hippofish/packages/backend/migration/1644010796173-convert-hard-mutes.js
Johann150 afb6304979
fix: regular expressions in word mutes (#8254)
* fix: handle regex exceptions for word mutes

* add i18n strings

Co-authored-by: rinsuki <428rinsuki+git@gmail.com>

* stricter input validation in backend

* add migration for hard mutes

* fix

* use correct regex library in migration

* use query builder to avoid SQL injection

Co-authored-by: Robin B <robflop98@outlook.com>
Co-authored-by: rinsuki <428rinsuki+git@gmail.com>
2022-02-10 19:47:46 +09:00

64 lines
2.3 KiB
JavaScript

const RE2 = require('re2');
const { MigrationInterface, QueryRunner } = require("typeorm");
module.exports = class convertHardMutes1644010796173 {
name = 'convertHardMutes1644010796173'
async up(queryRunner) {
let entries = await queryRunner.query(`SELECT "userId", "mutedWords" FROM "user_profile"`);
for(let i = 0; i < entries.length; i++) {
let words = entries[i].mutedWords
.map(line => {
const regexp = line.join(" ").match(/^\/(.+)\/(.*)$/);
if (regexp) {
// convert regexp's
try {
new RE2(regexp[1], regexp[2]);
return `/${regexp[1]}/${regexp[2]}`;
} catch (err) {
// invalid regex, ignore it
return [];
}
} else {
// remove empty segments
return line.filter(x => x !== '');
}
})
// remove empty lines
.filter(x => !(Array.isArray(x) && x.length === 0));
await queryRunner.connection.createQueryBuilder()
.update('user_profile')
.set({
mutedWords: words
})
.where('userId = :id', { id: entries[i].userId })
.execute();
}
}
async down(queryRunner) {
let entries = await queryRunner.query(`SELECT "userId", "mutedWords" FROM "user_profile"`);
for(let i = 0; i < entries.length; i++) {
let words = entries[i].mutedWords
.map(line => {
if (Array.isArray(line)) {
return line;
} else {
// do not split regex at spaces again
return [line];
}
})
// remove empty lines
.filter(x => !(Array.isArray(x) && x.length === 0));
await queryRunner.connection.createQueryBuilder()
.update('user_profile')
.set({
mutedWords: words
})
.where('userId = :id', { id: entries[i].userId })
.execute();
}
}
}