From ea2401092a753d6f05892643cbca59aa26307331 Mon Sep 17 00:00:00 2001 From: glenneth Date: Sat, 27 Dec 2025 20:33:40 +0300 Subject: [PATCH] fix: Add NIL user-id guards to favorites functions Prevents PostgreSQL errors when favorites API is called without authentication. Functions now return early (nil or 0) instead of generating invalid SQL with NIL in WHERE clause. --- user-profile.lisp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/user-profile.lisp b/user-profile.lisp index a8f084d..9ecef4d 100644 --- a/user-profile.lisp +++ b/user-profile.lisp @@ -10,6 +10,8 @@ (defun add-favorite (user-id track-id &optional (rating 1) track-title) "Add a track to user's favorites with optional rating (1-5). If track-id is nil but track-title is provided, stores by title." + (when (null user-id) + (return-from add-favorite nil)) (let ((rating-val (max 1 (min 5 (or rating 1))))) (with-db (if track-id @@ -26,6 +28,8 @@ (defun remove-favorite (user-id track-id &optional track-title) "Remove a track from user's favorites by track-id or title" + (when (null user-id) + (return-from remove-favorite nil)) (with-db (if track-id (postmodern:query @@ -38,6 +42,8 @@ (defun update-favorite-rating (user-id track-id rating) "Update the rating for a favorited track" + (when (null user-id) + (return-from update-favorite-rating nil)) (let ((rating-val (max 1 (min 5 rating)))) (with-db (postmodern:query @@ -48,6 +54,8 @@ (defun get-user-favorites (user-id &key (limit 50) (offset 0)) "Get user's favorite tracks - works with both track-id and title-based favorites" + (when (null user-id) + (return-from get-user-favorites nil)) (with-db (postmodern:query (:raw (format nil "SELECT _id, rating, \"created-date\", track_title, \"track-id\" FROM user_favorites WHERE \"user-id\" = ~a ORDER BY \"created-date\" DESC LIMIT ~a OFFSET ~a" @@ -56,6 +64,8 @@ (defun is-track-favorited (user-id track-id) "Check if a track is in user's favorites, returns rating or nil" + (when (null user-id) + (return-from is-track-favorited nil)) (with-db (postmodern:query (:raw (format nil "SELECT rating FROM user_favorites WHERE \"user-id\" = ~a AND \"track-id\" = ~a" @@ -64,6 +74,8 @@ (defun get-favorites-count (user-id) "Get total count of user's favorites" + (when (null user-id) + (return-from get-favorites-count 0)) (with-db (postmodern:query (:raw (format nil "SELECT COUNT(*) FROM user_favorites WHERE \"user-id\" = ~a" user-id))