Add validation on Constitution routes

2021-04-10 23:45:16 +02:00
parent 0c8bcbd634
commit 6a5e00bb4d
7 changed files with 120 additions and 17 deletions
--- a/src/main/kotlin/fr/dcproject/common/request/PaginatedRequest.kt
+++ b/src/main/kotlin/fr/dcproject/common/request/PaginatedRequest.kt
@@ -6,9 +6,6 @@ interface PaginatedRequestI {
 }

 open class PaginatedRequest(
-    page: Int = 1,
-    limit: Int = 50
-) : PaginatedRequestI {
-    override val page: Int = if (page < 1) 1 else page
-    override val limit: Int = if (limit > 50) 50 else if (limit < 1) 1 else limit
-}
+    override val page: Int = 1,
+    override val limit: Int = 50
+) : PaginatedRequestI
--- a/src/main/kotlin/fr/dcproject/component/constitution/routes/CreateConstitution.kt
+++ b/src/main/kotlin/fr/dcproject/component/constitution/routes/CreateConstitution.kt
@@ -1,5 +1,6 @@
 package fr.dcproject.component.constitution.routes

+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.response.toOutput
 import fr.dcproject.common.security.assert
 import fr.dcproject.common.utils.receiveOrBadRequest
@@ -15,6 +16,9 @@ import fr.dcproject.component.constitution.database.ConstitutionForUpdate.TitleF
 import fr.dcproject.component.constitution.database.ConstitutionRepository
 import fr.dcproject.component.constitution.routes.CreateConstitution.PostConstitutionRequest.Input
 import fr.dcproject.component.constitution.routes.CreateConstitution.PostConstitutionRequest.Input.Title
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.maxLength
+import io.konform.validation.jsonschema.minLength
 import io.ktor.application.call
 import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
@@ -36,7 +40,6 @@ object CreateConstitution {
            val draft: Boolean = false,
            val versionId: UUID = UUID.randomUUID()
        ) {
-
            class Title(
                val id: UUID = UUID.randomUUID(),
                val name: String,
@@ -44,10 +47,25 @@ object CreateConstitution {
            ) {
                class ArticleRef(val id: UUID)
            }
+
+            fun validate() = Validation<Input> {
+                Input::title {
+                    minLength(10)
+                    maxLength(80)
+                }
+                Input::titles onEach {
+                    Title::name {
+                        minLength(10)
+                        maxLength(80)
+                    }
+                }
+            }.validate(this)
        }
    }

    private fun getNewConstitution(input: Input, citizen: Citizen) = input.run {
+        validate().badRequestIfNotValid()
+
        ConstitutionForUpdate<CitizenWithUserI, TitleForUpdate<ArticleRef>>(
            id = UUID.randomUUID(),
            title = title,
--- a/src/main/kotlin/fr/dcproject/component/constitution/routes/FindConstitutions.kt
+++ b/src/main/kotlin/fr/dcproject/component/constitution/routes/FindConstitutions.kt
@@ -1,5 +1,6 @@
 package fr.dcproject.component.constitution.routes

+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.response.toOutput
 import fr.dcproject.common.security.assert
 import fr.dcproject.component.auth.citizenOrNull
@@ -8,6 +9,10 @@ import fr.dcproject.component.constitution.database.ConstitutionRepository
 import fr.dcproject.routes.PaginatedRequest
 import fr.dcproject.routes.PaginatedRequestI
 import fr.postgresjson.repository.RepositoryI
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.enum
+import io.konform.validation.jsonschema.maximum
+import io.konform.validation.jsonschema.minimum
 import io.ktor.application.call
 import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
@@ -27,10 +32,27 @@ object FindConstitutions {
        val sort: String? = null,
        val direction: RepositoryI.Direction? = null,
        val search: String? = null
-    ) : PaginatedRequestI by PaginatedRequest(page, limit)
+    ) : PaginatedRequestI by PaginatedRequest(page, limit) {
+        fun validate() = Validation<FindConstitutionsRequest> {
+            FindConstitutionsRequest::page {
+                minimum(1)
+            }
+            FindConstitutionsRequest::limit {
+                minimum(1)
+                maximum(50)
+            }
+            FindConstitutionsRequest::sort ifPresent {
+                enum(
+                    "title",
+                    "createdAt",
+                )
+            }
+        }.validate(this)
+    }

    fun Route.findConstitutions(repo: ConstitutionRepository, ac: ConstitutionAccessControl) {
        get<FindConstitutionsRequest> {
+            it.validate().badRequestIfNotValid()
            val constitutions = repo.find(it.page, it.limit, it.sort, it.direction, it.search)
            ac.assert { canView(constitutions.result, citizenOrNull) }
            call.respond(