backend- prevent sequential duplicate audit entries

nektro · Apr 17, 2022 · 8f7d3ee · 8f7d3ee
1 parent 3f5e9a7
commit 8f7d3ee
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 2 deletions.
diff --git a/pkg/db/properties.go b/pkg/db/properties.go
@@ -43,10 +43,14 @@ func (p *Properties) Get(key string) string {
 }
 
 // Set sets the value of a single key
-func (p *Properties) Set(key string, val string) {
+func (p *Properties) Set(key string, val string) bool {
 	p.SetDefault(key, "")
+	if p.Get(key) == val {
+		return false
+	}
 	db.Build().Up(cTableSettings, "value", val).Wh("key", key).Exe()
 	p.s.Set(key, val)
+	return true
 }
 
 // Has tests whether this Properties contains a certain key

diff --git a/pkg/handler/channels.go b/pkg/handler/channels.go
@@ -122,26 +122,30 @@ func ChannelUpdate(w http.ResponseWriter, r *http.Request) {
 		if len(v) == 0 {
 			return
 		}
+		c.Assert(ch.Name != v, "200: property unchanged")
 		ch.SetName(v)
 		successCb(ch, n, v)
 	case "position":
 		i, err := strconv.Atoi(v)
 		if err != nil {
 			return
 		}
+		c.Assert(ch.Position != i, "200: property unchanged")
 		ch.MoveTo(i)
 		successCb(ch, n, v)
 	case "description":
 		if len(v) == 0 {
 			return
 		}
+		c.Assert(ch.Description != v, "200: property unchanged")
 		ch.SetDescription(v)
 		successCb(ch, n, v)
 	case "history_off":
 		b, err := strconv.ParseBool(v)
 		if err != nil {
 			return
 		}
+		c.Assert(ch.HistoryOff != b, "200: property unchanged")
 		ch.EnableHistory(b)
 		successCb(ch, n, v)
 	}

diff --git a/pkg/handler/handler.go b/pkg/handler/handler.go
@@ -125,7 +125,7 @@ func ApiPropertyUpdate(w http.ResponseWriter, r *http.Request) {
 	c.Assert(usp.ManageServer, "403: users require the manage_server permission to update properties")
 	c.Assert(db.Props.Has(n), "400: specified property does not exist")
 
-	db.Props.Set(n, v)
+	c.Assert(db.Props.Set(n, v), "200: property unchanged")
 	db.CreateAudit(db.ActionSettingUpdate, user, "", n, v)
 	writeAPIResponse(r, w, true, http.StatusOK, []string{n, v})
 }

diff --git a/pkg/handler/invites.go b/pkg/handler/invites.go
@@ -10,6 +10,7 @@ import (
 	"github.com/nektro/mantle/pkg/handler/controls"
 	"github.com/nektro/mantle/pkg/ws"
 
+	"github.com/nektro/go.etc/dbt"
 	"github.com/nektro/go.etc/htp"
 )
 
@@ -74,11 +75,13 @@ func InviteUpdate(w http.ResponseWriter, r *http.Request) {
 		_, x, err := hGrabInt(v)
 		c.Assert(err == nil, "400: error parsing p_value")
 		c.Assert(x >= 0, "400: p_value must be >= 0")
+		c.Assert(iv.MaxUses != x, "200: property unchanged")
 		iv.SetMaxUses(x)
 		successCb(iv, n, v)
 	case "mode":
 		x, err := strconv.Atoi(v)
 		c.AssertNilErr(err)
+		c.Assert(iv.Mode != x, "200: property unchanged")
 		iv.SetMode(x)
 		successCb(iv, n, v)
 	case "expires_in":
@@ -88,11 +91,13 @@ func InviteUpdate(w http.ResponseWriter, r *http.Request) {
 		c.AssertNilErr(err)
 		b, err := strconv.Atoi(spl[1])
 		c.AssertNilErr(err)
+		c.Assert(iv.ExpiresIn != [...]int{a, b}, "200: property unchanged")
 		iv.SetExpIn([...]int{a, b})
 		successCb(iv, n, v)
 	case "expires_on":
 		t, err := time.Parse("2006-01-02", v)
 		c.AssertNilErr(err)
+		c.Assert(iv.ExpiresOn != dbt.Time(t), "200: property unchanged")
 		iv.SetExpOn(t)
 		successCb(iv, n, v)
 	}

diff --git a/pkg/handler/roles.go b/pkg/handler/roles.go
@@ -83,27 +83,31 @@ func RoleUpdate(w http.ResponseWriter, r *http.Request) {
 		if len(v) == 0 {
 			return
 		}
+		c.Assert(rl.Name != v, "200: property unchanged")
 		rl.SetName(v)
 		successCb(rl, n, v)
 	case "color":
 		_, err := colors.Parse(v)
 		if err != nil {
 			return
 		}
+		c.Assert(rl.Color != v, "200: property unchanged")
 		rl.SetColor(v)
 		successCb(rl, n, v)
 	case "position":
 		i, err := strconv.Atoi(v)
 		if err != nil {
 			return
 		}
+		c.Assert(rl.Position != i, "200: property unchanged")
 		rl.MoveTo(i)
 		successCb(rl, n, v)
 	case "distinguish":
 		b, err := strconv.ParseBool(v)
 		if err != nil {
 			return
 		}
+		c.Assert(rl.Distinguish != b, "200: property unchanged")
 		rl.SetDistinguish(b)
 		successCb(rl, n, v)
 	}

diff --git a/pkg/handler/users.go b/pkg/handler/users.go
@@ -2,6 +2,7 @@ package handler
 
 import (
 	"net/http"
+	"strconv"
 
 	"github.com/nektro/mantle/pkg/db"
 	"github.com/nektro/mantle/pkg/handler/controls"
@@ -71,6 +72,7 @@ func UserUpdate(w http.ResponseWriter, r *http.Request) {
 		if user.UUID != u.UUID {
 			return
 		}
+		c.Assert(u.Nickname != v, "200: property unchanged")
 		u.SetNickname(v)
 		successCb(u, n, v)
 	case "add_role":
@@ -79,6 +81,7 @@ func UserUpdate(w http.ResponseWriter, r *http.Request) {
 		if !ok {
 			return
 		}
+		c.Assert(!u.HasRole(rl.UUID), "200: property unchanged")
 		c.Assert(up.ManageRoles, "403: users require the manage_roles permission to update roles")
 		c.Assert(user.GetRolesSorted()[0].Position < rl.Position, "403: role rank must be higher to update")
 		u.AddRole(vr)
@@ -89,6 +92,7 @@ func UserUpdate(w http.ResponseWriter, r *http.Request) {
 		if !ok {
 			return
 		}
+		c.Assert(u.HasRole(rl.UUID), "200: property unchanged")
 		c.Assert(up.ManageRoles, "403: users require the manage_roles permission to update roles")
 		c.Assert(user.GetRolesSorted()[0].Position < rl.Position, "403: role rank must be higher to update")
 		u.RemoveRole(vr)