fix issue with sql statements, ? should not be in '?'

main
Brett 2023-08-18 17:59:19 -04:00
parent ef671700e1
commit 0b9997cae8
9 changed files with 45 additions and 18 deletions

Binary file not shown.

View File

@ -1,2 +1 @@
wDTvp2olKnTzXs0q 1692378069 l5yQfzNDLXuq6Ic1 1692481044
vUJR5OaiqtXupR8v 1692378591

View File

@ -0,0 +1 @@
{"clientID":"50a21c33-66c4-5a0f-902f-9434632025e6","clientToken":"qJNyHpcA1b1EY6/so2rH3FhBilMKDDnCJSliaeytHMh4V0kj2yy4Mb1UEO7dW/uYdgfNWn73dwCrioovCe1NHg=="}

View File

@ -1 +0,0 @@
{"clientID":"50a21c33-66c4-5a0f-902f-9434632025e6","clientToken":"yfuMydsUxrYprB6ykuXBcJe3SDuu17W7OrZns1nweWBUnSUUdsHszJN/YAKTVYsPjsEVd8rGCpUly5VsYfx6FA=="}

View File

@ -1 +0,0 @@
{"clientID":"50a21c33-66c4-5a0f-902f-9434632025e6","clientToken":"6Ft+YVGtURGwMwi9yTemzakVoVpwkE3iRzshpUn/u58X6BWECdBZvE6nDCg4v628MLqHLwui59GIVyxc9HN0ww=="}

View File

@ -61,7 +61,7 @@ namespace cs::sql
statement* set(const T& t, int column) statement* set(const T& t, int column)
{ {
// make api consistent // make api consistent
column = column - 1; column = column + 1;
if constexpr (std::is_floating_point_v<T>) if constexpr (std::is_floating_point_v<T>)
{ {
err = sqlite3_bind_double(stmt, column, t); err = sqlite3_bind_double(stmt, column, t);

View File

@ -98,7 +98,7 @@ namespace cs::jellyfin
return auth_response::ERROR; return auth_response::ERROR;
} }
const client_data& jellyfin::getUserData(const std::string& username) const client_data& getUserData(const std::string& username)
{ {
return GLOBALS.user_ids[username]; return GLOBALS.user_ids[username];
} }

View File

@ -86,13 +86,16 @@ namespace cs
bool storeUserData(const std::string& username, const std::string& useragent, const cookie_data& tokens) bool storeUserData(const std::string& username, const std::string& useragent, const cookie_data& tokens)
{ {
sql::statement insertStmt{ sql::statement insertStmt {
user_database, user_database,
"INSERT OR REPLACE INTO user_sessions (clientID, username, useragent, token) VALUES (?, ?, ?, ?);" "INSERT OR REPLACE INTO user_sessions (clientID, username, useragent, token) VALUES (?, ?, ?, ?);"
}; };
if (insertStmt.fail()) if (insertStmt.fail())
{
BLT_WARN("Failed to create insert user data %d : %s", insertStmt.error(), sqlite3_errstr(insertStmt.error()));
return false; return false;
}
insertStmt.set(tokens.clientID, 0); insertStmt.set(tokens.clientID, 0);
insertStmt.set(username, 1); insertStmt.set(username, 1);
@ -100,19 +103,43 @@ namespace cs
insertStmt.set(tokens.clientToken, 3); insertStmt.set(tokens.clientToken, 3);
if (!insertStmt.execute()) if (!insertStmt.execute())
{
BLT_WARN("Failed to insert user data %d : %s", insertStmt.error(), sqlite3_errstr(insertStmt.error()));
return false; return false;
}
sql::statement hasUser {
user_database,
"SELECT permission FROM user_permissions WHERE username=?;"
};
hasUser.set(username, 0);
if (!hasUser.fail() && hasUser.execute()) {
if (!hasUser.hasRow()){
sql::statement insertAuth { sql::statement insertAuth {
user_database, user_database,
"INSERT OR REPLACE INTO user_permissions (username, permission) VALUES (?, ?);" "INSERT INTO user_permissions (username, permission) VALUES (?, ?);"
}; };
if (insertAuth.fail()) if (insertAuth.fail())
{
BLT_WARN("Failed to create insert user perms %d : %s", insertAuth.error(), sqlite3_errstr(insertAuth.error()));
return false; return false;
insertStmt.set(username, 0); }
insertStmt.set(PERM_DEFAULT | (jellyfin::getUserData(username).isAdmin ? PERM_ADMIN : 0), 1); insertAuth.set(username, 0);
insertAuth.set(PERM_DEFAULT | (jellyfin::getUserData(username).isAdmin ? PERM_ADMIN : 0), 1);
if (!insertAuth.execute()) if (!insertAuth.execute())
{
BLT_WARN("Failed to insert user perms %d : %s", insertAuth.error(), sqlite3_errstr(insertAuth.error()));
return false; return false;
}
}
} else
{
BLT_WARN("Failed to insert has user %d : %s", hasUser.error(), sqlite3_errstr(hasUser.error()));
return false;
}
return true; return true;
} }
@ -121,7 +148,7 @@ namespace cs
{ {
sql::statement stmt { sql::statement stmt {
user_database, user_database,
"SELECT username FROM user_sessions WHERE clientID='?' AND token='?';" "SELECT username FROM user_sessions WHERE clientID=? AND token=?;"
}; };
if (stmt.fail()) if (stmt.fail())
return false; return false;
@ -140,7 +167,7 @@ namespace cs
{ {
sql::statement stmt { sql::statement stmt {
user_database, user_database,
"SELECT username FROM user_sessions WHERE clientID='?';" "SELECT username FROM user_sessions WHERE clientID=?;"
}; };
if (stmt.fail()) if (stmt.fail())
return ""; return "";
@ -152,7 +179,7 @@ namespace cs
{ {
sql::statement stmt { sql::statement stmt {
user_database, user_database,
"SELECT permission FROM user_permissions WHERE username='?';" "SELECT permission FROM user_permissions WHERE username=?;"
}; };
if (stmt.fail()) if (stmt.fail())
return 0; return 0;

View File

@ -161,7 +161,9 @@ int main(int argc, const char** argv)
if (cs::checkUserAuthorization(pp)) if (cs::checkUserAuthorization(pp))
{ {
cs::cookie_data data = cs::createUserAuthTokens(pp, user_agent); cs::cookie_data data = cs::createUserAuthTokens(pp, user_agent);
cs::storeUserData(pp["username"], user_agent, data); if (!cs::storeUserData(pp["username"], user_agent, data)){
BLT_ERROR("Failed to update user data");
}
session.set("clientID", data.clientID); session.set("clientID", data.clientID);
session.set("clientToken", data.clientToken); session.set("clientToken", data.clientToken);