Lucas/PoorBooru
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

api, backend: improve validations

Browse Source 
Introduce a sub for validating page number.

Introduce a sub for validating tag name and allow non-ASCII characters.
This commit is contained in:
Lucas 2023-02-19 18:09:44 +00:00
parent 3011d47ec8
commit 06a939bcd1
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/PoorBooru.pm
View File

@ -6,6 +6,8 @@ our $VERSION = v0.0.1;
my $POORBOORU_API = setting("poorbooru_api"); my $POORBOORU_API = setting("poorbooru_api");
sub validate_page_number ($) { $_[0] =~ /^[1-9][0-9]*$/ }
sub api_request ($$;%) sub api_request ($$;%)
{ {
my ($method, $path, $params_hashref) = @_; my ($method, $path, $params_hashref) = @_;
@ -60,7 +62,7 @@ hook before_template_render => sub {
get "/" => sub { get "/" => sub {
my $page = query_parameters->get("page") // 1; my $page = query_parameters->get("page") // 1;
send_error("Invalid page number", 400) if $page !~ /^[1-9][0-9]*$/; send_error("Invalid page number", 400) if !validate_page_number($page);
my $res = api_get("/media", { page => $page }); my $res = api_get("/media", { page => $page });
send_error("API error", 500) if !$res->{success}; send_error("API error", 500) if !$res->{success};
@ -81,7 +83,7 @@ get "/" => sub {
get "/tags" => sub { get "/tags" => sub {
my $page = query_parameters->get("page") // 1; my $page = query_parameters->get("page") // 1;
send_error("Invalid page number", 400) if $page !~ /^[1-9][0-9]*$/; send_error("Invalid page number", 400) if !validate_page_number($page);
my $res = api_get("/tags", { page => $page }); my $res = api_get("/tags", { page => $page });
send_error("API error", 500) if !$res->{success}; send_error("API error", 500) if !$res->{success};

12
lib/PoorBooru/API/V0.pm
View File

@ -10,8 +10,8 @@ use constant {
DEFAULT_CONTENT_TYPE => "application/json", DEFAULT_CONTENT_TYPE => "application/json",
}; };
my $TAG_NAME_RE = qr/^[0-9]*[A-Z_a-z][0-9A-Z_a-z]*$/; sub validate_page_number ($) { $_[0] =~ /^[1-9][0-9]*$/ }
my $NUMERIC_ID_RE = qr/^[1-9][0-9]*$/; sub validate_tag_name ($) { $_[0] !~ /^[1-9][0-9]*$/ && $_[0] =~ /^\w+$/ }
my $MEDIA_SEARCH_OPTS = { my $MEDIA_SEARCH_OPTS = {
order_by => { -desc => "media_id" }, order_by => { -desc => "media_id" },
@ -49,7 +49,7 @@ get "/meta" => sub {
get "/tags" => sub { get "/tags" => sub {
my $page = query_parameters->get("page") // 1; my $page = query_parameters->get("page") // 1;
send_error("Invalid page number", 400) if $page !~ $NUMERIC_ID_RE; send_error("Invalid page number", 400) if !validate_page_number($page);
my $paged_tags = schema("default")->resultset("TagsCountView") my $paged_tags = schema("default")->resultset("TagsCountView")
->search({}, $TAGS_COUNT_VIEW_SEARCH_OPTS)->page($page); ->search({}, $TAGS_COUNT_VIEW_SEARCH_OPTS)->page($page);
@ -70,7 +70,7 @@ post "/tags" => sub {
send_error("No tags provided", 400) if @tag_names == 0; send_error("No tags provided", 400) if @tag_names == 0;
send_error("Too many tags provided", 400) if @tag_names > 100; send_error("Too many tags provided", 400) if @tag_names > 100;
send_error("Invalid tag names", 400) if send_error("Invalid tag names", 400) if
grep { $_ !~ $TAG_NAME_RE } @tag_names; grep { validate_tag_name($_) } @tag_names;
my @tags; my @tags;
eval { eval {
@ -86,7 +86,7 @@ post "/tags" => sub {
get "/tag/:tag_id_or_name" => sub { get "/tag/:tag_id_or_name" => sub {
my $page = query_parameters->get("page") // 1; my $page = query_parameters->get("page") // 1;
send_error("Invalid page number", 400) if $page !~ $NUMERIC_ID_RE; send_error("Invalid page number", 400) if !validate_page_number($page);
my $tag_id_or_name = route_parameters->get("tag_id_or_name"); my $tag_id_or_name = route_parameters->get("tag_id_or_name");
@ -112,7 +112,7 @@ get "/tag/:tag_id_or_name" => sub {
get "/media" => sub { get "/media" => sub {
my $page = query_parameters->get("page") // 1; my $page = query_parameters->get("page") // 1;
send_error("Invalid page number", 400) if $page !~ $NUMERIC_ID_RE; send_error("Invalid page number", 400) if !validate_page_number($page);
my $paged_media = schema("default")->resultset("Media") my $paged_media = schema("default")->resultset("Media")
->search({}, $MEDIA_SEARCH_OPTS)->page($page); ->search({}, $MEDIA_SEARCH_OPTS)->page($page);