ulith/pronounss
1
0
Fork 0
forked from mirrors/pronouns.cc
Code Pull requests Activity

fix(backend): don't count deleted users + unlisted members in meta endpoint

Browse source 
This technically leaked the *existence* of these users and members,
but there's never been any way to enumerate users or unlisted members,
so this is unlikely to have *actually* leaked any information. Still,
for consistency's sake, this commit hides them from the user/member
count.
This commit is contained in:
Sam 2023-04-17 16:33:05 +02:00
parent ec6b048501
commit 94cd4cd6d3
No known key found for this signature in database
GPG key ID: B4EF20DDE721CAA1
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
backend/routes/meta/meta.go
View file

@ -32,12 +32,12 @@ func (s *Server) meta(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context() ctx := r.Context()
var numUsers, numMembers int64 var numUsers, numMembers int64
err := s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM users").Scan(&numUsers) err := s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM users WHERE deleted_at IS NULL").Scan(&numUsers)
if err != nil { if err != nil {
return errors.Wrap(err, "querying user count") return errors.Wrap(err, "querying user count")
} }
err = s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM members").Scan(&numMembers) err = s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM members WHERE unlisted = false AND user_id = ANY(SELECT id FROM users WHERE deleted_at IS NULL)").Scan(&numMembers)
if err != nil { if err != nil {
return errors.Wrap(err, "querying user count") return errors.Wrap(err, "querying user count")
} }