eins/f0bm
1
0
Fork 0
forked from w0bm/f0bm
Code Pull Requests Activity

potential fix for mixed random results when unathenticated

Browse Source
This commit is contained in:
x
2026-01-23 22:00:49 +01:00
parent 6692f32c4b
commit 03f2630090
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/inc/routeinc/f0cklib.mjs
View File

@@ -226,10 +226,15 @@ export default {
from favorites
inner join items on favorites.item_id = items.id
inner join "user" on "user".id = favorites.user_id
left join tags_assign on tags_assign.item_id = items.id
left join tags on tags.id = tags_assign.tag_id
where
"user".user ilike ${'%' + user + '%'}
${db.unsafe(modequery)}
and "user".user ilike ${'%' + user + '%'}
and items.active = 'true'
${mime ? db`and items.mime ilike ${smime}` : db``}
${!o.session && globalfilter ? db`and items.id not in (select item_id from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``}
group by items.id
order by random()
limit 1
`;

7
src/inc/routes/apiv2/index.mjs
View File

@@ -1,9 +1,12 @@
import { promises as fs } from "fs";
import db from '../../sql.mjs';
import lib from '../../lib.mjs';
import cfg from '../../config.mjs';
import search from '../../routeinc/search.mjs';
const allowedMimes = ["audio", "image", "video", "%"];
const globalfilter = cfg.nsfp?.length ? cfg.nsfp.map(n => `tag_id = ${n}`).join(' or ') : null;
export default router => {
router.group(/^\/api\/v2/, group => {
group.get(/$/, (req, res) => {
@@ -19,6 +22,8 @@ export default router => {
const tag = req.url.qs.tag || null;
const isFav = req.url.qs.fav === 'true';
const hasSession = !!req.session;
const modequery = mime.startsWith("audio") ? lib.getMode(0) : lib.getMode(req.session?.mode ?? 0);
const rows = await db`
select "items".*
@@ -30,10 +35,12 @@ export default router => {
left join tags_assign on tags_assign.item_id = items.id
left join tags on tags.id = tags_assign.tag_id
where
${db.unsafe(modequery)} and
mime ilike ${mime} and
active = 'true'
${isFav ? db`and fu."user" = ${user}` : db`and items.username ilike ${user}`}
${tag ? db`and tags.normalized ilike ${'%' + tag + '%'}` : db``}
${!hasSession && globalfilter ? db`and items.id not in (select item_id from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``}
order by random()
limit 1
`;