boogerlad/mj - Change AMKB7ZH5QDLTGTGJ63BXZKPVYZN7VWUDBRTOBJ2ZE4TS5QOWCGUQC

base58(FF1 encrypted(sequential integer cart id)) ^ ^ frontend database anonymous reservation(status can be checked with the 'reservation' endpoint by anyone, unless it has been 'claim'ed by someone logged in) relax constraints to allow multiple (placed or ready) reservations per store for each user modifycart deal only with partnered stores + cleanup(on race condition / conflict, just fail instead of trying to have custom error message(which is now out of date)) return only relevant taxes given the product types in the cart mergecart and login cleanup use bluebird so that on promise rejection, line number is printed combine 'user_cancel_reservation' and 'reserve' into 'user_update_reservation' cleanup 'store_update_reservation'

Created by boogerlad on September 23, 2020

AMKB7ZH5QDLTGTGJ63BXZKPVYZN7VWUDBRTOBJ2ZE4TS5QOWCGUQC

Dependencies

In channels

main

Change contents

Replacement in .gitignore at line 3 [9.13]
B:BD[9.35] → [10.0:14]
```
scrape/ab.json
```
[9.35]
```
scrape/ab.json
16byteSecretKey
```
Replacement in initialize.sql at line 265 [13.17]
B:BD[11.3473] → [12.0:14]
B:BD[12.14] → [6.0:71]
```
	story text,
	check (user_id is null and status = 'active' or user_id is not null)
```
[11.3473]
[14.3352]
```
	story text
```

Replacement in initialize.sql at line 267 [13.17]

B:BD[14.3356] → [2.0:83]

create unique index upi_cart on cart (user_id, store_id) where status <= 'ready';

[14.3356]

[13.5860]

create unique index upi_cart on cart (user_id, store_id) where status = 'active';

Replacement in initialize.sql at line 1479 [13.17]
B:BD[15.3500] → [15.3500:3533]
```
			menu_item_id = _menu_item_id
```
[15.3500]
[16.1032]
```
			menu_item_id = _menu_item_id and
			partner
```

Replacement in initialize.sql at line 1484 [13.17]

B:BD[15.3836] → [16.1056:1408]

∅:D[16.1408] → [15.3915:3985]

B:BD[15.3915] → [15.3915:3985]

		--values (_user_id, (select store_id from menu_item where menu_item_id = _menu_item_id)) to make early exit and throw not null exception?? format error message in backend. are there side effects other than incremented cart_id serial?
		select _user_id, store_id from menu_item
		where not exists (select 1 from s) and menu_item_id = _menu_item_id
		on conflict (user_id, store_id) where status <= 'ready' do nothing

[15.3836]

[16.1409]

		select _user_id, store_id
		from menu_item join store using (store_id)
		where
			not exists (select from s) and
			menu_item_id = _menu_item_id and
			partner

Replacement in initialize.sql at line 1492 [13.17]

B:BD[16.1442] → [16.1442:2166]

		select * from s union select * from i
	), cc as (
		--condition is wrong! consider the case where a user adds n menu items from the same store simulatenously (n tabs press add2cart same time, or restore expired cart client side will send n modifycart, first cart gets created, but some others may not see the cart yet since parallel(can fix by having another endpoint that takes in multi, or waits for first to return and then execute others)) maybe solution is do update set status = 'active' where status = 'active'(empty update)??
		select case when not exists (select 1 from c) and _user_id is not null then f_raise('exception', 'failed to add to cart. you already have an order in progress with this store.') end

[16.1442]

[16.2166]

		select * from s union all select * from i

Replacement in initialize.sql at line 1495 [13.17]

B:BD[16.2228] → [16.2228:2725]

	select cart_id, _menu_item_id, qty from c full join cc on true--https://dba.stackexchange.com/a/69650 force evaluation of cte
	--1 * 0 => 1 row, fine since we're selecting what we want
	--0 * 1 => 1 row, fine since the exception will skip the insert anyways. before insert was skipped due to 0 rows, but this is equivalent? wait no... if invalid menu_item_id, insert will still run, but caught by valid_line_item_as_of_now(). I'd much rather make 0 * 0 though... don't really care about that?

[16.2228]

[16.2725]

	select cart_id, _menu_item_id, qty from c

Replacement in initialize.sql at line 1531 [13.17]

∅:D[8.43] → [17.14:68]

B:BD[15.5112] → [17.14:68]

		)) from store_tax where store_id = cart.store_id),

[8.43]

[15.5174]

		)) from store_tax where store_id = cart.store_id and (types is null or types && array_agg(product.type))),

Insertion in initialize.sql at line 1590 [13.17]
[16.3708]
[16.3708]
```
	cart_id integer,
```
Insertion in initialize.sql at line 1598 [13.17]
[16.3856]
[16.3856]
```
		cart_id,
```

Insertion in initialize.sql at line 1606 [13.17]

[16.3994]

$$ language sql stable;
create or replace function reservation(_cart_id integer) returns table (
	store_id integer,
	store_name text,
	statuses json,
	taxes json,
	line_items json
) as $$
	with blah as (
		select *
		from cart
		where
			cart_id = _cart_id and
			user_id is null and
			status > 'active'
	), blah2 as (
		select * from blah union all 
		select * from cart_history
		where
			exists (select * from blah) and
			cart_id = _cart_id and
			user_id is null and
			status > 'active'
	)
	select
		first(cart.store_id),
		first(store__as_of.name),
		first(statuses),
		(select json_agg(json_build_object(
			'name', name,
			'rate', rate::text,
			'types', types
		)) from store_tax__as_of(first(cart.system_time_start)) where store_id = first(cart.store_id) and (types is null or types && array_agg(product__as_of.type))),
		json_agg(json_strip_nulls(json_build_object(
			'product_id', product_id,
			'variant_id', variant_id,
			'menu_item', menu_item_id,
			'producer', producer,
			'brand', brand,
			'name', product__as_of.display_name,
			'type', product__as_of.type,
			'strain', strain__as_of.display_name,
			'species', coalesce(product__as_of.species, strain__as_of.species),
			'blend', blend,
			'portions', portions,
			'quantity', variant__as_of.quantity::text,
			'flavor', flavor,
			'gram_equivalency', gram_equivalency::text,
			'thc', thc,
			'cbd', cbd,
			'price', price::text,
			'howmany', line_item.quantity,
			'image', (
				select distinct on(product_id)--https://dba.stackexchange.com/a/159899
					destination
				from
					product_image__as_of(cart.system_time_start)
				where product_image__as_of.product_id = product__as_of.product_id
				--order by rank
			)
		)))
	from
		(select
			cart_id,
			first(store_id) as store_id,
			min(system_time_start) as system_time_start,--system_time_start of 'placed' or 'paid' since that's what the customer has agreed to. right now is just 'placed'
			json_agg(json_build_object(
				'status', status,
				'as_of', system_time_start,
				'end', system_time_end
			) order by
				system_time_start
			) as statuses
		from blah2
		group by cart_id) as cart
		inner join store__as_of(cart.system_time_start) using (store_id)
		inner join line_item using (cart_id)
		inner join menu_item__as_of(cart.system_time_start) using (menu_item_id)
		inner join variant__as_of(cart.system_time_start) using (variant_id)
		inner join product__as_of(cart.system_time_start) using (product_id)
		left outer join strain__as_of(cart.system_time_start) using (strain_id)
	group by cart_id

