oat/crystal-gauntlet
oat
/
crystal-gauntlet
1
0
Fork 1
Code Issues 11 Pull Requests Packages Projects Releases Wiki Activity

see your own unlisted levels

This commit is contained in:
Jill 2023-01-02 17:21:39 +03:00
parent ef072cf082
commit 8f3caccce2
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/endpoints/levels/getLevels.cr
View File

@ -10,8 +10,10 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String {
params = URI::Params.parse(body)
LOG.debug { params.inspect }
can_see_unlisted = false
# where [...]
queryParams = ["unlisted = 0"] # don't leave the default empty!!
queryParams = [] of String
# order by [...]
order = "levels.created_at desc"
@ -22,7 +24,8 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String {
if searchQuery != "" && params["type"] != "5"
if searchQuery.to_i?
# we do this to get rid of the initial "unlisted = 0" bit
queryParams = ["levels.id = #{searchQuery.to_i}"]
can_see_unlisted = true
queryParams << "levels.id = #{searchQuery.to_i}"
else
# no sql injections to see here; clean_char only leaves A-Za-z0-9 intact
# todo: make this configurable w/ fuzzy search
@ -115,7 +118,21 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String {
order = "likes desc"
queryParams << "levels.created_at > \"#{(Time.utc - 7.days).to_s(Format::TIME_FORMAT)}\""
when "5" # made by user
queryParams << "levels.user_id = #{searchQuery.to_i}" # (you can't sql inject with numbers)
if params["local"] == "1"
user_id, account_id = Accounts.auth(params)
if !(user_id && account_id)
return "-1"
end
if user_id == searchQuery.to_i
can_see_unlisted = true
queryParams << "levels.user_id = #{searchQuery.to_i}"
else
return "-1"
end
else
queryParams << "levels.user_id = #{searchQuery.to_i}" # (you can't sql inject with numbers)
end
when "6", "17" # featured (gdw is 17)
# todo: order by feature date
queryParams << "featured = 1"
@ -143,6 +160,10 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String {
# todo
end
if !can_see_unlisted
queryParams << "unlisted = 0"
end
where_str = "where (#{queryParams.join(") and (")})"
# todo: switch join users to left join to avoid losing levels to the shadow realm after a user vanishes
query_base = "from levels join users on levels.user_id = users.id left join map_pack_links on map_pack_links.level_id = levels.id #{where_str} order by #{order}"