Escape "query" parameter

thinca · sivchari · commit f133f86b75e7 · 2022-01-10T19:37:19.000+09:00
"query" parameter may contains any characters such as "&amp;".
diff --git a/endpoint.go b/endpoint.go
@@ -6,8 +6,8 @@ const (
 	retrieveSingleTweetURL    = "https://api.twitter.com/2/tweets/%v"
 	userTweetTimelineURL      = "https://api.twitter.com/2/users/%v/tweets"
 	userMentionTimelineURL    = "https://api.twitter.com/2/users/%v/mentions"
-	searchRecentTweetsURL     = "https://api.twitter.com/2/tweets/search/recent?query=%v"
-	countsRecentTweetsURL     = "https://api.twitter.com/2/tweets/counts/recent?query=%v"
+	searchRecentTweetsURL     = "https://api.twitter.com/2/tweets/search/recent"
+	countsRecentTweetsURL     = "https://api.twitter.com/2/tweets/counts/recent"
 	addOrDeleteRulesURL       = "https://api.twitter.com/2/tweets/search/stream/rules"
 	retrieveStreamRulesURL    = "https://api.twitter.com/2/tweets/search/stream/rules"
 	connectToStreamURL        = "https://api.twitter.com/2/tweets/search/stream"
@@ -31,7 +31,7 @@ const (
 	spacesURL                    = "https://api.twitter.com/2/spaces?ids="
 	usersPurchasedSpaceTicketURL = "https://api.twitter.com/2/spaces/%v/buyers"
 	discoverSpacesURL            = "https://api.twitter.com/2/spaces/by/creator_ids?user_ids="
-	searchSpacesURL              = "https://api.twitter.com/2/spaces/search?query=%v"
+	searchSpacesURL              = "https://api.twitter.com/2/spaces/search"
 )
 
 const (
diff --git a/search_spaces.go b/search_spaces.go
@@ -12,9 +12,8 @@ func searchSpaces(ctx context.Context, c *client, searchTerm string, opt ...*Sea
 	if searchTerm == "" {
 		return nil, errors.New("search spaces: searchTerm parameter is required")
 	}
-	ep := fmt.Sprintf(searchSpacesURL, searchTerm)
 
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, ep, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, searchSpacesURL, nil)
 	if err != nil {
 		return nil, fmt.Errorf("search spaces new request with ctx: %w", err)
 	}
@@ -29,7 +28,7 @@ func searchSpaces(ctx context.Context, c *client, searchTerm string, opt ...*Sea
 	default:
 		return nil, errors.New("search spaces: too many options")
 	}
-	sopt.addQuery(req)
+	sopt.addQuery(req, searchTerm)
 
 	resp, err := c.client.Do(req)
 	if err != nil {
diff --git a/search_tweet.go b/search_tweet.go
@@ -16,9 +16,7 @@ func searchRecentTweets(ctx context.Context, c *client, tweet string, opt ...*Se
 		return nil, errors.New("search recent tweets: tweet parameter must be less than or equal to 512 characters")
 	}
 
-	ep := fmt.Sprintf(searchRecentTweetsURL, tweet)
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, ep, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, searchRecentTweetsURL, nil)
 	if err != nil {
 		return nil, fmt.Errorf("search recent tweets new request with ctx: %w", err)
 	}
@@ -44,7 +42,7 @@ func searchRecentTweets(ctx context.Context, c *client, tweet string, opt ...*Se
 	if sopt.MaxResults < minimumMaxResults || sopt.MaxResults > maximumMaxResults {
 		return nil, fmt.Errorf("search recent tweets: max results must be between %d and %d", minimumMaxResults, maximumMaxResults)
 	}
-	sopt.addQuery(req)
+	sopt.addQuery(req, tweet)
 
 	resp, err := c.client.Do(req)
 	if err != nil {
diff --git a/space_option.go b/space_option.go
@@ -13,8 +13,9 @@ type SearchSpacesOption struct {
 	UserFields  []UserField
 }
 
