feat: add env file support and parameterize SQL queries

Add .env and .env.local loading with InitEnv() helper that reads
environment variables from config files without overwriting existing
values.

Refactor SQL queries to use parameterized arguments instead of
string formatting for LIMIT/OFFSET clauses, improving query security
and preventing SQL injection vulnerabilities.

Clean up unnecessary rows.Close() calls and simplify error handling
in database query functions.
This commit is contained in:
db123-test
2026-05-05 19:13:42 +03:30
parent ac25f4f4c5
commit c3869f4f10
4 changed files with 77 additions and 10 deletions

View File

@@ -142,11 +142,7 @@ func IsPermanentWhitelisted(db *sql.DB, ip string) (bool, error) {
if err := rows.Scan(&entry); err != nil {
continue
}
matches, err := ipMatchesEntry(ip, entry)
if err != nil {
continue
}
if matches {
if matches, _ := ipMatchesEntry(ip, entry); matches {
return true, nil
}
}
@@ -221,10 +217,8 @@ func CleanupExpiredTemp(db *sql.DB) error {
}
}
if err := rows.Err(); err != nil {
rows.Close()
return err
}
rows.Close()
_, err = db.Exec(`DELETE FROM temp_whitelist WHERE expires_at <= ?`, time.Now().Format(time.RFC3339))
if err != nil {