From d98c6f1ee7aad101b7084429eb0070f97fcd33ba Mon Sep 17 00:00:00 2001 From: Derick M <58572875+TurtIeSocks@users.noreply.github.com> Date: Thu, 2 Nov 2023 15:25:55 -0400 Subject: [PATCH] fix: ensure only enabled make it through --- server/src/models/Gym.js | 23 +++++++++++++++++++---- server/src/models/Pokestop.js | 26 +++++++++++++++++++++----- 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/server/src/models/Gym.js b/server/src/models/Gym.js index 6bd88a724..6fda87ddc 100644 --- a/server/src/models/Gym.js +++ b/server/src/models/Gym.js @@ -53,6 +53,18 @@ class Gym extends Model { return 'gym' } + /** + * + * @param {import('objection').QueryBuilder} query + * @param {boolean} isMad + */ + static onlyValid(query, isMad) { + query.andWhere('enabled', true) + if (!isMad) { + query.andWhere('deleted', false) + } + } + static async getAll(perms, args, { isMad, availableSlotsCol }, userId) { const { gyms: gymPerms, @@ -118,7 +130,7 @@ class Gym extends Model { query .whereBetween(isMad ? 'latitude' : 'lat', [args.minLat, args.maxLat]) .andWhereBetween(isMad ? 'longitude' : 'lon', [args.minLon, args.maxLon]) - .andWhere(isMad ? 'enabled' : 'deleted', isMad) + Gym.onlyValid(query, isMad) const raidBosses = new Set() const raidForms = new Set() @@ -459,7 +471,6 @@ class Gym extends Model { 'url', distance, ]) - .where(isMad ? 'enabled' : 'deleted', isMad) .whereRaw(`LOWER(name) LIKE '%${search}%'`) .limit(searchResultsLimit) .orderBy('distance') @@ -469,6 +480,8 @@ class Gym extends Model { if (!getAreaSql(query, areaRestrictions, onlyAreas, isMad)) { return [] } + Gym.onlyValid(query, isMad) + return query } @@ -507,7 +520,6 @@ class Gym extends Model { '>=', isMad ? this.knex().fn.now() : ts, ) - .andWhere(isMad ? 'enabled' : 'deleted', isMad) if (isMad) { query .leftJoin('gymdetails', 'gym.gym_id', 'gymdetails.gym_id') @@ -519,6 +531,8 @@ class Gym extends Model { if (!getAreaSql(query, perms.areaRestrictions, onlyAreas, isMad)) { return [] } + Gym.onlyValid(query, isMad) + return query } @@ -585,7 +599,6 @@ class Gym extends Model { minLon - wiggle, maxLon + wiggle, ]) - .andWhere(isMad ? 'enabled' : 'deleted', isMad) if (isMad) { query.select(['gym_id AS id', 'latitude AS lat', 'longitude AS lon']) } else { @@ -600,6 +613,8 @@ class Gym extends Model { if (!getAreaSql(query, perms.areaRestrictions, onlyAreas, isMad)) { return [] } + Gym.onlyValid(query, isMad) + const results = await query return results } diff --git a/server/src/models/Pokestop.js b/server/src/models/Pokestop.js index 2ec4eff04..b7dd90ed2 100644 --- a/server/src/models/Pokestop.js +++ b/server/src/models/Pokestop.js @@ -62,6 +62,18 @@ class Pokestop extends Model { return 'pokestop' } + /** + * + * @param {import('objection').QueryBuilder} query + * @param {boolean} isMad + */ + static onlyValid(query, isMad) { + query.andWhere('enabled', true) + if (!isMad) { + query.andWhere('deleted', false) + } + } + static async getAll( perms, args, @@ -176,7 +188,8 @@ class Pokestop extends Model { query .whereBetween(isMad ? 'latitude' : 'lat', [args.minLat, args.maxLat]) .andWhereBetween(isMad ? 'longitude' : 'lon', [args.minLon, args.maxLon]) - .andWhere(isMad ? 'enabled' : 'deleted', isMad) + + Pokestop.onlyValid(query, isMad) if (!getAreaSql(query, areaRestrictions, onlyAreas, isMad)) { return [] } @@ -1557,13 +1570,13 @@ class Pokestop extends Model { isMad ? 'image AS url' : 'url', distance, ]) - .where(isMad ? 'enabled' : 'deleted', isMad) .whereRaw(`LOWER(name) LIKE '%${search}%'`) .limit(searchResultsLimit) .orderBy('distance') if (!getAreaSql(query, perms.areaRestrictions, onlyAreas, isMad)) { return [] } + Pokestop.onlyValid(query, isMad) return query } @@ -1606,7 +1619,6 @@ class Pokestop extends Model { isMad ? 'quest_reward AS quest_rewards' : 'quest_rewards', distance, ]) - .where(isMad ? 'enabled' : 'deleted', isMad) .andWhere('quest_timestamp', '>=', midnight || 0) .andWhere((quests) => { quests @@ -1628,6 +1640,8 @@ class Pokestop extends Model { if (!getAreaSql(query, perms.areaRestrictions, onlyAreas, isMad)) { return [] } + Pokestop.onlyValid(query, isMad) + const results = await query const mapped = results.map((q) => ({ ...q, with_ar: q.with_ar ?? true })) @@ -1697,7 +1711,6 @@ class Pokestop extends Model { : 'lure_expire_timestamp', distance, ]) - .where(isMad ? 'enabled' : 'deleted', isMad) .andWhere( isMad ? 'lure_expiration' : 'lure_expire_timestamp', '>=', @@ -1709,6 +1722,8 @@ class Pokestop extends Model { if (!getAreaSql(query, perms.areaRestrictions, onlyAreas, isMad)) { return [] } + Pokestop.onlyValid(query, isMad) + const results = await query return results } @@ -1740,7 +1755,6 @@ class Pokestop extends Model { minLon - 0.025, maxLon + 0.025, ]) - .andWhere(isMad ? 'enabled' : 'deleted', isMad) if (isMad) { query.select(['pokestop_id AS id', 'latitude AS lat', 'longitude AS lon']) } else { @@ -1757,6 +1771,8 @@ class Pokestop extends Model { if (!getAreaSql(query, perms.areaRestrictions, onlyAreas, isMad)) { return [] } + Pokestop.onlyValid(query, isMad) + return query } }