Harden database security and reliability

Enable WAL mode for better concurrency, serialize writes to prevent database lock errors, and fix SQL injection vulnerability in GetNotes by using parameterized queries. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
author: Peter Stone <thepeterstone@gmail.com> 2026-01-12 13:13:20 -1000
committer: Peter Stone <thepeterstone@gmail.com> 2026-01-12 13:13:20 -1000
commit: 4c03e9cdd204592e5bcd5deb01035ad85904a2b1 (patch)
tree: 0efd267106cb7b34717022d3d303bf4e02e34b43 /internal/store/sqlite.go
parent: 9fe0998436488537a8a2e8ffeefb0c4424b41c60 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/internal/store/sqlite.go b/internal/store/sqlite.go
index 45d7746..e2b0aee 100644
--- a/internal/store/sqlite.go
+++ b/internal/store/sqlite.go
@@ -29,6 +29,14 @@ func New(dbPath string) (*Store, error) {
 		return nil, fmt.Errorf("failed to enable foreign keys: %w", err)
 	}
 
+	// Enable WAL mode for better concurrency
+	if _, err := db.Exec("PRAGMA journal_mode = WAL"); err != nil {
+		return nil, fmt.Errorf("failed to enable WAL mode: %w", err)
+	}
+
+	// Serialize writes to prevent "database is locked" errors
+	db.SetMaxOpenConns(1)
+
 	store := &Store{db: db}
 
 	// Run migrations
@@ -204,11 +212,13 @@ func (s *Store) GetNotes(limit int) ([]models.Note, error) {
 		FROM notes
 		ORDER BY modified DESC
 	`
+	var args []interface{}
 	if limit > 0 {
-		query += fmt.Sprintf(" LIMIT %d", limit)
+		query += " LIMIT ?"
+		args = append(args, limit)
 	}
 
-	rows, err := s.db.Query(query)
+	rows, err := s.db.Query(query, args...)
 	if err != nil {
 		return nil, err
 	}
author	Peter Stone <thepeterstone@gmail.com>	2026-01-12 13:13:20 -1000
committer	Peter Stone <thepeterstone@gmail.com>	2026-01-12 13:13:20 -1000
commit	4c03e9cdd204592e5bcd5deb01035ad85904a2b1 (patch)
tree	0efd267106cb7b34717022d3d303bf4e02e34b43 /internal/store/sqlite.go
parent	9fe0998436488537a8a2e8ffeefb0c4424b41c60 (diff)