From 4ac00017953569e6e789788044c19c22f66b110a Mon Sep 17 00:00:00 2001
From: sam <sam@sleepycat.moe>
Date: Wed, 11 Sep 2024 16:34:08 +0200
Subject: [PATCH] fix: only query user ID in /api/internal/request-data

---
 .idea/.idea.Foxnouns.NET/.idea/watcherTasks.xml      |  4 ++++
 Foxnouns.Backend/Controllers/InternalController.cs   |  4 ++--
 Foxnouns.Backend/Database/DatabaseQueryExtensions.cs | 10 ++++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 .idea/.idea.Foxnouns.NET/.idea/watcherTasks.xml

diff --git a/.idea/.idea.Foxnouns.NET/.idea/watcherTasks.xml b/.idea/.idea.Foxnouns.NET/.idea/watcherTasks.xml
new file mode 100644
index 0000000..fb0d65a
--- /dev/null
+++ b/.idea/.idea.Foxnouns.NET/.idea/watcherTasks.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectTasksOptions" suppressed-tasks="SCSS" />
+</project>
\ No newline at end of file
diff --git a/Foxnouns.Backend/Controllers/InternalController.cs b/Foxnouns.Backend/Controllers/InternalController.cs
index eb22881..cda2edb 100644
--- a/Foxnouns.Backend/Controllers/InternalController.cs
+++ b/Foxnouns.Backend/Controllers/InternalController.cs
@@ -43,8 +43,8 @@ public partial class InternalController(DatabaseContext db, IClock clock) : Cont
         if (!AuthUtils.TryParseToken(req.Token, out var rawToken))
             return Ok(new RequestDataResponse(null, template));
 
-        var oauthToken = await db.GetToken(rawToken);
-        return Ok(new RequestDataResponse(oauthToken?.UserId, template));
+        var userId = await db.GetTokenUserId(rawToken);
+        return Ok(new RequestDataResponse(userId, template));
     }
 
     public record RequestDataRequest(string? Token, string Method, string Path);
diff --git a/Foxnouns.Backend/Database/DatabaseQueryExtensions.cs b/Foxnouns.Backend/Database/DatabaseQueryExtensions.cs
index 6fe4c58..f8a544c 100644
--- a/Foxnouns.Backend/Database/DatabaseQueryExtensions.cs
+++ b/Foxnouns.Backend/Database/DatabaseQueryExtensions.cs
@@ -110,6 +110,7 @@ public static class DatabaseQueryExtensions
         CancellationToken ct = default)
     {
         var hash = SHA512.HashData(rawToken);
+
         var oauthToken = await context.Tokens
             .Include(t => t.Application)
             .Include(t => t.User)
@@ -119,4 +120,13 @@ public static class DatabaseQueryExtensions
 
         return oauthToken;
     }
+
+    public static async Task<Snowflake?> GetTokenUserId(this DatabaseContext context, byte[] rawToken,
+        CancellationToken ct = default)
+    {
+        var hash = SHA512.HashData(rawToken);
+        return await context.Tokens
+            .Where(t => t.Hash == hash && t.ExpiresAt > SystemClock.Instance.GetCurrentInstant() && !t.ManuallyExpired)
+            .Select(t => t.UserId).FirstOrDefaultAsync(ct);
+    }
 }
\ No newline at end of file