44 lines
1.1 KiB
Lua
44 lines
1.1 KiB
Lua
local cache = require("cache")
|
|
local sql = require("lsqlite3")
|
|
local db = require("db")
|
|
local queries = require("queries")
|
|
local util = require("util")
|
|
|
|
local stmnt_tags_get
|
|
|
|
local oldconfigure = configure
|
|
function configure(...)
|
|
stmnt_tags_get = util.sqlassert(db.conn:prepare(queries.select_suggest_tags))
|
|
return oldconfigure(...)
|
|
end
|
|
|
|
local function suggest_tags(req,data)
|
|
stmnt_tags_get:bind_names{
|
|
match = data .. "%"
|
|
}
|
|
local tags = {data}
|
|
for tag in stmnt_tags_get:rows() do
|
|
table.insert(tags,tag[1])
|
|
end
|
|
stmnt_tags_get:reset()
|
|
http_response_header(req,"Content-Type","text/plain")
|
|
http_response(req,200,table.concat(tags,";"))
|
|
end
|
|
|
|
local function api_get(req)
|
|
http_request_populate_qs(req)
|
|
local call = assert(http_argument_get_string(req,"call"))
|
|
local data = assert(http_argument_get_string(req,"data"))
|
|
local body
|
|
if call == "suggest" then
|
|
--[[
|
|
Prevent a malicious user from injecting '%' into the string
|
|
we're searching for, potentially causing a DoS with a
|
|
sufficiently backtrack-ey search/tag combination.
|
|
]]
|
|
assert(data:match("^[a-zA-Z0-9,%s-]+$"),"Bad characters in tag")
|
|
return suggest_tags(req,data)
|
|
end
|
|
end
|
|
return api_get
|