regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Default to current time in list endpoint

Browse Source
This commit is contained in:
regalijan 2023-10-19 16:49:52 -04:00
parent bd95bb2b10
commit e5dc359f3a
Signed by: regalijan
GPG Key ID: 5D4196DA269EF520
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
functions/api/mod-queue/list.ts
View File

@ -1,6 +1,6 @@
export async function onRequestGet(context: RequestContext) {
const { searchParams } = new URL(context.request.url);
const before = parseInt(searchParams.get("before") || "0");
const before = parseInt(searchParams.get("before") || `${Date.now()}`);
const entryType = searchParams.get("type");
const showClosed = searchParams.get("showClosed") === "true";
const tables: { [k: string]: string } = {
@ -47,11 +47,17 @@ export async function onRequestGet(context: RequestContext) {
const prefix = types[entryType];
const table = tables[entryType];
const items = [];
console.log(!showClosed)
const { results }: { results?: { created_at: number; id: string }[] } =
/*
This is normally VERY BAD and can lead to injection attacks
However, there is no other way to do this, as using bindings for table names is unsupported apparently
To avoid any potential injection attacks we enforce a list of specific values and permissions for table names
*/
await context.env.D1.prepare(
"SELECT created_at, id FROM ? WHERE created_at < ? AND open = ? ORDER BY created_at DESC LIMIT 25;"
`SELECT id FROM ${table} WHERE created_at < ? AND open = ? ORDER BY created_at DESC LIMIT 25;`
)
.bind(table, before, Number(showClosed))
.bind(before, Number(!showClosed))
.all();
if (results)