Remove all select * from the server queries (#347)

It's not ideal as we should be explicit about what is being queried! A part one for sorting this all out :)
atuinsh · Apr 26, 2022 · 8ac6571 · 8ac6571
1 parent 4030de4
commit 8ac6571
Showing 1 changed file with 11 additions and 9 deletions.
diff --git a/atuin-server/src/database.rs b/atuin-server/src/database.rs
@@ -80,24 +80,26 @@ impl Postgres {
 impl Database for Postgres {
     #[instrument(skip_all)]
     async fn get_session(&self, token: &str) -> Result<Session> {
-        sqlx::query_as::<_, Session>("select * from sessions where token = $1")
+        sqlx::query_as::<_, Session>("select id, user_id, token from sessions where token = $1")
             .bind(token)
             .fetch_one(&self.pool)
             .await
     }
 
     #[instrument(skip_all)]
     async fn get_user(&self, username: &str) -> Result<User> {
-        sqlx::query_as::<_, User>("select * from users where username = $1")
-            .bind(username)
-            .fetch_one(&self.pool)
-            .await
+        sqlx::query_as::<_, User>(
+            "select id, username, email, password from users where username = $1",
+        )
+        .bind(username)
+        .fetch_one(&self.pool)
+        .await
     }
 
     #[instrument(skip_all)]
     async fn get_session_user(&self, token: &str) -> Result<User> {
         sqlx::query_as::<_, User>(
-            "select * from users 
+            "select users.id, users.username, user.email, users.password from users 
             inner join sessions 
             on users.id = sessions.user_id 
             and sessions.token = $1",
@@ -222,7 +224,7 @@ impl Database for Postgres {
         host: &str,
     ) -> Result<Vec<History>> {
         let res = sqlx::query_as::<_, History>(
-            "select * from history 
+            "select id, client_id, user_id, hostname, timestamp, data, created_at from history 
             where user_id = $1
             and hostname != $2
             and created_at >= $3
@@ -311,7 +313,7 @@ impl Database for Postgres {
 
     #[instrument(skip_all)]
     async fn get_user_session(&self, u: &User) -> Result<Session> {
-        sqlx::query_as::<_, Session>("select * from sessions where user_id = $1")
+        sqlx::query_as::<_, Session>("select id, user_id, token from sessions where user_id = $1")
             .bind(u.id)
             .fetch_one(&self.pool)
             .await
@@ -320,7 +322,7 @@ impl Database for Postgres {
     #[instrument(skip_all)]
     async fn oldest_history(&self, user: &User) -> Result<History> {
         let res = sqlx::query_as::<_, History>(
-            "select * from history 
+            "select id, client_id, user_id, hostname, timestamp, data, created_at from history 
             where user_id = $1
             order by timestamp asc
             limit 1",