Merge pull request #3944 from shtrom/always-hash-exists-url

Always hash exists url
author: Jérémy Benoist <j0k3r@users.noreply.github.com> 2019-05-28 14:18:33 +0200
committer: GitHub <noreply@github.com> 2019-05-28 14:18:33 +0200
commit: 2cbee36a0184786644470a84fdd8c720cfcac58e (patch)
tree: 33c6040c050f85c537f8dbf5e91d8c281db092cd
parent: 48d136d3a08d7f4ca8e0d434d8104c746d31957d (diff)
parent: 629a3797bcef33943df8ef5631328e05d12634ed (diff)
download: wallabag-2cbee36a0184786644470a84fdd8c720cfcac58e.tar.gz
wallabag-2cbee36a0184786644470a84fdd8c720cfcac58e.tar.zst
wallabag-2cbee36a0184786644470a84fdd8c720cfcac58e.zip
5 files changed, 80 insertions, 47 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/EntryRestController.php b/src/Wallabag/ApiBundle/Controller/EntryRestController.php
index d9d99c85..aaacdcdc 100644
--- a/src/Wallabag/ApiBundle/Controller/EntryRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/EntryRestController.php
@@ -14,6 +14,7 @@ use Wallabag\CoreBundle\Entity\Entry;
 use Wallabag\CoreBundle\Entity\Tag;
 use Wallabag\CoreBundle\Event\EntryDeletedEvent;
 use Wallabag\CoreBundle\Event\EntrySavedEvent;
+use Wallabag\CoreBundle\Helper\UrlHasher;
 class EntryRestController extends WallabagRestController
 {
@@ -43,50 +44,45 @@ class EntryRestController extends WallabagRestController
        $returnId = (null === $request->query->get('return_id')) ? false : (bool) $request->query->get('return_id');
-        $urls = $request->query->get('urls', []);
        $hashedUrls = $request->query->get('hashed_urls', []);
+        $hashedUrl = $request->query->get('hashed_url', '');
+        if (!empty($hashedUrl)) {
+            $hashedUrls[] = $hashedUrl;
+        }
-        // handle multiple urls first
+        $urls = $request->query->get('urls', []);
-        if (!empty($hashedUrls)) {
+        $url = $request->query->get('url', '');
-            $results = [];
+        if (!empty($url)) {
-            foreach ($hashedUrls as $hashedUrl) {
+            $urls[] = $url;
-                $res = $repo->findByHashedUrlAndUserId($hashedUrl, $this->getUser()->getId());
+        }
-                $results[$hashedUrl] = $this->returnExistInformation($res, $returnId);
-            }
-            return $this->sendResponse($results);
+        $urlHashMap = [];
+        foreach ($urls as $urlToHash) {
+            $urlHash = UrlHasher::hashUrl($urlToHash);
+            $hashedUrls[] = $urlHash;
+            $urlHashMap[$urlHash] = $urlToHash;
        }
-        // @deprecated, to be remove in 3.0
+        if (empty($hashedUrls)) {
-        if (!empty($urls)) {
+            throw $this->createAccessDeniedException('URL is empty?, logged user id: ' . $this->getUser()->getId());
-            $results = [];
+        }
-            foreach ($urls as $url) {
-                $res = $repo->findByUrlAndUserId($url, $this->getUser()->getId());
-                $results[$url] = $this->returnExistInformation($res, $returnId);
+        $results = [];
-            }
+        foreach ($hashedUrls as $hashedUrlToSearch) {
+            $res = $repo->findByHashedUrlAndUserId($hashedUrlToSearch, $this->getUser()->getId());
-            return $this->sendResponse($results);
+            $results[$hashedUrlToSearch] = $this->returnExistInformation($res, $returnId);
        }
-        // let's see if it is a simple url?
+        $results = $this->replaceUrlHashes($results, $urlHashMap);
-        $url = $request->query->get('url', '');
-        $hashedUrl = $request->query->get('hashed_url', '');
-        if (empty($url) && empty($hashedUrl)) {
+        if (!empty($url) || !empty($hashedUrl)) {
-            throw $this->createAccessDeniedException('URL is empty?, logged user id: ' . $this->getUser()->getId());
+            $hu = array_keys($results)[0];
-        }
-        $method = 'findByUrlAndUserId';
+            return $this->sendResponse(['exists' => $results[$hu]]);
-        if (!empty($hashedUrl)) {
-            $method = 'findByHashedUrlAndUserId';
-            $url = $hashedUrl;
        }
-        $res = $repo->$method($url, $this->getUser()->getId());
+        return $this->sendResponse($results);
-        return $this->sendResponse(['exists' => $this->returnExistInformation($res, $returnId)]);
    }
    /**
@@ -805,6 +801,24 @@ class EntryRestController extends WallabagRestController
    }
    /**
+     * Replace the hashedUrl keys in $results with the unhashed URL from the
+     * request, as recorded in $urlHashMap.
+     */
+    private function replaceUrlHashes(array $results, array $urlHashMap)
+    {
+        $newResults = [];
+        foreach ($results as $hash => $res) {
+            if (isset($urlHashMap[$hash])) {
+                $newResults[$urlHashMap[$hash]] = $res;
+            } else {
+                $newResults[$hash] = $res;
+            }
+        }
+        return $newResults;
+    }
+    /**
     * Retrieve value from the request.
