Skip to content

Commit c4ee7ad

Browse files
authored
fix(auth): quote reserved "window" column in rate-limit SQL for Postgres (emdash-cms#946)
* fix(auth): quote reserved "window" column in rate-limit SQL for Postgres * add changeset
1 parent 514d32d commit c4ee7ad

2 files changed

Lines changed: 8 additions & 3 deletions

File tree

.changeset/sweet-toys-matter.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
"emdash": patch
3+
---
4+
5+
Fixes Postgres rate-limit queries by quoting the reserved `window` column name.

packages/core/src/auth/rate-limit.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,9 +63,9 @@ export async function checkRateLimit(
6363

6464
// Atomic upsert: insert or increment, return current count
6565
const result = await sql<{ count: number }>`
66-
INSERT INTO _emdash_rate_limits (key, window, count)
66+
INSERT INTO _emdash_rate_limits (key, "window", count)
6767
VALUES (${key}, ${windowStart}, 1)
68-
ON CONFLICT (key, window)
68+
ON CONFLICT (key, "window")
6969
DO UPDATE SET count = _emdash_rate_limits.count + 1
7070
RETURNING count
7171
`.execute(db);
@@ -179,7 +179,7 @@ export async function cleanupExpiredRateLimits(
179179
const cutoff = new Date(Date.now() - maxAgeSeconds * 1000).toISOString();
180180

181181
const result = await sql`
182-
DELETE FROM _emdash_rate_limits WHERE window < ${cutoff}
182+
DELETE FROM _emdash_rate_limits WHERE "window" < ${cutoff}
183183
`.execute(db);
184184

185185
return Number(result.numAffectedRows ?? 0);

0 commit comments

Comments
 (0)