-func (s *SearchSpacesOption) addQuery(req *http.Request) {
+func (s *SearchSpacesOption) addQuery(req *http.Request, searchTerm string) {
 	q := req.URL.Query()
+	q.Add("query", searchTerm)
 	if len(s.Expansions) > 0 {
 		q.Add("expansions", strings.Join(expansionsToString(s.Expansions), ","))
 	}
diff --git a/tweet_counts.go b/tweet_counts.go
@@ -12,9 +12,8 @@ func countsRecentTweet(ctx context.Context, c *client, tweet string, opt ...*Twe
 	if tweet == "" {
 		return nil, errors.New("counts recent tweets: tweet parameter is required")
 	}
-	ep := fmt.Sprintf(countsRecentTweetsURL, tweet)
 
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, ep, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, countsRecentTweetsURL, nil)
 	if err != nil {
 		return nil, fmt.Errorf("counts recent tweets new request with ctx: %w", err)
 	}
@@ -29,7 +28,7 @@ func countsRecentTweet(ctx context.Context, c *client, tweet string, opt ...*Twe
 	default:
 		return nil, errors.New("counts recent tweets: only one option is allowed")
 	}
-	topt.addQuery(req)
+	topt.addQuery(req, tweet)
 
 	resp, err := c.client.Do(req)
 	if err != nil {
diff --git a/tweet_option.go b/tweet_option.go
@@ -176,8 +176,9 @@ type SearchTweetsOption struct {
 	UserFields  []UserField
 }
 
-func (t SearchTweetsOption) addQuery(req *http.Request) {
+func (t SearchTweetsOption) addQuery(req *http.Request, tweet string) {
 	q := req.URL.Query()
+	q.Add("query", tweet)
 	if !t.EndTime.IsZero() {
 		q.Add("end_time", t.EndTime.Format(time.RFC3339))
 	}
@@ -227,8 +228,9 @@ type TweetCountsOption struct {
 	Granularity string
 }
 
-func (t *TweetCountsOption) addQuery(req *http.Request) {
+func (t *TweetCountsOption) addQuery(req *http.Request, tweet string) {
 	q := req.URL.Query()
+	q.Add("query", tweet)
 	if !t.StartTime.IsZero() {
 		// YYYY-MM-DDTHH:mm:ssZ (ISO 8601/RFC 3339).
 		q.Add("start_time", t.StartTime.Format(time.RFC3339))

Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,8 @@ func searchSpaces(ctx context.Context, c client, searchTerm string, opt ...Sea`
`12`	`12`	`if searchTerm == "" {`
`13`	`13`	`return nil, errors.New("search spaces: searchTerm parameter is required")`
`14`	`14`	`}`
`15`		`- ep := fmt.Sprintf(searchSpacesURL, searchTerm)`
`16`	`15`
`17`		`- req, err := http.NewRequestWithContext(ctx, http.MethodGet, ep, nil)`
	`16`	`+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, searchSpacesURL, nil)`
`18`	`17`	`if err != nil {`
`19`	`18`	`return nil, fmt.Errorf("search spaces new request with ctx: %w", err)`
`20`	`19`	`}`
`@@ -29,7 +28,7 @@ func searchSpaces(ctx context.Context, c client, searchTerm string, opt ...Sea`
`29`	`28`	`default:`
`30`	`29`	`return nil, errors.New("search spaces: too many options")`
`31`	`30`	`}`
`32`		`- sopt.addQuery(req)`
	`31`	`+ sopt.addQuery(req, searchTerm)`
`33`	`32`
`34`	`33`	`resp, err := c.client.Do(req)`
`35`	`34`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,7 @@ func searchRecentTweets(ctx context.Context, c client, tweet string, opt ...Se`
`16`	`16`	`return nil, errors.New("search recent tweets: tweet parameter must be less than or equal to 512 characters")`
`17`	`17`	`}`
`18`	`18`
`19`		`- ep := fmt.Sprintf(searchRecentTweetsURL, tweet)`
`20`		`-`
`21`		`- req, err := http.NewRequestWithContext(ctx, http.MethodGet, ep, nil)`
	`19`	`+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, searchRecentTweetsURL, nil)`
`22`	`20`	`if err != nil {`
`23`	`21`	`return nil, fmt.Errorf("search recent tweets new request with ctx: %w", err)`
`24`	`22`	`}`
`@@ -44,7 +42,7 @@ func searchRecentTweets(ctx context.Context, c client, tweet string, opt ...Se`
`44`	`42`	`if sopt.MaxResults < minimumMaxResults \|\| sopt.MaxResults > maximumMaxResults {`
`45`	`43`	`return nil, fmt.Errorf("search recent tweets: max results must be between %d and %d", minimumMaxResults, maximumMaxResults)`
`46`	`44`	`}`
`47`		`- sopt.addQuery(req)`
	`45`	`+ sopt.addQuery(req, tweet)`
`48`	`46`
`49`	`47`	`resp, err := c.client.Do(req)`
`50`	`48`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -13,8 +13,9 @@ type SearchSpacesOption struct {`
`13`	`13`	`UserFields []UserField`
`14`	`14`	`}`
`15`	`15`
`16`		`-func (s SearchSpacesOption) addQuery(req http.Request) {`
	`16`	`+func (s SearchSpacesOption) addQuery(req http.Request, searchTerm string) {`
`17`	`17`	`q := req.URL.Query()`
	`18`	`+ q.Add("query", searchTerm)`
`18`	`19`	`if len(s.Expansions) > 0 {`
`19`	`20`	`q.Add("expansions", strings.Join(expansionsToString(s.Expansions), ","))`
`20`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,8 @@ func countsRecentTweet(ctx context.Context, c client, tweet string, opt ...Twe`
`12`	`12`	`if tweet == "" {`
`13`	`13`	`return nil, errors.New("counts recent tweets: tweet parameter is required")`
`14`	`14`	`}`
`15`		`- ep := fmt.Sprintf(countsRecentTweetsURL, tweet)`
`16`	`15`
`17`		`- req, err := http.NewRequestWithContext(ctx, http.MethodGet, ep, nil)`
	`16`	`+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, countsRecentTweetsURL, nil)`
`18`	`17`	`if err != nil {`
`19`	`18`	`return nil, fmt.Errorf("counts recent tweets new request with ctx: %w", err)`
`20`	`19`	`}`
`@@ -29,7 +28,7 @@ func countsRecentTweet(ctx context.Context, c client, tweet string, opt ...Twe`
`29`	`28`	`default:`
`30`	`29`	`return nil, errors.New("counts recent tweets: only one option is allowed")`
`31`	`30`	`}`
`32`		`- topt.addQuery(req)`
	`31`	`+ topt.addQuery(req, tweet)`
`33`	`32`
`34`	`33`	`resp, err := c.client.Do(req)`
`35`	`34`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -176,8 +176,9 @@ type SearchTweetsOption struct {`
`176`	`176`	`UserFields []UserField`
`177`	`177`	`}`
`178`	`178`
`179`		`-func (t SearchTweetsOption) addQuery(req *http.Request) {`
	`179`	`+func (t SearchTweetsOption) addQuery(req *http.Request, tweet string) {`
`180`	`180`	`q := req.URL.Query()`
	`181`	`+ q.Add("query", tweet)`
`181`	`182`	`if !t.EndTime.IsZero() {`
`182`	`183`	`q.Add("end_time", t.EndTime.Format(time.RFC3339))`
`183`	`184`	`}`
`@@ -227,8 +228,9 @@ type TweetCountsOption struct {`
`227`	`228`	`Granularity string`
`228`	`229`	`}`
`229`	`230`
`230`		`-func (t TweetCountsOption) addQuery(req http.Request) {`
	`231`	`+func (t TweetCountsOption) addQuery(req http.Request, tweet string) {`
`231`	`232`	`q := req.URL.Query()`
	`233`	`+ q.Add("query", tweet)`
`232`	`234`	`if !t.StartTime.IsZero() {`
`233`	`235`	`// YYYY-MM-DDTHH:mm:ssZ (ISO 8601/RFC 3339).`
`234`	`236`	`q.Add("start_time", t.StartTime.Format(time.RFC3339))`