Skip to content

Fix arearestrictions for allowed users#379

Merged
versx merged 2 commits intomasterfrom
fix-arearestrictions
May 27, 2021
Merged

Fix arearestrictions for allowed users#379
versx merged 2 commits intomasterfrom
fix-arearestrictions

Conversation

@clburlison
Copy link
Copy Markdown
Contributor

@clburlison clburlison commented May 27, 2021
edited
Loading

This fixes the issue some users were seeing with the newly added area restrictions. Problem was appearing for users that where in the allowedUsers array. Solution is kinda hacky but looked cleaner than messing with the getAreaRestrictionSql function in map.js.

Associated log:

Click to expand! 
Failed to get gyms: Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')
     AND raid_end_timestamp IS NOT NULL AND raid_end_timestamp >= UNIX_TIME...' at line 12
    at Query.Sequence._packetToError (/home/clb/MapJS_test/node_modules/mysql/lib/protocol/sequences/Sequence.js:47:14)
    at Query.ErrorPacket (/home/clb/MapJS_test/node_modules/mysql/lib/protocol/sequences/Query.js:79:18)
    at Protocol._parsePacket (/home/clb/MapJS_test/node_modules/mysql/lib/protocol/Protocol.js:291:23)
    at Parser._parsePacket (/home/clb/MapJS_test/node_modules/mysql/lib/protocol/Parser.js:433:10)
    at Parser.write (/home/clb/MapJS_test/node_modules/mysql/lib/protocol/Parser.js:43:10)
    at Protocol.write (/home/clb/MapJS_test/node_modules/mysql/lib/protocol/Protocol.js:38:16)
    at Socket.<anonymous> (/home/clb/MapJS_test/node_modules/mysql/lib/Connection.js:88:28)
    at Socket.<anonymous> (/home/clb/MapJS_test/node_modules/mysql/lib/Connection.js:526:10)
    at Socket.emit (events.js:314:20)
    at addChunk (_stream_readable.js:297:12)
    --------------------
    at Protocol._enqueue (/home/clb/MapJS_test/node_modules/mysql/lib/protocol/Protocol.js:144:48)
    at Connection.query (/home/clb/MapJS_test/node_modules/mysql/lib/Connection.js:198:25)
    at /home/clb/MapJS_test/src/services/mysql.js:40:18
    at new Promise (<anonymous>)
    at MySQLConnector.query (/home/clb/MapJS_test/src/services/mysql.js:35:16)
    at Object.getGyms (/home/clb/MapJS_test/src/data/map.js:401:46)
    at getData (/home/clb/MapJS_test/src/routes/api.js:342:34)
    at /home/clb/MapJS_test/src/routes/api.js:17:24
    at Layer.handle [as handle_request] (/home/clb/MapJS_test/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/clb/MapJS_test/node_modules/express/lib/router/route.js:137:13) {
  code: 'ER_PARSE_ERROR',
  errno: 1064,
  sqlMessage: "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')\n" +
    "     AND raid_end_timestamp IS NOT NULL AND raid_end_timestamp >= UNIX_TIME...' at line 12",
  sqlState: '42000',
  index: 0,
  sql: '\n' +
    '    SELECT id, lat, lon, name, url, guarding_pokemon_id, last_modified_timestamp, team_id, raid_end_timestamp,\n' +
    '            raid_spawn_timestamp, raid_battle_timestamp, raid_pokemon_id, enabled, availble_slots, updated,\n' +
    '            raid_level, ex_raid_eligible, in_battle, raid_pokemon_move_1, raid_pokemon_move_2, raid_pokemon_form,\n' +
    '            raid_pokemon_cp, raid_pokemon_gender, raid_is_exclusive, cell_id, total_cp, sponsor_id,\n' +
    '            raid_pokemon_evolution, raid_pokemon_costume\n' +
    '    FROM gym\n' +
    "    WHERE lat >= XX.XXXXXX AND lat <= XX.XXXXXX AND lon >= -XX.XXXXXX AND lon <= -XX.XXXXXX AND updated > '0' AND deleted = false\n" +
    '         AND (\n' +
    '            raid_end_timestamp IS NULL OR raid_end_timestamp < UNIX_TIMESTAMP() OR raid_pokemon_id IS NULL OR\n' +
    '            (raid_pokemon_form = 0 ) OR raid_pokemon_form NOT IN (0 )\n' +
    '        )  \n' +
    '          AND ()\n' +
    '     AND raid_end_timestamp IS NOT NULL AND raid_end_timestamp >= UNIX_TIMESTAMP()'
}
SQL: 
    SELECT id, lat, lon, name, url, guarding_pokemon_id, last_modified_timestamp, team_id, raid_end_timestamp,
            raid_spawn_timestamp, raid_battle_timestamp, raid_pokemon_id, enabled, availble_slots, updated,
            raid_level, ex_raid_eligible, in_battle, raid_pokemon_move_1, raid_pokemon_move_2, raid_pokemon_form,
            raid_pokemon_cp, raid_pokemon_gender, raid_is_exclusive, cell_id, total_cp, sponsor_id,
            raid_pokemon_evolution, raid_pokemon_costume
    FROM gym
    WHERE lat >= ? AND lat <= ? AND lon >= ? AND lon <= ? AND updated > ? AND deleted = false
         AND (
            raid_end_timestamp IS NULL OR raid_end_timestamp < UNIX_TIMESTAMP() OR raid_pokemon_id IS NULL OR
            (raid_pokemon_form = 0 ) OR raid_pokemon_form NOT IN (0 )
        )  
          AND ()
     AND raid_end_timestamp IS NOT NULL AND raid_end_timestamp >= UNIX_TIMESTAMP()
Args: [
  XX.XXXXXX,
  XX.XXXXXX,
  -XX.XXXXXX,
  -XX.XXXXXX,
  '0'
]

@clburlison
Copy link
Copy Markdown
Contributor Author

clburlison commented May 27, 2021
edited
Loading

Oh also updated the external deps as they seemed fine in my testing. This fixes CVE-2021-23358 so we should prioritize getting this merged quickly...feel free to yell as these should have been two PRs.

@versx versx merged commit 3970f7f into master May 27, 2021
@versx versx deleted the fix-arearestrictions branch May 27, 2021 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@versx versx versx approved these changes

@TurtIeSocks TurtIeSocks TurtIeSocks approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@clburlison @versx @TurtIeSocks