) => { router.post('/profile/delete/:locale', handleErrorAsync(async (req, res) => {
@ -716,7 +717,7 @@ router.post('/profile/delete/:locale', handleErrorAsync(async (req, res) => {
await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${req.user.id} AND locale = ${req.params.locale}`); await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${req.user.id} AND locale = ${req.params.locale}`);
return res.json(await fetchProfiles(req.db, req.user.username, true, new ProfileOptions({}))); return res.json(await fetchProfiles(req.db, req.user.username, true));
})); }));
router.post('/profile/report/:username', handleErrorAsync(async (req, res) => { router.post('/profile/report/:username', handleErrorAsync(async (req, res) => {