     * Used for POST & PATCH on a an entry.
     *
@@ -832,8 +846,8 @@ class EntryRestController extends WallabagRestController
    /**
     * Return information about the entry if it exist and depending on the id or not.
     *
-     * @param Entry|null $entry
+     * @param Entry|bool|null $entry
-     * @param bool       $returnId
+     * @param bool            $returnId
     *
     * @return bool|int
     */
diff --git a/src/Wallabag/CoreBundle/Command/GenerateUrlHashesCommand.php b/src/Wallabag/CoreBundle/Command/GenerateUrlHashesCommand.php
index 45bd8c5f..8f2bff11 100644
--- a/src/Wallabag/CoreBundle/Command/GenerateUrlHashesCommand.php
+++ b/src/Wallabag/CoreBundle/Command/GenerateUrlHashesCommand.php
@@ -7,6 +7,7 @@ use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
+use Wallabag\CoreBundle\Helper\UrlHasher;
 use Wallabag\UserBundle\Entity\User;
 class GenerateUrlHashesCommand extends ContainerAwareCommand
@@ -65,7 +66,7 @@ class GenerateUrlHashesCommand extends ContainerAwareCommand
        $i = 1;
        foreach ($entries as $entry) {
-            $entry->setHashedUrl(hash('sha1', $entry->getUrl()));
+            $entry->setHashedUrl(UrlHasher::hashUrl($entry->getUrl()));
            $em->persist($entry);
            if (0 === ($i % 20)) {
@@ -84,7 +85,7 @@ class GenerateUrlHashesCommand extends ContainerAwareCommand
     *
     * @param string $username
     *
-     * @return \Wallabag\UserBundle\Entity\User
+     * @return User
     */
    private function getUser($username)
    {
diff --git a/src/Wallabag/CoreBundle/Entity/Entry.php b/src/Wallabag/CoreBundle/Entity/Entry.php
index c3fb87d2..1b4367fd 100644
--- a/src/Wallabag/CoreBundle/Entity/Entry.php
+++ b/src/Wallabag/CoreBundle/Entity/Entry.php
@@ -13,6 +13,7 @@ use JMS\Serializer\Annotation\XmlRoot;
 use Symfony\Component\Validator\Constraints as Assert;
 use Wallabag\AnnotationBundle\Entity\Annotation;
 use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
+use Wallabag\CoreBundle\Helper\UrlHasher;
 use Wallabag\UserBundle\Entity\User;
 /**
@@ -324,7 +325,7 @@ class Entry
    public function setUrl($url)
    {
        $this->url = $url;
-        $this->hashedUrl = hash('sha1', $url);
+        $this->hashedUrl = UrlHasher::hashUrl($url);
        return $this;
    }
diff --git a/src/Wallabag/CoreBundle/Helper/UrlHasher.php b/src/Wallabag/CoreBundle/Helper/UrlHasher.php
new file mode 100644
index 00000000..d123eaba
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Helper/UrlHasher.php
@@ -0,0 +1,23 @@
+<?php
+namespace Wallabag\CoreBundle\Helper;
+/**
+ * Hash URLs for privacy and performance.
+ */
+class UrlHasher
+{
+    /**
+     * Hash the given url using the given algorithm.
+     * Hashed url are faster to be retrieved in the database than the real url.
+     *
+     * @param string $url
+     * @param string $algorithm
+     *
+     * @return string
+     */
+    public static function hashUrl(string $url, $algorithm = 'sha1')
+    {
+        return hash($algorithm, urldecode($url));
+    }
+}
diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
index 3990932e..880e7c65 100644
--- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php
+++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
@@ -9,6 +9,7 @@ use Pagerfanta\Adapter\DoctrineORMAdapter;
 use Pagerfanta\Pagerfanta;
 use Wallabag\CoreBundle\Entity\Entry;
 use Wallabag\CoreBundle\Entity\Tag;
+use Wallabag\CoreBundle\Helper\UrlHasher;
 class EntryRepository extends EntityRepository
 {
@@ -348,17 +349,10 @@ class EntryRepository extends EntityRepository
     */
    public function findByUrlAndUserId($url, $userId)
    {
-        $res = $this->createQueryBuilder('e')
+        return $this->findByHashedUrlAndUserId(
-            ->where('e.url = :url')->setParameter('url', urldecode($url))
+            UrlHasher::hashUrl($url),
-            ->andWhere('e.user = :user_id')->setParameter('user_id', $userId)
+            $userId
-            ->getQuery()
+        );
-            ->getResult();
-        if (\count($res)) {
-            return current($res);
-        }
-        return false;
    }
    /**
author	Jérémy Benoist <j0k3r@users.noreply.github.com>	2019-05-28 14:18:33 +0200
committer	GitHub <noreply@github.com>	2019-05-28 14:18:33 +0200
commit	2cbee36a0184786644470a84fdd8c720cfcac58e (patch)
tree	33c6040c050f85c537f8dbf5e91d8c281db092cd
parent	48d136d3a08d7f4ca8e0d434d8104c746d31957d (diff)
parent	629a3797bcef33943df8ef5631328e05d12634ed (diff)
download	wallabag-2cbee36a0184786644470a84fdd8c720cfcac58e.tar.gz wallabag-2cbee36a0184786644470a84fdd8c720cfcac58e.tar.zst wallabag-2cbee36a0184786644470a84fdd8c720cfcac58e.zip