Insertion in initialize.sql at line 1690 [13.17]
[16.4019]
[16.4019]
Insertion in initialize.sql at line 1692 [13.17]
[16.4099]
[16.4099]
```
	cart_id integer,
```
Insertion in initialize.sql at line 1700 [13.17]
[16.4387]
[16.4387]
```
		cart_id,
```
Replacement in initialize.sql at line 1703 [13.17]
B:BD[16.4441] → [16.4441:4466]
```
		first(cart.statuses),
```
[16.4441]
[16.4466]
```
		first(statuses),
```

Replacement in initialize.sql at line 1708 [13.17]

∅:D[8.87] → [16.4546:4645]

B:BD[16.4546] → [16.4546:4645]

		)) from store_tax__as_of(first(cart.system_time_start)) where store_id = first(cart.store_id)),

[8.87]

[16.4645]

		)) from store_tax__as_of(first(cart.system_time_start)) where store_id = first(cart.store_id) and (types is null or types && array_agg(product__as_of.type))),

Replacement in initialize.sql at line 1738 [13.17]

B:BD[16.5464] → [16.5464:5954]

B:BD[16.5954] → [18.4782:4839]

∅:D[18.4839] → [16.5984:6340]

B:BD[16.5984] → [16.5984:6340]

(select
	cart_id,
	row_number() OVER (ORDER BY 	case
		when last(status order by system_time_start) = 'ready' then 2
		when last(status order by system_time_start) = 'placed' then 1
		else 0
	end desc,
	max(system_time_start) desc) AS rn,
	first(store_id) as store_id,
	min(system_time_start) as system_time_start,--system_time_start of 'placed' or 'paid' since that's what the customer has agreed to. right now is just 'placed'
	json_agg(json_build_object(
		'status', status,
		'as_of', system_time_start,
		'end', system_time_end
	) order by
		system_time_start
	) as statuses
from cart_with_history
where
	user_id = _user_id and
	status >= 'placed'
group by cart_id
order by
	case
		when last(status order by system_time_start) = 'ready' then 2
		when last(status order by system_time_start) = 'placed' then 1
		else 0
	end desc,
	max(system_time_start) desc
) as cart

[16.5464]

[16.6340]

		(select
			cart_id,
			row_number() OVER (ORDER BY case
				when last(status order by system_time_start) = 'ready' then 2
				when last(status order by system_time_start) = 'placed' then 1
				else 0
			end desc,
			max(system_time_start) desc) AS rn,
			first(store_id) as store_id,
			min(system_time_start) as system_time_start,--system_time_start of 'placed' or 'paid' since that's what the customer has agreed to. right now is just 'placed'
			json_agg(json_build_object(
				'status', status,
				'as_of', system_time_start,
				'end', system_time_end
			) order by
				system_time_start
			) as statuses
		from cart_with_history
		where
			user_id = _user_id and
			status >= 'placed'
		group by cart_id
		order by
			case
				when last(status order by system_time_start) = 'ready' then 2
				when last(status order by system_time_start) = 'placed' then 1
				else 0
			end desc,
			max(system_time_start) desc
		) as cart

Deletion in initialize.sql at line 1780 [13.17]
B:BD[16.6813] → [16.6813:6815]
Replacement in initialize.sql at line 1781 [13.17]
B:BD[16.6897] → [16.6897:6937]
```
	user_id integer,
	user_email citext,
```
[16.6897]
[16.6937]
```
	cart_id integer,
```

Replacement in initialize.sql at line 1787 [13.17]

B:BD[16.7186] → [16.7186:7263]

		first(cart.user_id),
		first(usr__as_of.email),
		first(cart.statuses),

[16.7186]

[16.7263]

		cart_id,
		first(statuses),

Replacement in initialize.sql at line 1793 [13.17]

∅:D[8.131] → [16.7343:7431]

B:BD[16.7343] → [16.7343:7431]

		)) from store_tax__as_of(first(cart.system_time_start)) where store_id = _store_id),

[8.131]

[16.7431]

		)) from store_tax__as_of(first(cart.system_time_start)) where store_id = _store_id and (types is null or types && array_agg(product__as_of.type))),

Replacement in initialize.sql at line 1823 [13.17]

B:BD[16.8250] → [16.8250:8738]

B:BD[16.8738] → [18.4840:4897]

∅:D[18.4897] → [16.8768:9219]

B:BD[16.8768] → [16.8768:9219]

(select
	cart_id,
	row_number() OVER (ORDER BY 	case
		when last(status order by system_time_start) = 'placed' then 2
		when last(status order by system_time_start) = 'ready' then 1
		else 0
	end desc,
	max(system_time_start) desc) AS rn,
	first(user_id) as user_id,
	min(system_time_start) as system_time_start,--system_time_start of 'placed' or 'paid' since that's what the customer has agreed to. right now is just 'placed'
	json_agg(json_build_object(
		'status', status,
		'as_of', system_time_start,
		'end', system_time_end
	) order by
		system_time_start
	) as statuses
from cart_with_history
where
	store_id = _store_id and
	status >= 'placed'
group by cart_id
order by--maybe this is unnecessary?
	case
		when last(status order by system_time_start) = 'placed' then 2
		when last(status order by system_time_start) = 'ready' then 1
		else 0
	end desc,
	max(system_time_start) desc
) as cart
		inner join usr__as_of(cart.system_time_start) using (user_id)

[16.8250]

[16.9219]

		(select
			cart_id,
			row_number() OVER (ORDER BY case
				when last(status order by system_time_start) = 'placed' then 2
				when last(status order by system_time_start) = 'ready' then 1
				else 0
			end desc,
			max(system_time_start) desc) AS rn,
			min(system_time_start) as system_time_start,--system_time_start of 'placed' or 'paid' since that's what the customer has agreed to. right now is just 'placed'
			json_agg(json_build_object(
				'status', status,
				'as_of', system_time_start,
				'end', system_time_end
			) order by
				system_time_start
			) as statuses
		from cart_with_history
		where
			store_id = _store_id and
			status >= 'placed'
		group by cart_id
		order by--maybe this is unnecessary?
			case
				when last(status order by system_time_start) = 'placed' then 2
				when last(status order by system_time_start) = 'ready' then 1
				else 0
			end desc,
			max(system_time_start) desc
		) as cart

Insertion in package-lock.json at line 254 [9.145]

[19.237]

    },
    "bluebird": {
      "version": "3.7.2",
      "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz",
      "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg=="

Insertion in package-lock.json at line 408 [9.145]

[20.3350]

[4.729]

    "crypt-ids": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/crypt-ids/-/crypt-ids-0.2.0.tgz",
      "integrity": "sha512-Tjsy5pRfoJvHzSTlVxWpo6R4bH80+ZHvv3XyfdtgJiBuzZy4FJ7EdupbTDb/xyrUgKBW7B/3FMmQ7INNbDFisQ=="
    },

Insertion in package.json at line 14 [9.29376]
[19.271]
[21.9820]
```
    "bluebird": "^3.7.2",
```
Insertion in package.json at line 17 [9.29376]
[18.19056]
[4.986]
```
    "crypt-ids": "^0.2.0",
```

Insertion in scrape/common.js at line 1 [22.4897]

[22.4897]

[18.19175]

Promise = require("bluebird");
Promise.config({longStackTraces: true});

Insertion in server.js at line 6 [24.590]

[19.394]

[23.187]

const b = require('fs').readFileSync('./16byteSecretKey');
const cryptids = new (require('crypt-ids').Cryptids)(new Uint8Array(b.buffer, b.byteOffset, b.byteLength));

Insertion in server.js at line 41 [24.590]

[18.20164]

[25.0]

async function mergeCart(client, carts, ws) {
	let decryptedCarts = [];
	if(Array.isArray(carts)) {
		for(let i = 0; i < carts.length; ++i) {
			try {
				decryptedCarts.push(cryptids.s2i(carts[i]));
			} catch(e) {}
		}
	}
	if(decryptedCarts.length) {
		let diy = false;
		if(!client) {
			diy = true;
			client = await pool.connect();
			await client.query('begin');
		}
		let carts2merge = (await client.query(`
			with distinct_cart_per_store as (
				select distinct on (store_id) cart_id, store_id
				from cart
				where cart_id = any($2) and user_id is null and status = 'active'
			),
			associate_user2cart as (
				update cart
				set user_id = $1
				where
					cart_id in (select cart_id from distinct_cart_per_store) and
					not exists(select from cart as c where c.user_id = $1 and c.store_id = cart.store_id and c.status = 'active')
				returning cart_id, store_id
			)
			select
				t.cart_id as anon_cart_id,
				cart.cart_id as user_cart_id,
				json_agg(json_build_object(
					'line_item_id', line_item_id,
					'menu_item_id', menu_item_id,
					'quantity', quantity
				)) as line_items2associate_user_or_add_qty
			from
				(select * from distinct_cart_per_store except all select * from associate_user2cart) as t inner join
				cart on (t.store_id = cart.store_id and status = 'active' and user_id = $1) inner join
				line_item on (t.cart_id = line_item.cart_id)
			group by
				t.cart_id,
				cart.cart_id
		`, [ws.user_ID, decryptedCarts])).rows;
		//todo: set based merge cart or cursor plpgsql function. this is ugly
		loop1: for(let i = 0; i < carts2merge.length; ++i) {
			let addQty = [];
			let lis = carts2merge[i].line_items2associate_user_or_add_qty;
			for(let j = 0; j < lis.length; ++j) {
				try {
					await client.query('savepoint wow');
					await client.query(`update line_item set cart_id = $1 where line_item_id = $2`, [carts2merge[i].user_cart_id, lis[j].line_item_id]);
				} catch(e) {
					await client.query('rollback to wow');
					if(e.constraint === 'line_item_cart_id_menu_item_id_key') {
						addQty.push(lis[j]);
					} else if(e.message === 'exceeded 30g limit') {
						continue loop1;
					} else {
						console.error(e);
					}
				}
			}
			console.log('sanity');
			await client.query('delete from cart where cart_id = $1', [carts2merge[i].anon_cart_id]);
			for(let j = 0; j < addQty.length; ++j) {
				try {
					await client.query('savepoint wow');
					await client.query('update line_item set quantity = quantity + $1 where cart_id = $2 and menu_item_id = $3', [addQty[j].quantity, carts2merge[i].user_cart_id, addQty[j].menu_item_id]);
				} catch(e) {
					await client.query('rollback to wow');
					if(e.message === 'exceeded 30g limit') {
						break;
					} else {
						console.error(e);
					}
				}
			}
		}
		if(diy) {
			await client.query('commit');
			client.release();
		}
	}
}

Deletion in server.js at line 271 [24.590]

B:BD[18.23470] → [18.23470:25854]

∅:D[26.91] → [27.1195:1201]

∅:D[23.452] → [27.1195:1201]

∅:D[18.25854] → [27.1195:1201]

B:BD[27.1195] → [27.1195:1201]

B:BD[27.1201] → [18.25855:26005]

		if(hack && Array.isArray(ws.q.carts) && (ws.q.carts = ws.q.carts.map(Number)).every(Number.isInteger)) {
			const client = await pool.connect();
			let m = (await client.query(`
				with f as (
					select distinct on (store_id) cart_id, store_id
					from cart
					where cart_id = any($2) and user_id is null and status = 'active'
				),
				r as (
					update cart
					set user_id = $1
					where
						cart_id in (select cart_id from f) and
						not exists(select 1 from cart as c where c.user_id = $1 and c.store_id = cart.store_id and status <= 'ready')
					returning cart_id, store_id
				)
				select * from f except select * from r
			`, [ws.user_ID, ws.q.carts])).rows;
			//todo: set based merge cart or cursor plpgsql function. this is ugly
			for(let i = 0; i < m.length; ++i) {
				let c = (await client.query({
					text: `select cart_id from cart where user_id = $1 and store_id = $2 and status = 'active'`,
					values: [ws.user_ID, m[i].store_id],
					rowMode: 'array'
				})).rows?.[0]?.[0];
				if(c) {
					let li = (await client.query({
						text: 'select line_item_id, menu_item_id, quantity from line_item where cart_id = $1',
						values: [m[i].cart_id],
						rowMode: 'array'
					})).rows;
					let later = [];
					for(let j = 0; j < li.length; ++j) {
						try {
							await client.query('savepoint wow');
							await client.query(`update line_item set cart_id = $1 where line_item_id = $2`, [c, li[j][0]]);
						} catch(e) {
							await client.query('rollback to wow');
							if(e.constraint === 'line_item_cart_id_menu_item_id_key') {
								later.push(li[j]);
							} else if(e.message === 'exceeded 30g limit') {
								later = [];
								break;
							} else {
								console.error(e);
							}
						}
					}
					for(let j = 0; j < later.length; ++j) {
						try {
							await client.query('savepoint wow');
							await client.query('update line_item set quantity = quantity + $1 where cart_id = $2 and menu_item_id = $3', [later[j][2], c, later[j][1]]);
						} catch(e) {
							await client.query('rollback to wow');
							if(e.message === 'exceeded 30g limit') {
								break;
							} else {
								console.error(e);
							}
						}
					}
				} else {
					console.log(`failed to merge cart. reservation in progress with store ${m[i].store_id}`);
				}
			}
			await client.query('delete from cart where cart_id = any($1)', [m]);
			await client.query('commit');
			client.release();
		}
		delete ws.q;

Insertion in server.js at line 272 [24.590]
[18.26019]
[18.26019]
```
			await mergeCart(null, ws.q.carts, ws);
```
Insertion in server.js at line 279 [24.590]
[28.184]
[24.1375]
```
		delete ws.q;
```

Replacement in server.js at line 282 [24.590]

B:BD[24.1426] → [24.1426:1536]

		let {what, parameters, request_ID} = JSON.parse(String.fromCharCode.apply(null, new Uint8Array(message)));

[24.1426]

[29.53]

		let {what, parameters = {}, request_ID} = JSON.parse(String.fromCharCode.apply(null, new Uint8Array(message)));

Replacement in server.js at line 298 [24.590]

B:BD[23.1036] → [19.1239:1457]

							html: `<a href="https://www.lobojane.com/user?otp=${token}">idk</a><div>Alternatively, copy and paste <code>${token}</code> into the input field</div>if this wasn't you, let us know by replying to this email.`

[23.1036]

[23.1292]

							html: `<a href="http://localhost:3000?otp=${token}">idk</a><div>Alternatively, copy and paste <code>${token}</code> into the input field</div>if this wasn't you, let us know by replying to this email.`

Replacement in server.js at line 353 [24.590]

B:BD[23.2596] → [18.26891:29711]

						if(Array.isArray(parameters.carts) && (parameters.carts = parameters.carts.map(Number)).every(Number.isInteger)) {
							const client = await pool.connect();
							let m = (await client.query(`
								with f as (
									select distinct on (store_id) cart_id, store_id
									from cart
									where cart_id = any($2) and user_id is null and status = 'active'
								),
								r as (
									update cart
									set user_id = $1
									where
										cart_id in (select cart_id from f) and
										not exists(select 1 from cart as c where c.user_id = $1 and c.store_id = cart.store_id and status <= 'ready')
									returning cart_id, store_id
								)
								select * from f except select * from r
							`, [user.user_id, parameters.carts])).rows;
							//todo: set based merge cart or cursor plpgsql function. this is ugly
							for(let i = 0; i < m.length; ++i) {
								let c = (await client.query({
									text: `select cart_id from cart where user_id = $1 and store_id = $2 and status = 'active'`,
									values: [user.user_id, m[i].store_id],
									rowMode: 'array'
								})).rows?.[0]?.[0];
								if(c) {
									let li = (await client.query({
										text: 'select line_item_id, menu_item_id, quantity from line_item where cart_id = $1',
										values: [m[i].cart_id],
										rowMode: 'array'
									})).rows;
									let later = [];
									for(let j = 0; j < li.length; ++j) {
										try {
											await client.query('savepoint wow');
											await client.query(`update line_item set cart_id = $1 where line_item_id = $2`, [c, li[j][0]]);
										} catch(e) {
											await client.query('rollback to wow');
											if(e.constraint === 'line_item_cart_id_menu_item_id_key') {
												later.push(li[j]);
											} else if(e.message === 'exceeded 30g limit') {
												later = [];
												break;
											} else {
												console.error(e);
											}
										}
									}
									for(let j = 0; j < later.length; ++j) {
										try {
											await client.query('savepoint wow');
											await client.query('update line_item set quantity = quantity + $1 where cart_id = $2 and menu_item_id = $3', [later[j][2], c, later[j][1]]);
										} catch(e) {
											await client.query('rollback to wow');
											if(e.message === 'exceeded 30g limit') {
												break;
											} else {
												console.error(e);
											}
										}
									}
								} else {
									console.log(`failed to merge cart. reservation in progress with store ${m[i].store_id}`);
								}
							}
							await client.query('delete from cart where cart_id = any($1)', [m]);
							await client.query('commit');
							client.release();
						}

[23.2596]

[18.29711]

						await mergeCart(null, parameters.carts, ws);

Insertion in server.js at line 389 [24.590]

[19.1708]

[18.30121]

						let decryptedCarts = [];
						if(Array.isArray(parameters.carts)) {
							for(let i = 0; i < parameters.carts.length; ++i) {
								try {
									decryptedCarts.push(cryptids.s2i(parameters.carts[i]));
								} catch(e) {}
							}
						}

Insertion in server.js at line 403 [24.590]

[18.30306]

							), distinct_cart_per_store as (
								select distinct on (store_id) cart_id
								from cart
								where cart_id = any($4) and user_id is null and status = 'active'

Replacement in server.js at line 409 [24.590]

B:BD[18.30345] → [18.30345:30469]

								set (user_id) = (select user_id from i)
								where cart_id = any($4) and user_id is null and status = 'active'

[18.30345]

[18.30469]

								set user_id = (select user_id from i)
								where cart_id in (select cart_id from distinct_cart_per_store)

Replacement in server.js at line 417 [24.590]
∅:D[19.1747] → [18.30664:30690]
B:BD[18.30664] → [18.30664:30690]
```
								parameters.carts
```
[19.1747]
[18.30690]
```
								decryptedCarts
```
Insertion in server.js at line 492 [24.590]
[24.2711]
[30.1903]
```
							let q = '';
							let p = [];
```

Replacement in server.js at line 495 [24.590]

∅:D[30.2053] → [31.5500:5536]

B:BD[32.859] → [31.5500:5536]

B:BD[31.5536] → [19.1855:1899]

∅:D[19.1899] → [18.31741:31787]

B:BD[24.2897] → [18.31741:31787]

B:BD[18.31787] → [19.1900:2027]

∅:D[19.2027] → [18.31990:34899]

B:BD[18.31990] → [18.31990:34899]

B:BD[18.34899] → [19.2028:2247]

∅:D[18.35008] → [30.2229:2515]

∅:D[19.2247] → [30.2229:2515]

B:BD[30.2229] → [30.2229:2515]

B:BD[30.2515] → [19.2248:2325]

∅:D[18.35089] → [30.2536:2550]

∅:D[19.2325] → [30.2536:2550]

B:BD[30.2536] → [30.2536:2550]

B:BD[30.2550] → [18.35090:35203]

B:BD[18.35203] → [5.1051:1398]

∅:D[5.1398] → [18.35224:35424]

B:BD[18.35224] → [18.35224:35424]

∅:D[27.1252] → [30.2791:2802]

∅:D[18.35424] → [30.2791:2802]

B:BD[30.2791] → [30.2791:2802]

								ws.user_ID = user.user_id;
								let token = await randomBytes(16);
								const client = await pool.connect();
								await client.query('update usr set token_hash = $1 where user_id = $2', [blake3(token, {length: 16}), user.user_id]);
								if(Array.isArray(parameters.carts) && (parameters.carts = parameters.carts.map(Number)).every(Number.isInteger)) {
									let m = (await client.query(`
										with f as (
											select distinct on (store_id) cart_id, store_id
											from cart
											where cart_id = any($2) and user_id is null and status = 'active'
										),
										r as (
											update cart
											set user_id = $1
											where
												cart_id in (select cart_id from f) and
												not exists(select 1 from cart as c where c.user_id = $1 and c.store_id = cart.store_id and status <= 'ready')
											returning cart_id, store_id
										)
										select * from f except select * from r
									`, [user.user_id, parameters.carts])).rows;
									//todo: set based merge cart or cursor plpgsql function. this is ugly
									for(let i = 0; i < m.length; ++i) {
										let c = (await client.query({
											text: `select cart_id from cart where user_id = $1 and store_id = $2 and status = 'active'`,
											values: [user.user_id, m[i].store_id],
											rowMode: 'array'
										})).rows?.[0]?.[0];
										if(c) {
											let li = (await client.query({
												text: 'select line_item_id, menu_item_id, quantity from line_item where cart_id = $1',
												values: [m[i].cart_id],
												rowMode: 'array'
											})).rows;
											let later = [];
											for(let j = 0; j < li.length; ++j) {
												try {
													await client.query('savepoint wow');
													await client.query(`update line_item set cart_id = $1 where line_item_id = $2`, [c, li[j][0]]);
												} catch(e) {
													await client.query('rollback to wow');
													if(e.constraint === 'line_item_cart_id_menu_item_id_key') {
														later.push(li[j]);
													} else if(e.message === 'exceeded 30g limit') {
														later = [];
														break;
													} else {
														console.error(e);
													}
												}
											}
											for(let j = 0; j < later.length; ++j) {
												try {
													await client.query('savepoint wow');
													await client.query('update line_item set quantity = quantity + $1 where cart_id = $2 and menu_item_id = $3', [later[j][2], c, later[j][1]]);
												} catch(e) {
													await client.query('rollback to wow');
													if(e.message === 'exceeded 30g limit') {
														break;
													} else {
														console.error(e);
													}
												}
											}
										} else {
											console.log(`failed to merge cart. reservation in progress with store ${m[i].store_id}`);
										}
									}
									await client.query('delete from cart where cart_id = any($1)', [m]);
								}
								await client.query('commit');
								client.release();
								//yuck, since json can't send binary, need to hex encode. fyi base64 is smaller than hex(base16), but after compressing, hex is smaller. also base64 has issues with regards to url encoding, and slower than hex
								//if remember me on client side, store in localstorage. else do nothing with token
								//on subsequent new sockets, auto_login with token. token will be invalid(undefined) if remember me was not checked
								ws.send(JSON.stringify({
									response_ID: request_ID,
									data: {token: token.toString('hex'), god: user.god, acl: user.acl}
								}));
								let old = authenticated.get(ws.user_ID);
								authenticated.set(ws.user_ID, ws);
								if(old) {
									old.send(JSON.stringify({
										what: 'user',
										how: 'replace',
										data: null,
										why: 'logged in elsewhere'
									}));
									old.end(1000, 'logged in elsewhere');//this works correctly in firefox onclose, but not in chrome. https://stackoverflow.com/a/53340067 todo: report on chromium bug tracker
								} else {
									ws.publish('user/authenticated', JSON.stringify({
										what: 'user/authenticated',//tbd
										how: 'replace',
										data: authenticated.size
									}));
								}

[30.2053]

[3.0]

//

Replacement in server.js at line 497 [24.590]

∅:D[3.242] → [30.3243:3279]

B:BD[30.3243] → [30.3243:3279]

B:BD[30.3279] → [19.2326:2370]

∅:D[19.2370] → [18.35425:35471]

B:BD[30.3359] → [18.35425:35471]

B:BD[18.35471] → [19.2371:2585]

∅:D[19.2585] → [18.35761:38670]

B:BD[18.35761] → [18.35761:38670]

B:BD[18.38670] → [19.2586:2805]

∅:D[18.38779] → [33.1687:1904]

∅:D[19.2805] → [33.1687:1904]

B:BD[24.3345] → [33.1687:1904]

∅:D[33.1904] → [24.3431:3500]

B:BD[24.3431] → [24.3431:3500]

B:BD[24.3500] → [19.2806:2883]

∅:D[18.38860] → [24.3521:3535]

∅:D[19.2883] → [24.3521:3535]

B:BD[24.3521] → [24.3521:3535]

B:BD[24.3535] → [18.38861:38974]

B:BD[18.38974] → [5.1399:1746]

∅:D[5.1746] → [18.38995:39195]

B:BD[18.38995] → [18.38995:39195]

∅:D[34.122] → [33.2141:2152]

∅:D[27.1279] → [33.2141:2152]

∅:D[18.39195] → [33.2141:2152]

B:BD[33.2141] → [33.2141:2152]

								ws.user_ID = user.user_id;
								let token = await randomBytes(16);
								const client = await pool.connect();
								await client.query('update usr set token_hash = $1, passphrase_hash = $3, webportal_hash = null where user_id = $2', [blake3(token, {length: 16}), user.user_id, await argon2.hash(parameters.passphrase)]);
								if(Array.isArray(parameters.carts) && (parameters.carts = parameters.carts.map(Number)).every(Number.isInteger)) {
									let m = (await client.query(`
										with f as (
											select distinct on (store_id) cart_id, store_id
											from cart
											where cart_id = any($2) and user_id is null and status = 'active'
										),
										r as (
											update cart
											set user_id = $1
											where
												cart_id in (select cart_id from f) and
												not exists(select 1 from cart as c where c.user_id = $1 and c.store_id = cart.store_id and status <= 'ready')
											returning cart_id, store_id
										)
										select * from f except select * from r
									`, [user.user_id, parameters.carts])).rows;
									//todo: set based merge cart or cursor plpgsql function. this is ugly
									for(let i = 0; i < m.length; ++i) {
										let c = (await client.query({
											text: `select cart_id from cart where user_id = $1 and store_id = $2 and status = 'active'`,
											values: [user.user_id, m[i].store_id],
											rowMode: 'array'
										})).rows?.[0]?.[0];
										if(c) {
											let li = (await client.query({
												text: 'select line_item_id, menu_item_id, quantity from line_item where cart_id = $1',
												values: [m[i].cart_id],
												rowMode: 'array'
											})).rows;
											let later = [];
											for(let j = 0; j < li.length; ++j) {
												try {
													await client.query('savepoint wow');
													await client.query(`update line_item set cart_id = $1 where line_item_id = $2`, [c, li[j][0]]);
												} catch(e) {
													await client.query('rollback to wow');
													if(e.constraint === 'line_item_cart_id_menu_item_id_key') {
														later.push(li[j]);
													} else if(e.message === 'exceeded 30g limit') {
														later = [];
														break;
													} else {
														console.error(e);
													}
												}
											}
											for(let j = 0; j < later.length; ++j) {
												try {
													await client.query('savepoint wow');
													await client.query('update line_item set quantity = quantity + $1 where cart_id = $2 and menu_item_id = $3', [later[j][2], c, later[j][1]]);
												} catch(e) {
													await client.query('rollback to wow');
													if(e.message === 'exceeded 30g limit') {
														break;
													} else {
														console.error(e);
													}
												}
											}
										} else {
											console.log(`failed to merge cart. reservation in progress with store ${m[i].store_id}`);
										}
									}
									await client.query('delete from cart where cart_id = any($1)', [m]);
								}
								await client.query('commit');
								client.release();
								//yuck, since json can't send binary, need to hex encode. fyi base64 is smaller than hex(base16), but after compressing, hex is smaller. also base64 has issues with regards to url encoding, and slower than hex
								//if remember me on client side, store in localstorage. else do nothing with token
								//on subsequent new sockets, auto_login with token. token will be invalid(undefined) if remember me was not checked
								ws.send(JSON.stringify({
									response_ID: request_ID,
									data: {token: token.toString('hex'), god: user.god, acl: user.acl}
								}));
								let old = authenticated.get(ws.user_ID);
								authenticated.set(ws.user_ID, ws);
								if(old) {
									old.send(JSON.stringify({
										what: 'user',
										how: 'replace',
										data: null,
										why: 'logged in elsewhere'
									}));
									old.end(1000, 'logged in elsewhere');//this works correctly in firefox onclose, but not in chrome. https://stackoverflow.com/a/53340067 todo: report on chromium bug tracker
								} else {
									ws.publish('user/authenticated', JSON.stringify({
										what: 'user/authenticated',//tbd
										how: 'replace',
										data: authenticated.size
									}));
								}

[3.242]

[32.860]

								q = ', passphrase_hash = $3, webportal_hash = null';
								p.push(await argon2.hash(parameters.passphrase));

Insertion in server.js at line 504 [24.590]
[24.3668]
[24.3668]
```
								break;
```

Insertion in server.js at line 506 [24.590]

[24.3678]

							ws.user_ID = user.user_id;
							let token = await randomBytes(16);
							const client = await pool.connect();
							await client.query('begin');
							await client.query(`update usr set token_hash = $1${q} where user_id = $2`, [blake3(token, {length: 16}), ws.user_id].concat(p));
							await mergeCart(client, parameters.carts, ws);
							await client.query('commit');
							client.release();
							//yuck, since json can't send binary, need to hex encode. fyi base64 is smaller than hex(base16), but after compressing, hex is smaller. also base64 has issues with regards to url encoding, and slower than hex
							//if remember me on client side, store in localstorage. else do nothing with token
							//on subsequent new sockets, auto_login with token. token will be invalid(undefined) if remember me was not checked
							ws.send(JSON.stringify({
								response_ID: request_ID,
								data: {token: token.toString('hex'), god: user.god, acl: user.acl}
							}));
							let old = authenticated.get(ws.user_ID);
							authenticated.set(ws.user_ID, ws);
							if(old) {
								old.send(JSON.stringify({
									what: 'user',
									how: 'replace',
									data: null,
									why: 'logged in elsewhere'
								}));
								old.end(1000, 'logged in elsewhere');//this works correctly in firefox onclose, but not in chrome. https://stackoverflow.com/a/53340067 todo: report on chromium bug tracker
							} else {
								ws.publish('user/authenticated', JSON.stringify({
									what: 'user/authenticated',//tbd
									how: 'replace',
									data: authenticated.size
								}));
							}

Replacement in server.js at line 1381 [24.590]

B:BD[15.6771] → [16.9623:9799]

					} else if(Array.isArray(parameters.carts) && parameters.carts.every(c => Number.isInteger(Number(c)))) {
						qs.push(`cart_ids => $${params.push(parameters.carts)}`);

[15.6771]

[15.6899]

					} else if(Array.isArray(parameters.carts)) {
						let decryptedCarts = [];
						for(let i = 0; i < parameters.carts.length; ++i) {
							try {
								decryptedCarts.push(cryptids.s2i(parameters.carts[i]));
							} catch(e) {}
						}
						if(decryptedCarts.length) {
							qs.push(`cart_ids => $${params.push(decryptedCarts)}`);
						}

Insertion in server.js at line 1397 [24.590]

[15.7050]

						if(data === null) {
							data = undefined;
						} else {
							data = cryptids.i2s(data);
						}

Insertion in server.js at line 1404 [24.590]

[15.7094]

						//(race condition) failed to create cart. an active cart for this store and user already exist. try again, and hopefully the preexisting cart will be used

Replacement in server.js at line 1418 [24.590]

B:BD[15.7219] → [16.9893:10017]

				} else if(parameters && Array.isArray(parameters.carts) && parameters.carts.every(c => Number.isInteger(Number(c)))) {

[15.7219]

[15.7329]

				} else if(Array.isArray(parameters.carts)) {
					let data = 'invalid cart';
					let decryptedCarts = [];
					for(let i = 0; i < parameters.carts.length; ++i) {
						try {
							decryptedCarts.push(cryptids.s2i(parameters.carts[i]));
						} catch(e) {}
					}
					if(decryptedCarts.length) {
						data = (await pool.query(`select * from anonymous_carts($1)`, [decryptedCarts])).rows;
						for(let i = 0; i < data.length; ++i) {
							data[i].cart_id = cryptids.i2s(data[i].cart_id);
						}
					}

Replacement in server.js at line 1434 [24.590]

B:BD[15.7392] → [16.10018:10112]

						data: (await pool.query(`select * from anonymous_carts($1)`, [parameters.carts])).rows

[15.7392]

[35.3732]

						data

Replacement in server.js at line 1438 [24.590]

B:BD[36.8006] → [36.8006:8026]

B:BD[36.8026] → [18.62735:62757]

∅:D[18.62757] → [16.10139:10354]

B:BD[16.10139] → [16.10139:10354]

			case 'reserve':
				if(ws.user_ID) {
					let data = await pool.query(`update cart set status = 'placed' where cart.user_id = $1 and cart.status = 'active' and cart.store_id = $2 returning system_time_start, cart_id`, [ws.user_ID, parameters.store]);

[36.8006]

[35.4094]

			case 'reservation': {
				let kartik;
				try {
					kartik = cryptids.s2i(parameters.cart);
				} catch(e) {

Replacement in server.js at line 1445 [24.590]
B:BD[35.4157] → [16.10355:10382]
```
						data: data.rowCount
```
[35.4157]
[35.5412]
```
						data: 'invalid cart'
```

Replacement in server.js at line 1447 [24.590]

B:BD[35.5423] → [16.10383:11885]

B:BD[16.12963] → [16.12963:12975]

					if(data.rowCount === 1) {
						let email = pool.query(`select email from usr where user_id = $1`, [ws.user_ID]);
						let taxes = pool.query(`select name, rate::text from store_tax where store_id = $1`, [parameters.store]);
						let li = pool.query(`
							select distinct on (product_id)
								product_id,
								variant_id,
								menu_item_id as menu_item,
								producer,
								brand,
								product.display_name as name,
								type,
								strain.display_name as strain,
								portions,
								variant.quantity::text as quantity,
								flavor,
								gram_equivalency::text,
								thc,
								cbd,
								price::text,
								line_item.quantity as howmany,
								destination as image
							from
								line_item
								inner join menu_item using (menu_item_id)
								inner join variant using (variant_id)
								inner join product using (product_id)
								left outer join strain using (strain_id)
								left outer join product_image using (product_id)
							where cart_id = $1
						`, [data.rows[0].cart_id])
						ws.publish('store/reservations/' + parameters.store, JSON.stringify({
							what: 'store/reservations/' + parameters.store,
							how: 'add',
							data: {
								user_id: ws.user_ID,
								user_email: (await email).rows[0].email,
								statuses: [{status: 'placed', as_of: data.rows[0].system_time_start}],
								taxes: (await taxes).rows,
								line_items: (await li).rows
							}
						}));

[35.5423]

[16.13371]

					break;
				}
				let data = await pool.query('select * from reservation($1)', [kartik]);
				if(data.rowCount === 1) {
					let out;
					for(let j = 0; j < data.rows[0].statuses.length; ++j) {
						if(j === data.rows[0].statuses.length - 1 && data.rows[0].statuses[j].end !== 'infinity' && (data.rows[0].statuses[j].status === 'placed' || data.rows[0].statuses[j].status === 'ready')) {
							out = {status: 'store_cancelled', as_of: data.rows[0].statuses[j].end};
						}
						delete data.rows[0].statuses[j].end;
					}
					if(out) {
						data.rows[0].statuses.push(out);

Insertion in server.js at line 1461 [24.590]

[16.13379]

[18.62758]

					ws.subscribe('reservations/' + parameters.cart);
					ws.send(JSON.stringify({
						response_ID: request_ID,
						data: data.rows[0]
					}));

Insertion in server.js at line 1467 [24.590]

[18.62772]

					ws.send(JSON.stringify({
						response_ID: request_ID,
						data: 'invalid cart'
					}));
				}
				break;
			}
			case 'claim': {
				let kartik;
				try {
					kartik = cryptids.s2i(parameters.cart);
				} catch(e) {
					ws.send(JSON.stringify({
						response_ID: request_ID,
						data: 'invalid cart'
					}));
					break;
				}
				const auth = await is(ws);
				let n = Number.isInteger(Number(parameters.user_ID));
				if(auth === undefined) {
					if(ws.user_ID) {
						authenticated.delete(ws.user_ID);
						ws.publish('user/authenticated', JSON.stringify({
							what: 'user/authenticated',//tbd
							how: 'replace',
							data: authenticated.size
						}));
						delete ws.user_ID;
					}

Insertion in server.js at line 1501 [24.590]

[18.62914]

				} else if(!auth && n) {
					ws.send(JSON.stringify({
						response_ID: request_ID,
						data: 'unauthorized'
					}));//client side virtual event user god false
				} else {
					const id = auth && n ? parameters.user_ID : ws.user_ID;
					let r = (await pool.query(`
						update cart
						set	user_id = $1
						where
							cart_id = $2 and
							user_id is null and
							status > 'active'
						`, [id, kartik]
					));
					if(r.rowCount === 1) {
						ws.send(JSON.stringify({
							response_ID: request_ID
						}));//redirect to all of user's reservations
						ws.publish('reservations/' + parameters.cart, JSON.stringify({
							what: 'reservations/' + parameters.cart,
							how: 'replace',
							why: 'claimed'
						}));
					} else {
						ws.send(JSON.stringify({
							response_ID: request_ID,
							data: 'invalid cart'
						}));
					}

Replacement in server.js at line 1533 [24.590]
∅:D[16.13383] → [36.8623:8635]
∅:D[18.62921] → [36.8623:8635]
B:BD[36.8623] → [36.8623:8635]
```
				break;
```
[18.62921]
[18.62922]
```
				break;}
```

Replacement in server.js at line 1536 [24.590]

B:BD[18.62986] → [18.62986:63046]

				let n = Number.isInteger(Number(parameters?.user_ID));

[18.62986]

[18.63046]

				let n = Number.isInteger(Number(parameters.user_ID));

Insertion in server.js at line 1561 [24.590]
[18.63880]
[18.63880]
```
						data[i].cart_id = cryptids.i2s(data[i].cart_id);
```

Insertion in server.js at line 1568 [24.590]

[18.64255]

							/*if(j > 0 && data[i].statuses[j].status === data[i].statuses[j - 1].status) {
								data[i].statuses[j].status = 'claimed'
							}since `where user_id = _user_id`, this is unnecessary. would be cool though*/

Replacement in server.js at line 1582 [24.590]

B:BD[18.64361] → [18.64361:64399]

			case 'user_cancel_reservation': {

[18.64361]

[18.64399]

			case 'user_update_reservation': {
				let kartik;
				try {
					kartik = cryptids.s2i(parameters.cart);
				} catch(e) {
					ws.send(JSON.stringify({
						response_ID: request_ID,
						data: 'invalid cart'
					}));
					break;
				}

Replacement in server.js at line 1594 [24.590]

B:BD[18.64431] → [18.64431:64491]

				let n = Number.isInteger(Number(parameters?.user_ID));

[18.64431]

[18.64491]

				let n = Number.isInteger(Number(parameters.user_ID));

Insertion in server.js at line 1605 [24.590]
[36.9245]
[18.64768]
```
				}
				if(!auth && n) {
```

Deletion in server.js at line 1609 [24.590]

B:BD[18.64831] → [18.64831:65002]

						data: 'unauthenticated'
					}));//client side virtual event user null
				} else if(!auth && n) {
					ws.send(JSON.stringify({
						response_ID: request_ID,

Replacement in server.js at line 1613 [24.590]

B:BD[18.65146] → [18.65146:65358]

					let r = (await pool.query(`update cart set status = 'user_cancelled' where user_id = $1 and store_id = $2 and (status = 'placed' or status = 'ready') returning system_time_start`, [id, parameters.store]));

[18.65146]

[36.9259]

					let params = [id, kartik];
					let precondition;
					if(parameters.update === 'cancel') {
						params.push('user_cancelled');
						precondition = "(x.status = 'placed' or x.status = 'ready')";
					} else if(parameters.update === 'reserve') {
						params.push('placed');
						precondition = "x.status = 'active'";
					}
					let data = 'invalid update';
					if(params.length === 3) {
						//https://stackoverflow.com/a/7927957
						let r = await pool.query(`
							update cart as x
							set
								status = $3,
								user_id = case
									when x.user_id is null then $1
									else x.user_id
								end
							from (select cart_id, user_id from cart where cart_id = $2 for update) as y
							where
								x.cart_id = y.cart_id and
								(x.user_id is null or x.user_id = $1) and
								${precondition}
							returning x.system_time_start, x.store_id, y.user_id as old_user`,
							params
						);
						if(r.rowCount === 1) {
							data = undefined;
							if(parameters.update === 'cancel') {
								ws.publish('store/reservations/' + r.rows[0].store_id, JSON.stringify({
									what: 'store/reservations/' + r.rows[0].store_id,
									how: 'update',
									data: {
										cart_id: parameters.cart,
										status: 'user_cancelled',
										as_of: r.rows[0].system_time_start
									}
								}));
								if(id) {//https://github.com/uNetworking/uWebSockets.js/issues/362
									ws.publish('user/reservations/' + id, JSON.stringify({
										what: 'user/reservations/' + id,
										how: 'update',
										data: {
											cart_id: parameters.cart,
											status: 'user_cancelled',
											as_of: r.rows[0].system_time_start
										}
									}));
									if(r.rows[0].old_user === null) {
										ws.publish('reservations/' + parameters.cart, JSON.stringify({
											what: 'reservations/' + parameters.cart,
											how: 'replace',
											why: 'claimed'
										}));
									}
								} else {
									ws.publish('reservations/' + parameters.cart, JSON.stringify({
										what: 'reservations/' + parameters.cart,
										how: 'update',
										data: {
											status: 'user_cancelled',
											as_of: r.rows[0].system_time_start
										}
									}));
								}
							} else {//'reserve'
								//distinct on is because product_image may multiple number of rows
								let line_items = (await pool.query(`
									select distinct on (product_id)
										product_id,
										variant_id,
										menu_item_id as menu_item,
										producer,
										brand,
										product.display_name as name,
										type,
										strain.display_name as strain,
										coalesce(product.species, strain.species) as species,
										blend,
										portions,
										variant.quantity::text as quantity,
										flavor,
										gram_equivalency::text,
										thc,
										cbd,
										price::text,
										line_item.quantity as howmany,
										destination as image
									from
										line_item
										inner join menu_item using (menu_item_id)
										inner join variant using (variant_id)
										inner join product using (product_id)
										left outer join strain using (strain_id)
										left outer join product_image using (product_id)
									where cart_id = $1
								`, [kartik])).rows;
								let types = new Set();
								for(let i = 0; i < line_items.length; ++i) {
									types.add(line_items[i].type);
								}
								let taxes = (await pool.query(`select name, rate::text, types from store_tax where store_id = $1 and (types is null or types && $2)`, [r.rows[0].store_id, [...types]])).rows;
								ws.publish('store/reservations/' + r.rows[0].store_id, JSON.stringify({
									what: 'store/reservations/' + r.rows[0].store_id,
									how: 'add',
									data: {
										cart_id: parameters.cart,
										statuses: [{status: 'placed', as_of: r.rows[0].system_time_start}],
										taxes,
										line_items
									}
								}));
								if(id) {//https://github.com/uNetworking/uWebSockets.js/issues/362
									ws.publish('user/reservations/' + id, JSON.stringify({
										what: 'user/reservations/' + id,
										how: 'add',
										data: {
											cart_id: parameters.cart,
											statuses: [{status: 'placed', as_of: r.rows[0].system_time_start}],
											taxes,
											line_items
										}
									}));
								}
							}
						}
					}

