Просмотр исходного кода

fix(api): check for nil user before using the result

The current-user and categories handlers used the value returned by
UserByID without checking whether it was nil. Since UserByID returns no
error when the user does not exist, the categories handler could
dereference a nil user. Return a not found response when the user is nil.
Frédéric Guillot 1 неделя назад
Родитель
Сommit
2ac3073583
2 измененных файлов с 11 добавлено и 0 удалено
  1. 6 0
      internal/api/category_handlers.go
  2. 5 0
      internal/api/user_handlers.go

+ 6 - 0
internal/api/category_handlers.go

@@ -120,6 +120,12 @@ func (h *handler) getCategoriesHandler(w http.ResponseWriter, r *http.Request) {
 			response.JSONServerError(w, r, userErr)
 			return
 		}
+
+		if user == nil {
+			response.JSONNotFound(w, r)
+			return
+		}
+
 		categories, err = h.store.CategoriesWithFeedCount(user.ID, user.CategoriesSortingOrder)
 	} else {
 		categories, err = h.store.Categories(request.UserID(r))

+ 5 - 0
internal/api/user_handlers.go

@@ -22,6 +22,11 @@ func (h *handler) currentUserHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if user == nil {
+		response.JSONNotFound(w, r)
+		return
+	}
+
 	response.JSON(w, r, user)
 }