From dfd299d4697a629f09ef20fc05c6d9e474bd5475 Mon Sep 17 00:00:00 2001 From: HampusM Date: Sun, 15 Aug 2021 15:29:53 +0200 Subject: Improved route parameter validation --- packages/server/src/app.ts | 5 +++++ packages/server/src/routes/api/v1/index.ts | 9 +++++++-- packages/server/src/routes/api/v1/repo/branches.ts | 5 +++++ packages/server/src/routes/api/v1/repo/index.ts | 10 +++++----- packages/server/src/routes/api/v1/repo/log.ts | 7 ++++++- packages/server/src/routes/repo.ts | 5 +++++ 6 files changed, 33 insertions(+), 8 deletions(-) diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts index 9ca3769..42d096a 100644 --- a/packages/server/src/app.ts +++ b/packages/server/src/app.ts @@ -11,6 +11,11 @@ export default function buildApp(settings: Settings): FastifyInstance { const fastify = fastifyFactory(); fastify.setErrorHandler((err, req, reply) => { + if(err.validation) { + reply.code(400).send(`${err.validation[0].dataPath} ${err.validation[0].message}`); + return; + } + console.log(err); reply.code(500).send("Internal server error!"); }); diff --git a/packages/server/src/routes/api/v1/index.ts b/packages/server/src/routes/api/v1/index.ts index fb9cd8a..4b63435 100644 --- a/packages/server/src/routes/api/v1/index.ts +++ b/packages/server/src/routes/api/v1/index.ts @@ -8,13 +8,13 @@ import { ServerError } from "../../../git/error"; function setHandlers(fastify: FastifyInstance): void { fastify.setErrorHandler((err, req, reply) => { - console.log(err); - if(err.validation) { reply.code(400).send({ error: `${err.validation[0].dataPath} ${err.validation[0].message}` }); return; } + console.log(err); + reply.code(500).send({ error: "Internal server error!" }); }); fastify.setNotFoundHandler((req, reply) => { @@ -49,6 +49,11 @@ function reposEndpoints(fastify: FastifyInstance, opts: FastifyPluginOptions, do fastify.route({ method: "GET", url: "/repos/:repo", + schema: { + params: { + repo: { type: "string" } + } + }, handler: async(req, reply) => { if(!verifyRepoName(req.params.repo)) { reply.code(400).send({ error: "Bad request" }); diff --git a/packages/server/src/routes/api/v1/repo/branches.ts b/packages/server/src/routes/api/v1/repo/branches.ts index c36463d..99f0327 100644 --- a/packages/server/src/routes/api/v1/repo/branches.ts +++ b/packages/server/src/routes/api/v1/repo/branches.ts @@ -24,6 +24,11 @@ export default function(fastify: FastifyInstance, opts: FastifyPluginOptions, do fastify.route({ method: "GET", url: "/branches/:branch", + schema: { + params: { + branch: { type: "string" } + } + }, handler: async(req, reply) => { const branch = await Branch.lookup(req.repository, req.params.branch); diff --git a/packages/server/src/routes/api/v1/repo/index.ts b/packages/server/src/routes/api/v1/repo/index.ts index 059a9d4..4cd6c51 100644 --- a/packages/server/src/routes/api/v1/repo/index.ts +++ b/packages/server/src/routes/api/v1/repo/index.ts @@ -103,6 +103,11 @@ export default function(fastify: FastifyInstance, opts: FastifyPluginOptions, do fastify.route({ method: "GET", url: "/tree/history", + schema: { + querystring: { + path: { type: "string" } + } + }, handler: async(req, reply) => { const tree = await req.repository.tree().catch((err: ServerError) => err); @@ -111,11 +116,6 @@ export default function(fastify: FastifyInstance, opts: FastifyPluginOptions, do return; } - if(Object.keys(req.query).length === 0) { - reply.code(400).send({ error: "Missing query parameter 'path'!" }); - return; - } - const tree_path = req.query.path; const tree_entry = await tree.find(tree_path).catch((err: ServerError) => err); diff --git a/packages/server/src/routes/api/v1/repo/log.ts b/packages/server/src/routes/api/v1/repo/log.ts index edca0b3..163cf80 100644 --- a/packages/server/src/routes/api/v1/repo/log.ts +++ b/packages/server/src/routes/api/v1/repo/log.ts @@ -23,7 +23,7 @@ export default function(fastify: FastifyInstance, opts: FastifyPluginOptions, do url: "/log", schema: { querystring: { - count: { type: "number" } + count: { type: "number", minimum: 1 } } }, handler: async(req, reply) => { @@ -38,6 +38,11 @@ export default function(fastify: FastifyInstance, opts: FastifyPluginOptions, do fastify.route({ method: "GET", url: "/log/:commit", + schema: { + params: { + commit: { type: "string" } + } + }, handler: async(req, reply) => { const commit_verification = await verifySHA(req.repository, req.params.commit); if(commit_verification.success === false && commit_verification.code) { diff --git a/packages/server/src/routes/repo.ts b/packages/server/src/routes/repo.ts index 32ac9c4..bb70c68 100644 --- a/packages/server/src/routes/repo.ts +++ b/packages/server/src/routes/repo.ts @@ -61,6 +61,11 @@ export default function(fastify: FastifyInstance, opts: FastifyPluginOptions, do fastify.route({ method: "GET", url: "/refs/tags/:tag", + schema: { + params: { + tag: { type: "string" } + } + }, handler: async(req, reply) => { const repository = await Repository.open(opts.config.settings.git_dir, req.params.repo).catch((err: ServerError) => err); -- cgit v1.2.3-18-g5258