Fix invalid date searches returning 503 (#31526)
This commit is contained in:
Taylor Chaparro
GitHub
@@ -168,15 +168,15 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
when 'before'
|
||||
@filter = :created_at
|
||||
@type = :range
|
||||
@term = { lt: term, time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
|
||||
@term = { lt: TermValidator.validate_date!(term), time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
|
||||
when 'after'
|
||||
@filter = :created_at
|
||||
@type = :range
|
||||
@term = { gt: term, time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
|
||||
@term = { gt: TermValidator.validate_date!(term), time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
|
||||
when 'during'
|
||||
@filter = :created_at
|
||||
@type = :range
|
||||
@term = { gte: term, lte: term, time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
|
||||
@term = { gte: TermValidator.validate_date!(term), lte: TermValidator.validate_date!(term), time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
|
||||
when 'in'
|
||||
@operator = :flag
|
||||
@term = term
|
||||
@@ -224,6 +224,17 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
end
|
||||
end
|
||||
|
||||
class TermValidator
|
||||
STRICT_DATE_REGEX = /\A\d{4}-\d{2}-\d{2}\z/ # yyyy-MM-dd
|
||||
EPOCH_MILLIS_REGEX = /\A\d{1,19}\z/
|
||||
|
||||
def self.validate_date!(value)
|
||||
return value if value.match?(STRICT_DATE_REGEX) || value.match?(EPOCH_MILLIS_REGEX)
|
||||
|
||||
raise Mastodon::FilterValidationError, "Invalid date #{value}"
|
||||
end
|
||||
end
|
||||
|
||||
rule(clause: subtree(:clause)) do
|
||||
prefix = clause[:prefix][:term].to_s.downcase if clause[:prefix]
|
||||
operator = clause[:operator]&.to_s
|
||||
|
||||
@@ -8,6 +8,7 @@ module Mastodon
|
||||
class LengthValidationError < ValidationError; end
|
||||
class DimensionsValidationError < ValidationError; end
|
||||
class StreamValidationError < ValidationError; end
|
||||
class FilterValidationError < ValidationError; end
|
||||
class RaceConditionError < Error; end
|
||||
class RateLimitExceededError < Error; end
|
||||
class SyntaxError < Error; end
|
||||
|
||||
@@ -8,6 +8,37 @@ RSpec.describe SearchQueryTransformer do
|
||||
let(:account) { Fabricate(:account) }
|
||||
let(:parser) { SearchQueryParser.new.parse(query) }
|
||||
|
||||
shared_examples 'date operator' do |operator|
|
||||
let(:statement_operations) { [] }
|
||||
|
||||
[
|
||||
['2022-01-01', '2022-01-01'],
|
||||
['"2022-01-01"', '2022-01-01'],
|
||||
['12345678', '12345678'],
|
||||
['"12345678"', '12345678'],
|
||||
].each do |value, parsed|
|
||||
context "with #{operator}:#{value}" do
|
||||
let(:query) { "#{operator}:#{value}" }
|
||||
|
||||
it 'transforms clauses' do
|
||||
ops = statement_operations.index_with { |_op| parsed }
|
||||
|
||||
expect(subject.send(:must_clauses)).to be_empty
|
||||
expect(subject.send(:must_not_clauses)).to be_empty
|
||||
expect(subject.send(:filter_clauses).map(&:term)).to contain_exactly(**ops, time_zone: 'UTC')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context "with #{operator}:\"abc\"" do
|
||||
let(:query) { "#{operator}:\"abc\"" }
|
||||
|
||||
it 'raises an exception' do
|
||||
expect { subject }.to raise_error(Mastodon::FilterValidationError, 'Invalid date abc')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'with "hello world"' do
|
||||
let(:query) { 'hello world' }
|
||||
|
||||
@@ -68,13 +99,33 @@ RSpec.describe SearchQueryTransformer do
|
||||
end
|
||||
end
|
||||
|
||||
context 'with \'before:"2022-01-01 23:00"\'' do
|
||||
let(:query) { 'before:"2022-01-01 23:00"' }
|
||||
context 'with \'is:"foo bar"\'' do
|
||||
let(:query) { 'is:"foo bar"' }
|
||||
|
||||
it 'transforms clauses' do
|
||||
expect(subject.send(:must_clauses)).to be_empty
|
||||
expect(subject.send(:must_not_clauses)).to be_empty
|
||||
expect(subject.send(:filter_clauses).map(&:term)).to contain_exactly(lt: '2022-01-01 23:00', time_zone: 'UTC')
|
||||
expect(subject.send(:filter_clauses).map(&:term)).to contain_exactly('foo bar')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with date operators' do
|
||||
context 'with "before"' do
|
||||
it_behaves_like 'date operator', 'before' do
|
||||
let(:statement_operations) { [:lt] }
|
||||
end
|
||||
end
|
||||
|
||||
context 'with "after"' do
|
||||
it_behaves_like 'date operator', 'after' do
|
||||
let(:statement_operations) { [:gt] }
|
||||
end
|
||||
end
|
||||
|
||||
context 'with "during"' do
|
||||
it_behaves_like 'date operator', 'during' do
|
||||
let(:statement_operations) { [:gte, :lte] }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user