glenn
/
asteroid
mirror of https://github.com/glenneth1/asteroid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: Add NIL user-id guards to favorites functions 

Prevents PostgreSQL errors when favorites API is called without
authentication. Functions now return early (nil or 0) instead of
generating invalid SQL with NIL in WHERE clause.
This commit is contained in:
glenneth 2025-12-27 20:33:40 +03:00
parent 25a6341a7b
commit 753ff822ce
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
user-profile.lisp
View File

@ -10,6 +10,8 @@
(defun add-favorite (user-id track-id &optional (rating 1) track-title) (defun add-favorite (user-id track-id &optional (rating 1) track-title)
"Add a track to user's favorites with optional rating (1-5). "Add a track to user's favorites with optional rating (1-5).
If track-id is nil but track-title is provided, stores by title." If track-id is nil but track-title is provided, stores by title."
(when (null user-id)
(return-from add-favorite nil))
(let ((rating-val (max 1 (min 5 (or rating 1))))) (let ((rating-val (max 1 (min 5 (or rating 1)))))
(with-db (with-db
(if track-id (if track-id
@ -26,6 +28,8 @@
(defun remove-favorite (user-id track-id &optional track-title) (defun remove-favorite (user-id track-id &optional track-title)
"Remove a track from user's favorites by track-id or title" "Remove a track from user's favorites by track-id or title"
(when (null user-id)
(return-from remove-favorite nil))
(with-db (with-db
(if track-id (if track-id
(postmodern:query (postmodern:query
@ -38,6 +42,8 @@
(defun update-favorite-rating (user-id track-id rating) (defun update-favorite-rating (user-id track-id rating)
"Update the rating for a favorited track" "Update the rating for a favorited track"
(when (null user-id)
(return-from update-favorite-rating nil))
(let ((rating-val (max 1 (min 5 rating)))) (let ((rating-val (max 1 (min 5 rating))))
(with-db (with-db
(postmodern:query (postmodern:query
@ -48,6 +54,8 @@
(defun get-user-favorites (user-id &key (limit 50) (offset 0)) (defun get-user-favorites (user-id &key (limit 50) (offset 0))
"Get user's favorite tracks - works with both track-id and title-based favorites" "Get user's favorite tracks - works with both track-id and title-based favorites"
(when (null user-id)
(return-from get-user-favorites nil))
(with-db (with-db
(postmodern:query (postmodern:query
(:raw (format nil "SELECT _id, rating, \"created-date\", track_title, \"track-id\" FROM user_favorites WHERE \"user-id\" = ~a ORDER BY \"created-date\" DESC LIMIT ~a OFFSET ~a" (:raw (format nil "SELECT _id, rating, \"created-date\", track_title, \"track-id\" FROM user_favorites WHERE \"user-id\" = ~a ORDER BY \"created-date\" DESC LIMIT ~a OFFSET ~a"
@ -56,6 +64,8 @@
(defun is-track-favorited (user-id track-id) (defun is-track-favorited (user-id track-id)
"Check if a track is in user's favorites, returns rating or nil" "Check if a track is in user's favorites, returns rating or nil"
(when (null user-id)
(return-from is-track-favorited nil))
(with-db (with-db
(postmodern:query (postmodern:query
(:raw (format nil "SELECT rating FROM user_favorites WHERE \"user-id\" = ~a AND \"track-id\" = ~a" (:raw (format nil "SELECT rating FROM user_favorites WHERE \"user-id\" = ~a AND \"track-id\" = ~a"
@ -64,6 +74,8 @@
(defun get-favorites-count (user-id) (defun get-favorites-count (user-id)
"Get total count of user's favorites" "Get total count of user's favorites"
(when (null user-id)
(return-from get-favorites-count 0))
(with-db (with-db
(postmodern:query (postmodern:query
(:raw (format nil "SELECT COUNT(*) FROM user_favorites WHERE \"user-id\" = ~a" user-id)) (:raw (format nil "SELECT COUNT(*) FROM user_favorites WHERE \"user-id\" = ~a" user-id))