From eb1a6069d65ffc84c12759902ba909c11ea8a0b4 Mon Sep 17 00:00:00 2001 From: Ezri Brimhall Date: Tue, 2 Apr 2024 14:55:22 -0400 Subject: [PATCH 1/2] Should fix cascading delete issue (#3) Reviewed-on: https://git.hatecomputers.club/hatecomputers/hatecomputers.club/pulls/3 Co-authored-by: Ezri Brimhall Co-committed-by: Ezri Brimhall --- database/users.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/database/users.go b/database/users.go index ab48699..f438281 100644 --- a/database/users.go +++ b/database/users.go @@ -50,7 +50,12 @@ func GetUser(dbConn *sql.DB, id string) (*User, error) { func FindOrSaveUser(dbConn *sql.DB, user *User) (*User, error) { log.Println("finding or saving user", user.ID) - _, err := dbConn.Exec(`INSERT OR REPLACE INTO users (id, mail, username, display_name) VALUES (?, ?, ?, ?);`, user.ID, user.Mail, user.Username, user.DisplayName) + _, err := dbConn.Exec(`INSERT OR IGNORE INTO users (id, mail, username, display_name) VALUES (?, ?, ?, ?);`, user.ID, user.Mail, user.Username, user.DisplayName) + if err != nil { + return nil, err + } + + _, err = dbConn.Exec(`UPDATE users SET mail = ?, username = ?, display_name = ? WHERE id = ?;`, user.Mail, user.Username, user.DisplayName, user.ID) if err != nil { return nil, err } From 1fb45f8c4aca0d0d61b017d4b7afe24d0157fd18 Mon Sep 17 00:00:00 2001 From: Elizabeth Date: Tue, 2 Apr 2024 14:33:11 -0600 Subject: [PATCH 2/2] allow user to fuck with .endpoints --- api/dns.go | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/api/dns.go b/api/dns.go index a1739d3..ad41103 100644 --- a/api/dns.go +++ b/api/dns.go @@ -2,6 +2,7 @@ package api import ( "database/sql" + "fmt" "log" "net/http" "strconv" @@ -20,10 +21,23 @@ type FormError struct { func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord) bool { ownedByUser := (user.ID == record.UserID) + if !ownedByUser { + return false + } if !record.Internal { - publicallyOwnedByUser := (record.Name == user.Username || strings.HasSuffix(record.Name, "."+user.Username)) - return ownedByUser && publicallyOwnedByUser + userOwnedDomains := []string{ + fmt.Sprintf("%s", user.Username), + fmt.Sprintf("%s.endpoints", user.Username), + } + + for _, domain := range userOwnedDomains { + isInSubDomain := strings.HasSuffix(record.Name, "."+domain) + if domain == record.Name || isInSubDomain { + return true + } + } + return false } owner, err := database.FindFirstDomainOwnerId(dbConn, record.Name)