Remove all select * from the server queries (#347)

It's not ideal as we should be explicit about what is being queried!

A part one for sorting this all out :)
This commit is contained in:
Ellie Huxtable 2022-04-26 10:37:16 +01:00 committed by GitHub
parent 4030de4bea
commit 8ac6571bc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -80,7 +80,7 @@ impl Postgres {
impl Database for Postgres { impl Database for Postgres {
#[instrument(skip_all)] #[instrument(skip_all)]
async fn get_session(&self, token: &str) -> Result<Session> { async fn get_session(&self, token: &str) -> Result<Session> {
sqlx::query_as::<_, Session>("select * from sessions where token = $1") sqlx::query_as::<_, Session>("select id, user_id, token from sessions where token = $1")
.bind(token) .bind(token)
.fetch_one(&self.pool) .fetch_one(&self.pool)
.await .await
@ -88,16 +88,18 @@ impl Database for Postgres {
#[instrument(skip_all)] #[instrument(skip_all)]
async fn get_user(&self, username: &str) -> Result<User> { async fn get_user(&self, username: &str) -> Result<User> {
sqlx::query_as::<_, User>("select * from users where username = $1") sqlx::query_as::<_, User>(
.bind(username) "select id, username, email, password from users where username = $1",
.fetch_one(&self.pool) )
.await .bind(username)
.fetch_one(&self.pool)
.await
} }
#[instrument(skip_all)] #[instrument(skip_all)]
async fn get_session_user(&self, token: &str) -> Result<User> { async fn get_session_user(&self, token: &str) -> Result<User> {
sqlx::query_as::<_, User>( sqlx::query_as::<_, User>(
"select * from users "select users.id, users.username, user.email, users.password from users
inner join sessions inner join sessions
on users.id = sessions.user_id on users.id = sessions.user_id
and sessions.token = $1", and sessions.token = $1",
@ -222,7 +224,7 @@ impl Database for Postgres {
host: &str, host: &str,
) -> Result<Vec<History>> { ) -> Result<Vec<History>> {
let res = sqlx::query_as::<_, History>( let res = sqlx::query_as::<_, History>(
"select * from history "select id, client_id, user_id, hostname, timestamp, data, created_at from history
where user_id = $1 where user_id = $1
and hostname != $2 and hostname != $2
and created_at >= $3 and created_at >= $3
@ -311,7 +313,7 @@ impl Database for Postgres {
#[instrument(skip_all)] #[instrument(skip_all)]
async fn get_user_session(&self, u: &User) -> Result<Session> { async fn get_user_session(&self, u: &User) -> Result<Session> {
sqlx::query_as::<_, Session>("select * from sessions where user_id = $1") sqlx::query_as::<_, Session>("select id, user_id, token from sessions where user_id = $1")
.bind(u.id) .bind(u.id)
.fetch_one(&self.pool) .fetch_one(&self.pool)
.await .await
@ -320,7 +322,7 @@ impl Database for Postgres {
#[instrument(skip_all)] #[instrument(skip_all)]
async fn oldest_history(&self, user: &User) -> Result<History> { async fn oldest_history(&self, user: &User) -> Result<History> {
let res = sqlx::query_as::<_, History>( let res = sqlx::query_as::<_, History>(
"select * from history "select id, client_id, user_id, hostname, timestamp, data, created_at from history
where user_id = $1 where user_id = $1
order by timestamp asc order by timestamp asc
limit 1", limit 1",