Răsfoiți Sursa

fix(api): check for nil user before using the result

The current-user and categories handlers used the value returned by
UserByID without checking whether it was nil. Since UserByID returns no
error when the user does not exist, the categories handler could
dereference a nil user. Return a not found response when the user is nil.
Frédéric Guillot 1 săptămână în urmă
părinte
comite
2ac3073583
2 a modificat fișierele cu 11 adăugiri și 0 ștergeri
  1. 6 0
      internal/api/category_handlers.go
  2. 5 0
      internal/api/user_handlers.go

+ 6 - 0
internal/api/category_handlers.go

@@ -120,6 +120,12 @@ func (h *handler) getCategoriesHandler(w http.ResponseWriter, r *http.Request) {
 			response.JSONServerError(w, r, userErr)
 			response.JSONServerError(w, r, userErr)
 			return
 			return
 		}
 		}
+
+		if user == nil {
+			response.JSONNotFound(w, r)
+			return
+		}
+
 		categories, err = h.store.CategoriesWithFeedCount(user.ID, user.CategoriesSortingOrder)
 		categories, err = h.store.CategoriesWithFeedCount(user.ID, user.CategoriesSortingOrder)
 	} else {
 	} else {
 		categories, err = h.store.Categories(request.UserID(r))
 		categories, err = h.store.Categories(request.UserID(r))

+ 5 - 0
internal/api/user_handlers.go

@@ -22,6 +22,11 @@ func (h *handler) currentUserHandler(w http.ResponseWriter, r *http.Request) {
 		return
 		return
 	}
 	}
 
 
+	if user == nil {
+		response.JSONNotFound(w, r)
+		return
+	}
+
 	response.JSON(w, r, user)
 	response.JSON(w, r, user)
 }
 }