[Bug]: articles api is broken

[tobiu]

Relevant scope

Backend specs

Description

not sure if the specs changed.

open: https://demo.realworld.how/

500 internal server error: "\nInvalid prisma.article.count() invocation:\n\n\nError occurred during query execution:\nConnectorError(ConnectorError { user_facing_error: None, kind: QueryError(PostgresError { code: \"26000\", message: \"prepared statement \\"s1555\\" does not exist\", severity: \"ERROR\", detail: None, column: None, hint: None }), transient: false })"

[tobiu]

direct link: https://api.realworld.io/api/articles

[geromegrignon]

Hi @tobiu it happens sometimes since I had to move from a free to a paid database due to the current traffic.

I need to investigate on it (more likely related to PG bouncer) but I don't have free available time for it right now.

The daily server reset sounds fixing it meanwhile.

[benmccann]

Update from https://github.com/gothinkster/realworld/issues/1611 states that the API server has been deleted. I can't say that I would envy the responsibility of maintaining such a service, so that's totally understandable. Thank you @geromegrignon for your years of shepherding this project and building it into what it is! I wonder if there might be a way for the community to take over ownership to keep it alive?

A couple of ideas:

• in terms of the hosting fees, I'd be happy to seek out a sponsor. I personally would not want to be responsible for keeping the API up and monitoring it, but it's possible someone from the community would
• we might also be able to avoid the issue entirely by saying that you have to run the API service locally in a docker container or from a SQLite DB. I think this is less valuable than the publicly hosted implementations we have today, but still useful and would be preferable to seeing the project go away

[secure-code-warrior-for-github[bot]]

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "SQLi"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try a challenge in Secure Code Warrior

Helpful references

• PHP SQL Injection Page - A detailed page on SQL injection in the online PHP manual.
• OWASP SQL Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications.
• OWASP SQL Injection - OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.
• OWASP Query Parameterization Cheat Sheet - A derivative work of the OWASP SQL Injection Prevention Cheat Sheet focused on SQL query parameterization.
• Preventing SQL Injection Attacks With Python - A tutorial on crafting parameterized queries, SQL composition and safe query execution in Python.