fix(backend): don't count deleted users + unlisted members in meta endpoint
This technically leaked the *existence* of these users and members, but there's never been any way to enumerate users or unlisted members, so this is unlikely to have *actually* leaked any information. Still, for consistency's sake, this commit hides them from the user/member count.
This commit is contained in:
parent
ec6b048501
commit
94cd4cd6d3
|
@ -32,12 +32,12 @@ func (s *Server) meta(w http.ResponseWriter, r *http.Request) error {
|
||||||
ctx := r.Context()
|
ctx := r.Context()
|
||||||
|
|
||||||
var numUsers, numMembers int64
|
var numUsers, numMembers int64
|
||||||
err := s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM users").Scan(&numUsers)
|
err := s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM users WHERE deleted_at IS NULL").Scan(&numUsers)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "querying user count")
|
return errors.Wrap(err, "querying user count")
|
||||||
}
|
}
|
||||||
|
|
||||||
err = s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM members").Scan(&numMembers)
|
err = s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM members WHERE unlisted = false AND user_id = ANY(SELECT id FROM users WHERE deleted_at IS NULL)").Scan(&numMembers)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "querying user count")
|
return errors.Wrap(err, "querying user count")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue