Skip to content

Sanitized paging arguments for history fetch #367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
petruki merged 1 commit into from
Jan 20, 2023
Merged

Sanitized paging arguments for history fetch #367

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions src/helpers/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,29 @@ export function sortBy(args) {
return sort;
}

export function validatePagingArgs(args) {
if (args.limit && !Number.isInteger(args.limit))
return false;

if (args.skip && !Number.isInteger(args.skip))
return false;

if (args.sortBy) {
const parts = args.sortBy.split(':');

if (parts.length != 2)
return false;

if (!parts[0].match(/^[A-Za-z]+$/))
return false;

if (parts[1] != 'asc' && parts[1] != 'desc')
return false;
}

return true;
}

export async function verifyOwnership(admin, element, domainId, action, routerType, cascade = false) {
const domain = await getDomainById(domainId);
if (admin._id.equals(domain.owner)) {
Expand Down
14 changes: 9 additions & 5 deletions src/services/history.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,18 @@
import History from '../models/history';
import { sortBy } from '../helpers';
import { sortBy, validatePagingArgs } from '../helpers';
import { BadRequestError } from '../exceptions';

export async function getHistory(query, domainId, elementId, specs = {}) {
export async function getHistory(query, domainId, elementId, pagingArgs = {}) {
const findQuery = elementId ? { domainId, elementId } : { domainId };

if (!validatePagingArgs(pagingArgs))
throw new BadRequestError('Invalid paging args');

return History.find(findQuery)
.select(query)
.sort(sortBy(specs))
.limit(parseInt(specs.limit || 10))
.skip(parseInt(specs.skip || 0))
.sort(sortBy(pagingArgs))
.limit(parseInt(pagingArgs.limit || 10))
.skip(parseInt(pagingArgs.skip || 0))
.exec();
}

Expand Down
56 changes: 56 additions & 0 deletions tests/services/history.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,26 @@ describe('Testing history services', () => {
expect(history[0].elementId).toMatchObject(element1Id);
});

test('HISTORY_SERVICE - Should NOT get history - invalid paging args - limit', async () => {
const call = async () => {
await getHistory('elementId', domainId, element1Id, {
limit: '0'
});
};

await expect(call()).rejects.toThrowError('Invalid paging args');
});

test('HISTORY_SERVICE - Should NOT get history - invalid paging args - skip', async () => {
const call = async () => {
await getHistory('elementId', domainId, element1Id, {
skip: '0'
});
};

await expect(call()).rejects.toThrowError('Invalid paging args');
});

test('HISTORY_SERVICE - Should get history - skip first entry', async () => {
// given
const timestamp = Date.now();
Expand Down Expand Up @@ -78,6 +98,42 @@ describe('Testing history services', () => {
expect(history[0].oldValue.toJSON()).toMatchObject({ value: 1 });
});

test('HISTORY_SERVICE - Should NOT get history entries sorted - invalid sortBy query spec', async () => {
const call = async () => {
await getHistory('elementId', domainId, element1Id, {
sortBy: 'oldValue:ASC'
});
};

await expect(call()).rejects.toThrowError('Invalid paging args');
});

test('HISTORY_SERVICE - Should NOT get history entries sorted - invalid sortBy query spec #2', async () => {
const call = async () => {
await getHistory('elementId', domainId, element1Id, {
sortBy: 'oldValue'
});
};

await expect(call()).rejects.toThrowError('Invalid paging args');
});

test('HISTORY_SERVICE - Should NOT get history entries sorted - invalid sortBy query argument', async () => {
// given
const timestamp = Date.now();
await addHistory(domainId, element1Id, { value: 1 }, { value: 2 }, timestamp);
await addHistory(domainId, element1Id, { value: 3 }, { value: 4 }, timestamp);

// test
const call = async () => {
await getHistory('elementId', domainId, element1Id, {
sortBy: 'oldValue&:asc'
});
};

await expect(call()).rejects.toThrowError('Invalid paging args');
});

test('HISTORY_SERVICE - Should get history entries sorted by desc', async () => {
// given
const timestamp = Date.now();
Expand Down