Validate 'from' and 'to' tokens in client /messages endpoint

2021-09-06 16:08:49 +02:00 · 2021-09-06 16:08:49 +02:00 · 224201ae2f
commit 224201ae2f
parent 659fa17053
3 changed files with 8 additions and 11 deletions
--- a/lib/architex/schema/room.ex
+++ b/lib/architex/schema/room.ex
@ -69,7 +69,6 @@ defmodule Architex.Room do
  end

  def get_messages(room, %Messages{from: from, to: to, dir: dir, limit: limit}) do
-    # TODO: Quaternion seems to show events in the wrong order?
    # TODO: Check 'from' and 'to' formats.
    limit = limit || 10

@ -116,23 +115,19 @@ defmodule Architex.Room do

  defp get_start([], _), do: nil

-  defp get_start([%Event{nid: first_nid} | _], "f") do
-    Integer.to_string(first_nid)
-  end
+  defp get_start([%Event{nid: first_nid} | _], "f"), do: first_nid

  defp get_start(events, "b") do
    %Event{nid: last_nid} = List.last(events)
-    Integer.to_string(last_nid)
+    last_nid
  end

  defp get_end(events, limit, _) when length(events) < limit, do: nil

-  defp get_end([%Event{nid: first_nid} | _], _, "f") do
-    Integer.to_string(first_nid)
-  end
+  defp get_end([%Event{nid: first_nid} | _], _, "f"), do: first_nid

  defp get_end(events, _, "b") do
    %Event{nid: last_nid} = List.last(events)
-    Integer.to_string(last_nid)
+    last_nid
  end
 end
--- a/lib/architex_web/client/controllers/room_controller.ex
+++ b/lib/architex_web/client/controllers/room_controller.ex
@ -241,8 +241,8 @@ defmodule ArchitexWeb.Client.RoomController do
          {events, start, end_} = Room.get_messages(room, request)
          events = Enum.map(events, &Event.Formatters.for_client/1)
          data = %{chunk: events}
-          data = if start, do: Map.put(data, :start, start), else: data
-          data = if end_, do: Map.put(data, :end, end_), else: data
+          data = if start, do: Map.put(data, :start, Integer.to_string(start)), else: data
+          data = if end_, do: Map.put(data, :end, Integer.to_string(end_)), else: data

          conn
          |> put_status(200)
--- a/lib/architex_web/client/request/messages.ex
+++ b/lib/architex_web/client/request/messages.ex
@ -17,5 +17,7 @@ defmodule ArchitexWeb.Client.Request.Messages do
    |> Architex.validate_not_nil([:from])
    |> validate_inclusion(:dir, ["b", "f"])
    |> validate_number(:limit, greater_than: 0)
+    |> validate_format(:from, ~r/^[0-9]*$/)
+    |> validate_format(:to, ~r/^[0-9]+$/)
  end
 end