From 0b9997cae82182b9433dc62e7f3d5895a5f09093 Mon Sep 17 00:00:00 2001 From: Brett Laptop Date: Fri, 18 Aug 2023 17:59:19 -0400 Subject: [PATCH] fix issue with sql statements, ? should not be in '?' --- crow_test/data/db/users.sqlite | Bin 20480 -> 20480 bytes crow_test/data/session/.expirations | 3 +- crow_test/data/session/l5yQfzNDLXuq6Ic1.json | 1 + crow_test/data/session/vUJR5OaiqtXupR8v.json | 1 - crow_test/data/session/wDTvp2olKnTzXs0q.json | 1 - include/crowsite/sql_helper.h | 2 +- src/crowsite/requests/jellyfin.cpp | 2 +- src/crowsite/site/auth.cpp | 49 ++++++++++++++----- src/main.cpp | 4 +- 9 files changed, 45 insertions(+), 18 deletions(-) create mode 100644 crow_test/data/session/l5yQfzNDLXuq6Ic1.json delete mode 100644 crow_test/data/session/vUJR5OaiqtXupR8v.json delete mode 100644 crow_test/data/session/wDTvp2olKnTzXs0q.json diff --git a/crow_test/data/db/users.sqlite b/crow_test/data/db/users.sqlite index 4656b89d07cdc4d295d45fa06ec53c71b3cff7b5..3b5d3a3aef77f8ab413853c0b43dccc507576654 100644 GIT binary patch delta 719 zcmbV~$!^*}7{|wf6o`t4C~B%IJ@|qIYQP@b7}^L`l+9twf}F(UU>Re;1Z?oak_+Jt zTJZvThu$jnnpfztm#Do(IrdlwsZx|fRdw{uNZ+FWe}0;|y2h@qv5z~O+W>%dcmG)% zpLUrS+aRuBLHG-J@pAwP_!U3Lzkl8g{S0~+n8&x2aAElzZi&0Z;qiVob1V|&yclsT z)zsyI8jZg9K6_b@VL;Pc>eL$bHCvTr$2L~E^e`t4Rdb+OmS*Udgq~K`mjt}^ui-Yp zZ5VNlyZC&8{J!ww)gldSQ$uJdn{vm{tH!0)@5^K&P7#qag!YJvraMz&n&Kpm-6PEL zJ4DfODoPYp<-#Co3Q=w#qM(^-+nAE8?pQe(6>H|D<8YP343pF*g&~jj=@eV$8mgdY zh0(krD<$3@HqUx(tCE_TMq`@n9d+JhCMGw?=LX|Kv5v$OG2h)Mg-mi>u#eK|g%I!w zt6L{1nMMl3#5hi2V+omR$KF!3d$0`4F*HRdRPJwJ^Zz3om1;A7sANzRWae}lUD+2=q3^Re)6LpM5SsC<_8F~4CFfj2eFz_qz@8#RVcYm{>z;j*} zpkT}7c)n0hAR|Xtm$8w3aw=aEqvm7<{wGWf0-FUL?() { err = sqlite3_bind_double(stmt, column, t); diff --git a/src/crowsite/requests/jellyfin.cpp b/src/crowsite/requests/jellyfin.cpp index 14f125f..32bf465 100644 --- a/src/crowsite/requests/jellyfin.cpp +++ b/src/crowsite/requests/jellyfin.cpp @@ -98,7 +98,7 @@ namespace cs::jellyfin return auth_response::ERROR; } - const client_data& jellyfin::getUserData(const std::string& username) + const client_data& getUserData(const std::string& username) { return GLOBALS.user_ids[username]; } diff --git a/src/crowsite/site/auth.cpp b/src/crowsite/site/auth.cpp index a40783d..29535b0 100644 --- a/src/crowsite/site/auth.cpp +++ b/src/crowsite/site/auth.cpp @@ -86,13 +86,16 @@ namespace cs bool storeUserData(const std::string& username, const std::string& useragent, const cookie_data& tokens) { - sql::statement insertStmt{ + sql::statement insertStmt { user_database, "INSERT OR REPLACE INTO user_sessions (clientID, username, useragent, token) VALUES (?, ?, ?, ?);" }; if (insertStmt.fail()) + { + BLT_WARN("Failed to create insert user data %d : %s", insertStmt.error(), sqlite3_errstr(insertStmt.error())); return false; + } insertStmt.set(tokens.clientID, 0); insertStmt.set(username, 1); @@ -100,19 +103,43 @@ namespace cs insertStmt.set(tokens.clientToken, 3); if (!insertStmt.execute()) + { + BLT_WARN("Failed to insert user data %d : %s", insertStmt.error(), sqlite3_errstr(insertStmt.error())); return false; + } - sql::statement insertAuth { + sql::statement hasUser { user_database, - "INSERT OR REPLACE INTO user_permissions (username, permission) VALUES (?, ?);" + "SELECT permission FROM user_permissions WHERE username=?;" }; - if (insertAuth.fail()) - return false; - insertStmt.set(username, 0); - insertStmt.set(PERM_DEFAULT | (jellyfin::getUserData(username).isAdmin ? PERM_ADMIN : 0), 1); - if (!insertAuth.execute()) + hasUser.set(username, 0); + + if (!hasUser.fail() && hasUser.execute()) { + if (!hasUser.hasRow()){ + sql::statement insertAuth { + user_database, + "INSERT INTO user_permissions (username, permission) VALUES (?, ?);" + }; + if (insertAuth.fail()) + { + BLT_WARN("Failed to create insert user perms %d : %s", insertAuth.error(), sqlite3_errstr(insertAuth.error())); + return false; + } + insertAuth.set(username, 0); + insertAuth.set(PERM_DEFAULT | (jellyfin::getUserData(username).isAdmin ? PERM_ADMIN : 0), 1); + + if (!insertAuth.execute()) + { + BLT_WARN("Failed to insert user perms %d : %s", insertAuth.error(), sqlite3_errstr(insertAuth.error())); + return false; + } + } + } else + { + BLT_WARN("Failed to insert has user %d : %s", hasUser.error(), sqlite3_errstr(hasUser.error())); return false; + } return true; } @@ -121,7 +148,7 @@ namespace cs { sql::statement stmt { user_database, - "SELECT username FROM user_sessions WHERE clientID='?' AND token='?';" + "SELECT username FROM user_sessions WHERE clientID=? AND token=?;" }; if (stmt.fail()) return false; @@ -140,7 +167,7 @@ namespace cs { sql::statement stmt { user_database, - "SELECT username FROM user_sessions WHERE clientID='?';" + "SELECT username FROM user_sessions WHERE clientID=?;" }; if (stmt.fail()) return ""; @@ -152,7 +179,7 @@ namespace cs { sql::statement stmt { user_database, - "SELECT permission FROM user_permissions WHERE username='?';" + "SELECT permission FROM user_permissions WHERE username=?;" }; if (stmt.fail()) return 0; diff --git a/src/main.cpp b/src/main.cpp index 43717cd..17fb101 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -161,7 +161,9 @@ int main(int argc, const char** argv) if (cs::checkUserAuthorization(pp)) { cs::cookie_data data = cs::createUserAuthTokens(pp, user_agent); - cs::storeUserData(pp["username"], user_agent, data); + if (!cs::storeUserData(pp["username"], user_agent, data)){ + BLT_ERROR("Failed to update user data"); + } session.set("clientID", data.clientID); session.set("clientToken", data.clientToken);