diff --git a/go/pkg/launchpad/service.go b/go/pkg/launchpad/service.go index 2534fb613d..6698096ae0 100644 --- a/go/pkg/launchpad/service.go +++ b/go/pkg/launchpad/service.go @@ -254,8 +254,10 @@ func (s *Launchpad) CollectionsByCreator(ctx context.Context, req *launchpadpb.C orderSQL = "lp.collection_name" + orderDirection } - err = s.conf.IndexerDB.Raw(`SELECT collection_data from launchpad_projects ORDER BY %s`, - orderSQL, // ORDER BY here or it won't work + err = s.conf.IndexerDB.Raw(fmt.Sprintf( + ` + SELECT collection_data FROM launchpad_projects AS lp ORDER BY %s + `, orderSQL), // ORDER BY here or it won't work ).Scan(&projects).Error if err != nil { return nil, errors.Wrap(err, "failed to query database") @@ -287,6 +289,11 @@ func (s *Launchpad) LaunchpadProjects(ctx context.Context, req *launchpadpb.Laun return nil, errors.New("missing network id") } + userAddress := req.GetUserAddress() + if userAddress == "" { + return nil, errors.New("missing user address") + } + _, err := s.conf.NetworkStore.GetNetwork(networkID) if err != nil { return nil, errors.Wrap(err, fmt.Sprintf("unknown network id '%s'", networkID)) @@ -295,25 +302,24 @@ func (s *Launchpad) LaunchpadProjects(ctx context.Context, req *launchpadpb.Laun // TODO: user authentication (Member of the admin DAO) // Control if sender is member of the admin DAO daoAdminAddress := "tori129kpfu7krgumuc38hfyxwfluq7eu06rhr3awcztr3a9cgjjcx5hswlqj8v" - userAddress := req.GetUserAddress() var isUserAuthorized bool err = s.conf.IndexerDB.Raw(` SELECT EXISTS ( SELECT 1 FROM dao_members dm JOIN daos d ON dm.dao_contract_address = d.contract_address - WHERE d.address = ? - WHERE dm.member_address = ? + WHERE d.contract_address = ? + AND dm.member_address = ? ) AS dao_exists; `, daoAdminAddress, userAddress, ).Scan(&isUserAuthorized).Error if err != nil { - return errors.Wrap(err, "failed to query database") + return nil, errors.Wrap(err, "failed to query database") } if !isUserAuthorized { - return errors.New("Unauthorized") + return nil, errors.New("Unauthorized") } var projects []launchpadpb.LaunchpadProject @@ -332,8 +338,10 @@ func (s *Launchpad) LaunchpadProjects(ctx context.Context, req *launchpadpb.Laun orderSQL = "lp.collection_name" + orderDirection } - err = s.conf.IndexerDB.Raw(`SELECT * from launchpad_projects ORDER BY %s`, - orderSQL, // ORDER BY here or it won't work + err = s.conf.IndexerDB.Raw(fmt.Sprintf( + ` + SELECT * FROM launchpad_projects AS lp ORDER BY %s + `, orderSQL), // ORDER BY here or it won't work ).Scan(&projects).Error if err != nil { return nil, errors.Wrap(err, "failed to query database")