Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2026-03-28 02:23:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor(signserver): replace raw SQL with repository interfaces

Browse Source 
Extract all direct database access into three repository interfaces
(SignUserRepo, SignCharacterRepo, SignSessionRepo) matching the
pattern established in channelserver. This surfaces 9 previously
silenced errors that are now logged with structured context, and
makes the sign server testable with mock repos instead of go-sqlmock.

Security fix: GetFriends now uses parameterized ANY($1) queries
instead of string-concatenated WHERE clauses (SQL injection vector).
This commit is contained in:
Houmgaor
2026-02-22 16:30:24 +01:00
parent 53b5bb3b96
commit b3f75232a3
11 changed files with 1193 additions and 435 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/signserver/dsgn_resp.go
View File

@@ -333,8 +333,10 @@ func (s *Session) makeSignResponse(uid uint32) []byte {
bf.WriteBytes(filters.Data())
if s.client == VITA || s.client == PS3 || s.client == PS4 {
var psnUser string
_ = s.server.db.QueryRow("SELECT psn_id FROM users WHERE id = $1", uid).Scan(&psnUser)
psnUser, err := s.server.userRepo.GetPSNIDForUser(uid)
if err != nil {
s.logger.Warn("Failed to get PSN ID for user", zap.Uint32("uid", uid), zap.Error(err))
}
bf.WriteBytes(stringsupport.PaddedString(psnUser, 20, true))
}