Add validation on route CreateConstitutionComment & GetConstitutionCommentRequest

2021-04-09 18:39:03 +02:00
parent f5c1aa29e8
commit 34513e25b6
4 changed files with 162 additions and 21 deletions
--- a/src/main/kotlin/fr/dcproject/component/comment/constitution/routes/CreateConstitutionComment.kt
+++ b/src/main/kotlin/fr/dcproject/component/comment/constitution/routes/CreateConstitutionComment.kt
@@ -1,5 +1,6 @@
 package fr.dcproject.component.comment.constitution.routes

+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.response.toOutput
 import fr.dcproject.common.security.assert
 import fr.dcproject.common.utils.receiveOrBadRequest
@@ -12,6 +13,9 @@ import fr.dcproject.component.comment.generic.CommentAccessControl
 import fr.dcproject.component.comment.generic.database.CommentForUpdate
 import fr.dcproject.component.comment.toOutput
 import fr.dcproject.component.constitution.database.ConstitutionRef
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.maxLength
+import io.konform.validation.jsonschema.minLength
 import io.ktor.application.call
 import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
@@ -26,27 +30,37 @@ object CreateConstitutionComment {
    @Location("/constitutions/{constitution}/comments")
    class CreateConstitutionCommentRequest(constitution: UUID) {
        val constitution = ConstitutionRef(constitution)
-        class Input(val content: String)
+        class Input(val content: String) {
+            fun validate() = Validation<Input> {
+                Input::content {
+                    minLength(20)
+                    maxLength(6000)
+                }
+            }.validate(this)
+        }
    }

    fun Route.createConstitutionComment(repo: CommentConstitutionRepository, ac: CommentAccessControl) {
        post<CreateConstitutionCommentRequest> {
            mustBeAuth()
-            call.receiveOrBadRequest<Input>().run {
-                CommentForUpdate(
-                    target = it.constitution,
-                    createdBy = citizen,
-                    content = content
-                )
-            }.let { comment ->
-                ac.assert { canCreate(comment, citizenOrNull) }
-                repo.comment(comment)

-                call.respond(
-                    HttpStatusCode.Created,
-                    comment.toOutput()
-                )
-            }
+            call.receiveOrBadRequest<Input>()
+                .apply { validate().badRequestIfNotValid() }
+                .run {
+                    CommentForUpdate(
+                        target = it.constitution,
+                        createdBy = citizen,
+                        content = content
+                    )
+                }.let { comment ->
+                    ac.assert { canCreate(comment, citizenOrNull) }
+                    repo.comment(comment)
+
+                    call.respond(
+                        HttpStatusCode.Created,
+                        comment.toOutput()
+                    )
+                }
        }
    }
 }
--- a/src/main/kotlin/fr/dcproject/component/comment/constitution/routes/GetConstitutionComment.kt
+++ b/src/main/kotlin/fr/dcproject/component/comment/constitution/routes/GetConstitutionComment.kt
@@ -1,5 +1,6 @@
 package fr.dcproject.component.comment.constitution.routes

+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.response.toOutput
 import fr.dcproject.common.security.assert
 import fr.dcproject.component.auth.citizenOrNull
@@ -7,6 +8,12 @@ import fr.dcproject.component.comment.constitution.database.CommentConstitutionR
 import fr.dcproject.component.comment.generic.CommentAccessControl
 import fr.dcproject.component.comment.toOutput
 import fr.dcproject.component.constitution.database.ConstitutionRef
+import fr.dcproject.routes.PaginatedRequest
+import fr.dcproject.routes.PaginatedRequestI
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.enum
+import io.konform.validation.jsonschema.maximum
+import io.konform.validation.jsonschema.minimum
 import io.ktor.application.call
 import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
@@ -19,12 +26,36 @@ import java.util.UUID
@KtorExperimentalLocationsAPI
 object GetConstitutionComment {
    @Location("/constitutions/{constitution}/comments")
-    class GetConstitutionCommentRequest(constitution: UUID) {
+    class GetConstitutionCommentRequest(
+        constitution: UUID,
+        page: Int = 1,
+        limit: Int = 50,
+        val search: String? = null,
+        val sort: String = "createdAt"
+    ) : PaginatedRequestI by PaginatedRequest(page, limit) {
        val constitution = ConstitutionRef(constitution)
+
+        fun validate() = Validation<GetConstitutionCommentRequest> {
+            GetConstitutionCommentRequest::page {
+                minimum(1)
+            }
+            GetConstitutionCommentRequest::limit {
+                minimum(1)
+                maximum(50)
+            }
+            GetConstitutionCommentRequest::sort ifPresent {
+                enum(
+                    "votes",
+                    "createdAt",
+                )
+            }
+        }.validate(this)
    }

    fun Route.getConstitutionComment(repo: CommentConstitutionRepository, ac: CommentAccessControl) {
        get<GetConstitutionCommentRequest> {
+            it.validate().badRequestIfNotValid()
+
            val comments = repo.findByTarget(it.constitution)
            ac.assert { canView(comments.result, citizenOrNull) }
            call.respond(