api, backend: improve validations
Introduce a sub for validating page number. Introduce a sub for validating tag name and allow non-ASCII characters.
This commit is contained in:
parent
3011d47ec8
commit
06a939bcd1
@ -6,6 +6,8 @@ our $VERSION = v0.0.1;
|
|||||||
|
|
||||||
my $POORBOORU_API = setting("poorbooru_api");
|
my $POORBOORU_API = setting("poorbooru_api");
|
||||||
|
|
||||||
|
sub validate_page_number ($) { $_[0] =~ /^[1-9][0-9]*$/ }
|
||||||
|
|
||||||
sub api_request ($$;%)
|
sub api_request ($$;%)
|
||||||
{
|
{
|
||||||
my ($method, $path, $params_hashref) = @_;
|
my ($method, $path, $params_hashref) = @_;
|
||||||
@ -60,7 +62,7 @@ hook before_template_render => sub {
|
|||||||
|
|
||||||
get "/" => sub {
|
get "/" => sub {
|
||||||
my $page = query_parameters->get("page") // 1;
|
my $page = query_parameters->get("page") // 1;
|
||||||
send_error("Invalid page number", 400) if $page !~ /^[1-9][0-9]*$/;
|
send_error("Invalid page number", 400) if !validate_page_number($page);
|
||||||
|
|
||||||
my $res = api_get("/media", { page => $page });
|
my $res = api_get("/media", { page => $page });
|
||||||
send_error("API error", 500) if !$res->{success};
|
send_error("API error", 500) if !$res->{success};
|
||||||
@ -81,7 +83,7 @@ get "/" => sub {
|
|||||||
|
|
||||||
get "/tags" => sub {
|
get "/tags" => sub {
|
||||||
my $page = query_parameters->get("page") // 1;
|
my $page = query_parameters->get("page") // 1;
|
||||||
send_error("Invalid page number", 400) if $page !~ /^[1-9][0-9]*$/;
|
send_error("Invalid page number", 400) if !validate_page_number($page);
|
||||||
|
|
||||||
my $res = api_get("/tags", { page => $page });
|
my $res = api_get("/tags", { page => $page });
|
||||||
send_error("API error", 500) if !$res->{success};
|
send_error("API error", 500) if !$res->{success};
|
||||||
|
@ -10,8 +10,8 @@ use constant {
|
|||||||
DEFAULT_CONTENT_TYPE => "application/json",
|
DEFAULT_CONTENT_TYPE => "application/json",
|
||||||
};
|
};
|
||||||
|
|
||||||
my $TAG_NAME_RE = qr/^[0-9]*[A-Z_a-z][0-9A-Z_a-z]*$/;
|
sub validate_page_number ($) { $_[0] =~ /^[1-9][0-9]*$/ }
|
||||||
my $NUMERIC_ID_RE = qr/^[1-9][0-9]*$/;
|
sub validate_tag_name ($) { $_[0] !~ /^[1-9][0-9]*$/ && $_[0] =~ /^\w+$/ }
|
||||||
|
|
||||||
my $MEDIA_SEARCH_OPTS = {
|
my $MEDIA_SEARCH_OPTS = {
|
||||||
order_by => { -desc => "media_id" },
|
order_by => { -desc => "media_id" },
|
||||||
@ -49,7 +49,7 @@ get "/meta" => sub {
|
|||||||
|
|
||||||
get "/tags" => sub {
|
get "/tags" => sub {
|
||||||
my $page = query_parameters->get("page") // 1;
|
my $page = query_parameters->get("page") // 1;
|
||||||
send_error("Invalid page number", 400) if $page !~ $NUMERIC_ID_RE;
|
send_error("Invalid page number", 400) if !validate_page_number($page);
|
||||||
|
|
||||||
my $paged_tags = schema("default")->resultset("TagsCountView")
|
my $paged_tags = schema("default")->resultset("TagsCountView")
|
||||||
->search({}, $TAGS_COUNT_VIEW_SEARCH_OPTS)->page($page);
|
->search({}, $TAGS_COUNT_VIEW_SEARCH_OPTS)->page($page);
|
||||||
@ -70,7 +70,7 @@ post "/tags" => sub {
|
|||||||
send_error("No tags provided", 400) if @tag_names == 0;
|
send_error("No tags provided", 400) if @tag_names == 0;
|
||||||
send_error("Too many tags provided", 400) if @tag_names > 100;
|
send_error("Too many tags provided", 400) if @tag_names > 100;
|
||||||
send_error("Invalid tag names", 400) if
|
send_error("Invalid tag names", 400) if
|
||||||
grep { $_ !~ $TAG_NAME_RE } @tag_names;
|
grep { validate_tag_name($_) } @tag_names;
|
||||||
|
|
||||||
my @tags;
|
my @tags;
|
||||||
eval {
|
eval {
|
||||||
@ -86,7 +86,7 @@ post "/tags" => sub {
|
|||||||
|
|
||||||
get "/tag/:tag_id_or_name" => sub {
|
get "/tag/:tag_id_or_name" => sub {
|
||||||
my $page = query_parameters->get("page") // 1;
|
my $page = query_parameters->get("page") // 1;
|
||||||
send_error("Invalid page number", 400) if $page !~ $NUMERIC_ID_RE;
|
send_error("Invalid page number", 400) if !validate_page_number($page);
|
||||||
|
|
||||||
my $tag_id_or_name = route_parameters->get("tag_id_or_name");
|
my $tag_id_or_name = route_parameters->get("tag_id_or_name");
|
||||||
|
|
||||||
@ -112,7 +112,7 @@ get "/tag/:tag_id_or_name" => sub {
|
|||||||
|
|
||||||
get "/media" => sub {
|
get "/media" => sub {
|
||||||
my $page = query_parameters->get("page") // 1;
|
my $page = query_parameters->get("page") // 1;
|
||||||
send_error("Invalid page number", 400) if $page !~ $NUMERIC_ID_RE;
|
send_error("Invalid page number", 400) if !validate_page_number($page);
|
||||||
|
|
||||||
my $paged_media = schema("default")->resultset("Media")
|
my $paged_media = schema("default")->resultset("Media")
|
||||||
->search({}, $MEDIA_SEARCH_OPTS)->page($page);
|
->search({}, $MEDIA_SEARCH_OPTS)->page($page);
|
||||||
|
Loading…
Reference in New Issue
Block a user