diff --git a/controllers/uploadController.js b/controllers/uploadController.js index 2b75927..e615e1b 100644 --- a/controllers/uploadController.js +++ b/controllers/uploadController.js @@ -766,34 +766,29 @@ self.list = async (req, res) => { } function filter () { - if (req.params.id !== undefined) { + if (req.params.id !== undefined) this.where('albumid', req.params.id) - } else if (!all) { + else if (!all) this.where('userid', user.id) - } else { + else // Fisrt, look for uploads matching ANY of the supplied 'user' OR 'ip' filters // Then, refine the matches using the supplied 'name' filters - const raw = [] - const source = [] - if (_filters.uploaders.length) - source.push(`\`userid\` in (${_filters.uploaders.map(v => `'${v.id}'`).join(', ')})`) - if (_filters.ips.length) - source.push(`\`ip\` in (${_filters.ips.map(v => `'${v}'`).join(', ')})`) - if (_filters.flags.nouser) - source.push('(`userid` is null or \'\')') - if (_filters.flags.noip) - source.push('(`ip` is null or \'\')') - if (source.length) - raw.push(`(${source.join(' or ')})`) - if (_filters.names.length) - raw.push(`(${_filters.names.map(v => { - if (v.includes('*')) - return `\`name\` like '${v.replace(/\*/g, '%')}'` + this.where(function () { + if (_filters.uploaders.length) + this.orWhereIn('userid', _filters.uploaders.map(v => v.id)) + if (_filters.ips.length) + this.orWhereIn('ip', _filters.ips) + if (_filters.flags.nouser) + this.orWhereNull('userid') + if (_filters.flags.noip) + this.orWhereNull('ip') + }).andWhere(function () { + for (const name of _filters.names) + if (name.includes('*')) + this.orWhere('name', 'like', name.replace(/\*/g, '%')) else - return `\`name\` = '${v}'` - }).join(' or ')})`) - this.whereRaw(raw.join(' and ')) - } + this.orWhere('name', name) + }) } // Query uploads count for pagination diff --git a/controllers/utilsController.js b/controllers/utilsController.js index 49cd50a..1b592bb 100644 --- a/controllers/utilsController.js +++ b/controllers/utilsController.js @@ -704,12 +704,18 @@ self.stats = async (req, res, next) => { } stats.uploads.images = await db.table('files') - .whereRaw(self.imageExts.map(ext => `\`name\` like '%${ext}'`).join(' or ')) + .where(function () { + for (const ext of self.imageExts) + this.orWhere('name', 'like', `%${ext}`) + }) .count('id as count') .then(rows => rows[0].count) stats.uploads.videos = await db.table('files') - .whereRaw(self.videoExts.map(ext => `\`name\` like '%${ext}'`).join(' or ')) + .where(function () { + for (const ext of self.videoExts) + this.orWhere('name', 'like', `%${ext}`) + }) .count('id as count') .then(rows => rows[0].count) diff --git a/package.json b/package.json index de49d9c..b6453fd 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "express": "^4.17.1", "express-rate-limit": "^5.0.0", "fluent-ffmpeg": "^2.1.2", - "helmet": "^3.21.1", + "helmet": "^3.21.2", "jszip": "^3.2.2", "knex": "^0.19.5", "multer": "^1.4.2", diff --git a/yarn.lock b/yarn.lock index 3522ba9..eb03afc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -203,9 +203,9 @@ integrity sha512-tHq6qdbT9U1IRSGf14CL0pUlULksvY9OZ+5eEgl1N7t+OA3tGvNpxJCzuKQlsNgCVwbAs670L1vcVQi8j9HjnA== "@types/node@*": - version "12.11.1" - resolved "https://registry.yarnpkg.com/@types/node/-/node-12.11.1.tgz#1fd7b821f798b7fa29f667a1be8f3442bb8922a3" - integrity sha512-TJtwsqZ39pqcljJpajeoofYRfeZ7/I/OMUQ5pR4q5wOKf2ocrUvBAZUMhWsOvKx3dVc/aaV5GluBivt0sWqA5A== + version "12.11.2" + resolved "https://registry.yarnpkg.com/@types/node/-/node-12.11.2.tgz#75ba3beda30d690b89a5089ca1c6e8e386150b76" + integrity sha512-dsfE4BHJkLQW+reOS6b17xhZ/6FB1rB8eRRvO08nn5o+voxf3i74tuyFWNH6djdfgX7Sm5s6LD8t6mJug4dpDw== "@types/q@^1.5.1": version "1.5.2" @@ -740,7 +740,7 @@ boolbase@^1.0.0, boolbase@~1.0.0: resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e" integrity sha1-aN/1++YMUes3cl6p4+0xDcwed24= -bowser@^2.6.1: +bowser@^2.7.0: version "2.7.0" resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.7.0.tgz#96eab1fa07fab08c1ec4c75977a7c8ddf8e0fe1f" integrity sha512-aIlMvstvu8x+34KEiOHD3AsBgdrzg6sxALYiukOWhFvGMbQI6TRP/iY0LMhUrHs56aD6P1G0Z7h45PUJaa5m9w== @@ -1817,9 +1817,9 @@ ee-first@1.1.1: integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0= electron-to-chromium@^1.3.284: - version "1.3.289" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.289.tgz#1f85add5d7086ce95d9361348c26aa9de5779906" - integrity sha512-39GEOWgTxtMDk/WjIQLg4W/l1s4FZdiMCqUBLjd92tAXsBPDFLwuwCba5OGhuTdVYm6E128TZIqSnMpeocUlCQ== + version "1.3.290" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.290.tgz#a3f345abe4f1fb0a2fedf51193f4f4489bb94a82" + integrity sha512-pkKffog2KZ5PPcC8ITNXDpucznLFVVLUS2Us0tBF0Qy9114vzDpgWntvFNE1uYEmMUIrWGFu4rDMHwgQAbNYyQ== emoji-regex@^7.0.1: version "7.0.3" @@ -2663,9 +2663,9 @@ glob-watcher@^5.0.3: object.defaults "^1.1.0" glob@^7.1.1, glob@^7.1.3: - version "7.1.4" - resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.4.tgz#aa608a2f6c577ad357e1ae5a5c26d9a8d1969255" - integrity sha512-hkLPepehmnKk41pUGm3sYxoFs/umurYfYJCerbXEyFIWcAzvpipAgVkBqqT9RBKMGjnq6kMuyYwha6csxbiM1A== + version "7.1.5" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.5.tgz#6714c69bee20f3c3e64c4dd905553e532b40cdc0" + integrity sha512-J9dlskqUXK1OeTOYBEn5s8aMukWMwWfs+rPTn/jn50Ux4MNXVhubL1wu/j2t+H4NVI+cXEcCaYellqaPVGXNqQ== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" @@ -3008,20 +3008,20 @@ helmet-crossdomain@0.4.0: resolved "https://registry.yarnpkg.com/helmet-crossdomain/-/helmet-crossdomain-0.4.0.tgz#5f1fe5a836d0325f1da0a78eaa5fd8429078894e" integrity sha512-AB4DTykRw3HCOxovD1nPR16hllrVImeFp5VBV9/twj66lJ2nU75DP8FPL0/Jp4jj79JhTfG+pFI2MD02kWJ+fA== -helmet-csp@2.9.2: - version "2.9.2" - resolved "https://registry.yarnpkg.com/helmet-csp/-/helmet-csp-2.9.2.tgz#bec0adaf370b0f2e77267c9d8b6e33b34159c1e5" - integrity sha512-Lt5WqNfbNjEJ6ysD4UNpVktSyjEKfU9LVJ1LaFmPfYseg/xPealPfgHhtqdAdjPDopp5zbg/VWCyp4cluMIckw== +helmet-csp@2.9.4: + version "2.9.4" + resolved "https://registry.yarnpkg.com/helmet-csp/-/helmet-csp-2.9.4.tgz#801382bac98f2f88706dc5c89d95c7e31af3a4a9" + integrity sha512-qUgGx8+yk7Xl8XFEGI4MFu1oNmulxhQVTlV8HP8tV3tpfslCs30OZz/9uQqsWPvDISiu/NwrrCowsZBhFADYqg== dependencies: - bowser "^2.6.1" + bowser "^2.7.0" camelize "1.0.0" content-security-policy-builder "2.1.0" dasherize "2.0.0" -helmet@^3.21.1: - version "3.21.1" - resolved "https://registry.yarnpkg.com/helmet/-/helmet-3.21.1.tgz#b0ab7c63fc30df2434be27e7e292a9523b3147e9" - integrity sha512-IC/54Lxvvad2YiUdgLmPlNFKLhNuG++waTF5KPYq/Feo3NNhqMFbcLAlbVkai+9q0+4uxjxGPJ9bNykG+3zZNg== +helmet@^3.21.2: + version "3.21.2" + resolved "https://registry.yarnpkg.com/helmet/-/helmet-3.21.2.tgz#7e2a19d5f6d898a77b5d2858e8e4bb2cda59f19f" + integrity sha512-okUo+MeWgg00cKB8Csblu8EXgcIoDyb5ZS/3u0W4spCimeVuCUvVZ6Vj3O2VJ1Sxpyb8jCDvzu0L1KKT11pkIg== dependencies: depd "2.0.0" dns-prefetch-control "0.2.0" @@ -3030,7 +3030,7 @@ helmet@^3.21.1: feature-policy "0.3.0" frameguard "3.1.0" helmet-crossdomain "0.4.0" - helmet-csp "2.9.2" + helmet-csp "2.9.4" hide-powered-by "1.1.0" hpkp "2.0.0" hsts "2.2.0" @@ -4385,9 +4385,9 @@ nocache@2.1.0: integrity sha512-0L9FvHG3nfnnmaEQPjT9xhfN4ISk0A8/2j4M37Np4mcDesJjHgEUfgPhdCyZuFI954tjokaIj/A3NdpFNdEh4Q== node-abi@^2.7.0: - version "2.11.0" - resolved "https://registry.yarnpkg.com/node-abi/-/node-abi-2.11.0.tgz#b7dce18815057544a049be5ae75cd1fdc2e9ea59" - integrity sha512-kuy/aEg75u40v378WRllQ4ZexaXJiCvB68D2scDXclp/I4cRq6togpbOoKhmN07tns9Zldu51NNERo0wehfX9g== + version "2.12.0" + resolved "https://registry.yarnpkg.com/node-abi/-/node-abi-2.12.0.tgz#40e9cfabdda1837863fa825e7dfa0b15686adf6f" + integrity sha512-VhPBXCIcvmo/5K8HPmnWJyyhvgKxnHTUMXR/XwGHV68+wrgkzST4UmQrY/XszSWA5dtnXpNp528zkcyJ/pzVcw== dependencies: semver "^5.4.1"