Replacement in server.js at line 1744 [24.590]
B:BD[36.9322] → [18.65359:65383]
```
						data: r.rowCount
```
[36.9322]
[36.9350]
```
						data
```

Deletion in server.js at line 1746 [24.590]

B:BD[36.9361] → [18.65384:65716]

					if(r.rowCount === 1) {
						ws.publish('store/reservations/' + parameters.store, JSON.stringify({
							what: 'store/reservations/' + parameters.store,
							how: 'update',
							data: {
								user_id: id,
								status: 'user_cancelled',
								as_of: r.rows[0].system_time_start
							}
						}));
					}

Replacement in server.js at line 1749 [24.590]

B:BD[18.65763] → [18.65763:65818]

				if(Number.isInteger(Number(parameters?.store))) {

[18.65763]

[18.65818]

				if(Number.isInteger(Number(parameters.store))) {

Insertion in server.js at line 1755 [24.590]

[18.66098]

							data[i].cart_id = cryptids.i2s(data[i].cart_id);

Replacement in server.js at line 1757 [24.590]

B:BD[18.66115] → [18.66115:66174]

							for(let j = 0; j < data[i].statuses.length; ++j) {

[18.66115]

[7.178]

							for(let j = data[i].statuses.length - 1; j >= 0; --j) {

Insertion in server.js at line 1762 [24.590]

[18.66478]

								if(j > 0 && data[i].statuses[j].status === data[i].statuses[j - 1].status) {
									data[i].statuses.splice(j, 1);
								}

Replacement in server.js at line 1808 [24.590]

B:BD[18.67660] → [18.67660:67761]

				if(Number.isInteger(Number(parameters?.store)) && Number.isInteger(Number(parameters?.user))) {

[18.67660]

[18.67761]

				let out = [];
				if(!Number.isInteger(Number(parameters.store))) {
					out.push('store');
				}
				let kartik;
				try {
					kartik = cryptids.s2i(parameters.cart);
				} catch(e) {
					out.push('cart');
				}
				if(out.length) {
					ws.send(JSON.stringify({
						response_ID: request_ID,
						data: 'missing ' + out.join(' and ')
					}));
				} else {

Replacement in server.js at line 1826 [24.590]

B:BD[18.67829] → [18.67829:67846]

∅:D[18.67846] → [16.14837:14872]

B:BD[16.14837] → [16.14837:14872]

						let data;
						switch(parameters.update) {

[18.67829]

[16.14872]

						let params = [parameters.store, kartik];
						switch(parameters.update) {//determine precondition

Replacement in server.js at line 1829 [24.590]

B:BD[16.14894] → [16.14894:14929]

B:BD[16.14929] → [18.67847:68028]

								data = (await pool.query(
									`update cart set status = 'ready' where store_id = $1 and user_id = $2 and status = 'placed' returning system_time_start`,
									[parameters.store, parameters.user]))

[16.14894]

[16.15091]

								params.push('ready', 'placed');

Replacement in server.js at line 1831 [24.590]

B:BD[16.15107] → [16.15107:15202]

B:BD[16.15202] → [18.68029:68208]

							case 'paid'://todo: decrement stock. maybe trigger?
								data = (await pool.query(
									`update cart set status = 'paid' where store_id = $1 and user_id = $2 and status = 'ready' returning system_time_start`,
									[parameters.store, parameters.user]))

[16.15107]

[16.15362]

							case 'paid':
								params.push('paid', 'ready');

Replacement in server.js at line 1835 [24.590]

B:BD[16.15401] → [16.15401:15436]

B:BD[16.15436] → [18.68209:68400]

								data = (await pool.query(
									`update cart set status = 'store_cancelled' where store_id = $1 and user_id = $2 and status = 'placed' returning system_time_start`,
									[parameters.store, parameters.user]))

[16.15401]

[16.15608]

								params.push('store_cancelled', 'placed');

Replacement in server.js at line 1838 [24.590]

B:BD[16.15647] → [16.15647:15682]

B:BD[16.15682] → [18.68401:68583]

								data = (await pool.query(
									`update cart set status = 'no_show' where store_id = $1 and user_id = $2 and status = 'ready' returning system_time_start`,
									[parameters.store, parameters.user]))

[16.15647]

[18.68583]

								params.push('no_show', 'ready');
								break;

Replacement in server.js at line 1841 [24.590]

B:BD[18.68592] → [18.68592:69184]

						if(data?.rowCount === 1) {
							ws.send(JSON.stringify({
								response_ID: request_ID
							}));
							if(parameters.update === 'cancel') {
								parameters.update = 'store_cancelled';
							} else if(parameters.update === 'noshow') {
								parameters.update = 'no_show';
							}
							ws.publish('store/reservations/' + parameters.store, JSON.stringify({
								what: 'store/reservations/' + parameters.store,
								how: 'update',
								data: {
									user_id: id,
									status: parameters.update,
									as_of: data.rows[0].system_time_start

[18.68592]

[18.69184]

						let data = 'invalid update';
						if(params.length === 4) {
							let query = await pool.query(
								`update cart set status = $3 where store_id = $1 and cart_id = $2 and status = $4 returning system_time_start, user_id`,
								params
							);
							if(query.rowCount === 1) {
								data = undefined;
								ws.publish('store/reservations/' + parameters.store, JSON.stringify({
									what: 'store/reservations/' + parameters.store,
									how: 'update',
									data: {
										cart_id: parameters.cart,
										status: params[2],
										as_of: query.rows[0].system_time_start
									}
								}));
								if(query.rows[0].user_id === null) {
									ws.publish('reservations/' + parameters.cart, JSON.stringify({
										what: 'reservations/' + parameters.cart,
										how: 'update',
										data: {
											status: params[2],
											as_of: query.rows[0].system_time_start
										}
									}));
								} else {
									ws.publish('user/reservations/' + query.rows[0].user_id, JSON.stringify({
										what: 'user/reservations/' + query.rows[0].user_id,
										how: 'update',
										data: {
											cart_id: parameters.cart,
											status: params[2],
											as_of: query.rows[0].system_time_start
										}
									}));

Replacement in server.js at line 1878 [24.590]

B:BD[18.69195] → [18.69195:69336]

							}));
						} else {
							ws.send(JSON.stringify({
								response_ID: request_ID,
								data: 'invalid update'
							}));

[18.69195]

[18.69336]

Insertion in server.js at line 1880 [24.590]

[18.69345]

						ws.send(JSON.stringify({
							response_ID: request_ID,
							data
						}));

Deletion in server.js at line 1909 [24.590]

B:BD[16.15944] → [16.15944:15952]

B:BD[16.15952] → [18.70174:70379]

					}
				} else {
					let out = [];
					if(!Number.isInteger(Number(parameters?.store))) {
						out.push('store');
					}
					if(!Number.isInteger(Number(parameters?.user))) {
						out.push('user')

Deletion in server.js at line 1910 [24.590]

B:BD[18.70387] → [18.70387:70505]

					ws.send(JSON.stringify({
						response_ID: request_ID,
						data: 'missing ' + out.join(' and ')
					}));