smr/src/lua/endpoints/api_get.lua

local cache = require("cache")
local sql = require("lsqlite3")
local db = require("db")
local queries = require("queries")
local util = require("util")

local stmnt_tags_get

local oldconfigure = configure
function configure(...)
	stmnt_tags_get = util.sqlassert(db.conn:prepare(queries.select_suggest_tags))
	return oldconfigure(...)
end

local function suggest_tags(req,data)
	print("Suggesting tags!")
	stmnt_tags_get:bind_names{
		match = data .. "%"
	}
	local err = util.do_sql(stmnt_tags_get)
	if err == sql.ROW or err == sql.DONE then
		local tags = {data}
		for tag in stmnt_tags_get:rows() do
			print("Found tag:",tag[1])
			table.insert(tags,tag[1])
		end
		stmnt_tags_get:reset()
		http_response_header(req,"Content-Type","text/plain")
		http_response(req,200,table.concat(tags,";"))
	else
		log(LOG_ALERT,"Failed to get tag suggestions in an unusual way:" .. err .. ":" .. db.conn:errmsg())
		--This is bad though
		local page = pages.error({
			errcode = 500,
			errcodemsg = "Server error",
			explanation = string.format(
				"Failed to retreive tags from database:%d:%q",
				err,
				db.conn:errmsg()
			),
		})
		stmnt_tags_get:reset()
		http_response(req,500,page)
	end
end

local function api_get(req)
	http_request_populate_qs(req)
	local call = assert(http_argument_get_string(req,"call"))
	local data = assert(http_argument_get_string(req,"data"))
	local body
	if call == "suggest" then
		--[[
		Prevent a malicious user from injecting '%' into the string
		we're searching for, potentially causing a DoS with a
		sufficiently backtrack-ey search/tag combination.
		]]
		assert(data:match("^[a-zA-Z0-9,%s-]+$"),"Bad characters in tag")
		return suggest_tags(req,data)
	end
end
return api_get
Start work on tag suggestions Start working on getting tag suggestions for pasteing and editing pages. 2021-02-14 08:30:20 +01:00			`local cache = require("cache")`
			`local sql = require("lsqlite3")`
			`local db = require("db")`
			`local queries = require("queries")`
			`local util = require("util")`

			`local stmnt_tags_get`

			`local oldconfigure = configure`
			`function configure(...)`
			`stmnt_tags_get = util.sqlassert(db.conn:prepare(queries.select_suggest_tags))`
			`return oldconfigure(...)`
			`end`

			`local function suggest_tags(req,data)`
			`print("Suggesting tags!")`
			`stmnt_tags_get:bind_names{`
			`match = data .. "%"`
			`}`
			`local err = util.do_sql(stmnt_tags_get)`
			`if err == sql.ROW or err == sql.DONE then`
			`local tags = {data}`
			`for tag in stmnt_tags_get:rows() do`
			`print("Found tag:",tag[1])`
			`table.insert(tags,tag[1])`
			`end`
			`stmnt_tags_get:reset()`
			`http_response_header(req,"Content-Type","text/plain")`
			`http_response(req,200,table.concat(tags,";"))`
			`else`
			`log(LOG_ALERT,"Failed to get tag suggestions in an unusual way:" .. err .. ":" .. db.conn:errmsg())`
			`--This is bad though`
			`local page = pages.error({`
			`errcode = 500,`
			`errcodemsg = "Server error",`
			`explanation = string.format(`
			`"Failed to retreive tags from database:%d:%q",`
			`err,`
			`db.conn:errmsg()`
			`),`
			`})`
			`stmnt_tags_get:reset()`
			`http_response(req,500,page)`
			`end`
			`end`

			`local function api_get(req)`
			`http_request_populate_qs(req)`
			`local call = assert(http_argument_get_string(req,"call"))`
			`local data = assert(http_argument_get_string(req,"data"))`
			`local body`
			`if call == "suggest" then`
			`--[[`
			`Prevent a malicious user from injecting '%' into the string`
			`we're searching for, potentially causing a DoS with a`
			`sufficiently backtrack-ey search/tag combination.`
			`]]`
			`assert(data:match("^[a-zA-Z0-9,%s-]+$"),"Bad characters in tag")`
			`return suggest_tags(req,data)`
			`end`
			`end`
			`return api_get`