openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(calendar): NaN guard on subscription IDs, user_modified for all external sources

Browse Source
This commit is contained in:
Ulas Kalayci
2026-04-20 23:57:15 +02:00
parent ed0618cf75
commit 3cd5f31c0d
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/index.js
+1
View File
@@ -224,6 +224,7 @@ async function runSync() {
appleCalendar.sync().catch((e) => logSync.error('Apple Fehler:', e.message)); appleCalendar.sync().catch((e) => logSync.error('Apple Fehler:', e.message));
} }
// ICS: kein Guard nötig — sync() fragt die DB ab und kehrt sofort zurück wenn keine Abonnements existieren
icsSubscription.sync().catch((e) => logSync.error('ICS Fehler:', e.message)); icsSubscription.sync().catch((e) => logSync.error('ICS Fehler:', e.message));
} }
server/routes/calendar.js
+7 -3
View File
@@ -137,7 +137,7 @@ router.get('/', (req, res) => {
(e.recurrence_rule IS NOT NULL AND DATE(e.start_datetime) <= ?) (e.recurrence_rule IS NOT NULL AND DATE(e.start_datetime) <= ?)
) )
AND ( AND (
e.external_source != 'ics' e.external_source <> 'ics'
OR e.subscription_id IN ( OR e.subscription_id IN (
SELECT id FROM ics_subscriptions WHERE shared = 1 OR created_by = ? SELECT id FROM ics_subscriptions WHERE shared = 1 OR created_by = ?
) )
@@ -191,7 +191,7 @@ router.get('/upcoming', (req, res) => {
(e.recurrence_rule IS NOT NULL AND DATE(e.start_datetime) <= ?) (e.recurrence_rule IS NOT NULL AND DATE(e.start_datetime) <= ?)
) )
AND ( AND (
e.external_source != 'ics' e.external_source <> 'ics'
OR e.subscription_id IN ( OR e.subscription_id IN (
SELECT id FROM ics_subscriptions WHERE shared = 1 OR created_by = ? SELECT id FROM ics_subscriptions WHERE shared = 1 OR created_by = ?
) )
@@ -425,6 +425,7 @@ router.post('/subscriptions', async (req, res) => {
router.patch('/subscriptions/:id', (req, res) => { router.patch('/subscriptions/:id', (req, res) => {
try { try {
const subId = parseInt(req.params.id, 10); const subId = parseInt(req.params.id, 10);
if (!Number.isFinite(subId)) return res.status(400).json({ error: 'Ungültige ID.', code: 400 });
const isAdmin = req.session.isAdmin; const isAdmin = req.session.isAdmin;
const fields = {}; const fields = {};
if (req.body.name !== undefined) { if (req.body.name !== undefined) {
@@ -452,6 +453,7 @@ router.patch('/subscriptions/:id', (req, res) => {
router.delete('/subscriptions/:id', (req, res) => { router.delete('/subscriptions/:id', (req, res) => {
try { try {
const subId = parseInt(req.params.id, 10); const subId = parseInt(req.params.id, 10);
if (!Number.isFinite(subId)) return res.status(400).json({ error: 'Ungültige ID.', code: 400 });
const isAdmin = req.session.isAdmin; const isAdmin = req.session.isAdmin;
const ok = icsSubscription.remove(req.session.userId, subId, isAdmin); const ok = icsSubscription.remove(req.session.userId, subId, isAdmin);
if (!ok) return res.status(404).json({ error: 'Abonnement nicht gefunden.', code: 404 }); if (!ok) return res.status(404).json({ error: 'Abonnement nicht gefunden.', code: 404 });
@@ -466,6 +468,7 @@ router.delete('/subscriptions/:id', (req, res) => {
router.post('/subscriptions/:id/sync', async (req, res) => { router.post('/subscriptions/:id/sync', async (req, res) => {
try { try {
const subId = parseInt(req.params.id, 10); const subId = parseInt(req.params.id, 10);
if (!Number.isFinite(subId)) return res.status(400).json({ error: 'Ungültige ID.', code: 400 });
const isAdmin = req.session.isAdmin; const isAdmin = req.session.isAdmin;
const sub = db.get().prepare('SELECT * FROM ics_subscriptions WHERE id = ?').get(subId); const sub = db.get().prepare('SELECT * FROM ics_subscriptions WHERE id = ?').get(subId);
if (!sub) return res.status(404).json({ error: 'Abonnement nicht gefunden.', code: 404 }); if (!sub) return res.status(404).json({ error: 'Abonnement nicht gefunden.', code: 404 });
@@ -593,7 +596,7 @@ router.put('/:id', (req, res) => {
all_day, location, color: colorVal, assigned_to, recurrence_rule, all_day, location, color: colorVal, assigned_to, recurrence_rule,
} = req.body; } = req.body;
const userModified = event.external_source === 'ics' ? 1 : event.user_modified; const userModified = event.external_source !== 'local' ? 1 : event.user_modified;
db.get().prepare(` db.get().prepare(`
UPDATE calendar_events UPDATE calendar_events
@@ -649,6 +652,7 @@ router.put('/:id', (req, res) => {
router.post('/:id/reset', (req, res) => { router.post('/:id/reset', (req, res) => {
try { try {
const id = parseInt(req.params.id, 10); const id = parseInt(req.params.id, 10);
if (!Number.isFinite(id)) return res.status(400).json({ error: 'Ungültige ID.', code: 400 });
const event = db.get().prepare(` const event = db.get().prepare(`
SELECT e.*, s.created_by AS sub_created_by SELECT e.*, s.created_by AS sub_created_by
FROM calendar_events e FROM calendar_events e