From ea46b7b783c44fb19b851a4324b777701e4daef4 Mon Sep 17 00:00:00 2001 From: kodumbeats Date: Tue, 22 Jun 2021 15:34:42 -0400 Subject: [PATCH] Use stricter validators for params --- app/controllers/api/database.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index f006893183..34712d5767 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -9,6 +9,7 @@ use Utopia\Validator\WhiteList; use Utopia\Validator\Text; use Utopia\Validator\ArrayList; use Utopia\Validator\JSON; +use Utopia\Database\Validator\Key; use Appwrite\Database\Validator\UID; use Utopia\Database\Exception\Authorization as AuthorizationException; use Utopia\Database\Exception\Structure as StructureException; @@ -241,13 +242,13 @@ App::post('/v1/database/collections/:collectionId/attributes') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_ATTRIBUTE) ->param('collectionId', '', new UID(), 'Collection unique ID. You can create a new collection using the Database service [server integration](/docs/server/database#createCollection).') - ->param('id', '', new Text(256), 'Attribute ID.') + ->param('id', '', new Key(), 'Attribute ID.') ->param('type', null, new Text(256), 'Attribute type.') ->param('size', null, new Numeric(), 'Attribute size for text attributes, in number of characters. For integers, floats, or bools, use 0.') ->param('required', null, new Boolean(), 'Is attribute required?') ->param('signed', true, new Boolean(), 'Is attribute signed?', true) ->param('array', false, new Boolean(), 'Is attribute an array?', true) - ->param('filters', [], new ArrayList(new Whitelist(['encrypt', 'json'])), 'Array of filters.', true) + // ->param('filters', [], new ArrayList(new Whitelist(['encrypt', 'json'])), 'Array of filters.', true) ->inject('response') ->inject('dbForExternal') ->inject('database') @@ -344,7 +345,7 @@ App::get('v1/database/collections/:collectionId/attributes/:attributeId') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_ATTRIBUTE) ->param('collectionId', '', new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') - ->param('attributeId', '', new Text(256), 'Attribute ID.') + ->param('attributeId', '', new Key(), 'Attribute ID.') ->inject('response') ->inject('dbForExternal') ->action(function ($collectionId, $attributeId, $response, $dbForExternal) { @@ -385,7 +386,7 @@ App::delete('/v1/database/collections/:collectionId/attributes/:attributeId') ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT) ->label('sdk.response.model', Response::MODEL_NONE) ->param('collectionId', '', new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') - ->param('attributeId', '', new Text(256), 'Attribute ID.') + ->param('attributeId', '', new Key(), 'Attribute ID.') ->inject('response') ->inject('dbForExternal') ->inject('database') @@ -448,11 +449,11 @@ App::post('/v1/database/collections/:collectionId/indexes') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_INDEX) ->param('collectionId', '', new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') - ->param('id', null, new Text(256), 'Index ID.') + ->param('id', null, new Key(), 'Index ID.') ->param('type', null, new WhiteList([Database::INDEX_KEY, Database::INDEX_FULLTEXT, Database::INDEX_UNIQUE, Database::INDEX_SPATIAL, Database::INDEX_ARRAY]), 'Index type.') - ->param('attributes', null, new ArrayList(new Text(256)), 'Array of attributes to index.') - ->param('lengths', [], new ArrayList(new Text(256)), 'Array of index lengths.', true) - ->param('orders', [], new ArrayList(new Text(256)), 'Array of index orders.', true) + ->param('attributes', null, new ArrayList(new Key()), 'Array of attributes to index.') + // ->param('lengths', [], new ArrayList(new Text(256)), 'Array of index lengths.', true) + ->param('orders', [], new ArrayList(new WhiteList(['ASC', 'DESC'])), 'Array of index orders.', true) ->inject('response') ->inject('dbForExternal') ->inject('database') @@ -547,7 +548,7 @@ App::get('v1/database/collections/:collectionId/indexes/:indexId') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_INDEX) ->param('collectionId', '', new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') - ->param('indexId', null, new Text(256), 'Index ID.') + ->param('indexId', null, new Key(), 'Index ID.') ->inject('response') ->inject('dbForExternal') ->action(function ($collectionId, $indexId, $response, $dbForExternal) { @@ -588,7 +589,7 @@ App::delete('/v1/database/collections/:collectionId/indexes/:indexId') ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT) ->label('sdk.response.model', Response::MODEL_NONE) ->param('collectionId', null, new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') - ->param('indexId', '', new UID(), 'Index unique ID.') + ->param('indexId', '', new Key(), 'Index ID.') ->inject('response') ->inject('dbForExternal') ->inject('database')