summaryrefslogtreecommitdiff
path: root/migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql
diff options
context:
space:
mode:
authorpennae <github@quasiparticle.net>2022-08-10 01:54:20 +0200
committerpennae <github@quasiparticle.net>2022-08-10 01:58:29 +0200
commitaeb116bace23f66a86caf6d5868ea82dfb901e36 (patch)
treed634ec843f6d5513f487b82331fff23e23f3f20f /migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql
parent6fdf7e463ee939c7f8eacf89d820e7ab405de587 (diff)
downloadminor-skulk-aeb116bace23f66a86caf6d5868ea82dfb901e36.tar.gz
minor-skulk-aeb116bace23f66a86caf6d5868ea82dfb901e36.tar.xz
minor-skulk-aeb116bace23f66a86caf6d5868ea82dfb901e36.zip
don't allow users to edit devices of other users
while device ids should be impossible to guess (being as long as oauth tokens), we should still guard against malicious activity if they should ever leak.
Diffstat (limited to 'migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql')
-rw-r--r--migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql4
1 files changed, 4 insertions, 0 deletions
diff --git a/migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql b/migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql
new file mode 100644
index 0000000..51d1743
--- /dev/null
+++ b/migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql
@@ -0,0 +1,4 @@
+drop function insert_or_update_device(device_id, user_id, text, text, device_push_info,
+ device_command[], jsonb, out device);
+alter function insert_or_update_device_1(device_id, user_id, text, text, device_push_info,
+ device_command[], jsonb, out device) rename to insert_or_update_device;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 11:48:42 +0000