From caf7212cca2a5041b43e944b793e9d5fbe0881dd Mon Sep 17 00:00:00 2001 From: Joey Hines Date: Wed, 22 Dec 2021 19:00:40 -0700 Subject: [PATCH] Added string length validation (#4) + Added a length check to string fields on add_item and add_location + Only doing length validation for now + Clippy + Fmt --- geoffrey_api/src/commands/add_item.rs | 20 ++++++++++++-------- geoffrey_api/src/commands/add_location.rs | 6 ++++++ geoffrey_api/src/commands/mod.rs | 5 +++-- geoffrey_api/src/config.rs | 1 + geoffrey_api/src/helper/mod.rs | 9 +++++++++ geoffrey_bot/src/bot/commands/register.rs | 6 +++--- geoffrey_bot/src/bot/lang.rs | 3 ++- geoffrey_models/src/models/mod.rs | 2 +- 8 files changed, 37 insertions(+), 15 deletions(-) diff --git a/geoffrey_api/src/commands/add_item.rs b/geoffrey_api/src/commands/add_item.rs index ff9b96b..a3079e1 100644 --- a/geoffrey_api/src/commands/add_item.rs +++ b/geoffrey_api/src/commands/add_item.rs @@ -1,5 +1,7 @@ use crate::commands::{Command, RequestType}; +use crate::config::GeoffreyAPIConfig; use crate::context::Context; +use crate::helper::validate_string_parameter; use crate::Result; use geoffrey_db::helper::{find_location_by_name_type, load_location}; use geoffrey_models::models::item::ItemListing; @@ -28,14 +30,6 @@ impl Command for AddItem { CommandLevel::REGISTERED } - fn validate_parameters(req: &Self::Req) -> Result<()> { - if req.quantity == 0 { - Err(GeoffreyAPIError::ParameterInvalid("quantity".to_string())) - } else { - Ok(()) - } - } - fn run_command(ctx: Arc, req: &Self::Req, user: Option) -> Result { let user = user.unwrap(); @@ -56,4 +50,14 @@ impl Command for AddItem { Err(GeoffreyAPIError::EntryNotFound) } } + + fn validate_parameters(req: &Self::Req, cfg: &GeoffreyAPIConfig) -> Result<()> { + if req.quantity == 0 { + return Err(GeoffreyAPIError::ParameterInvalid("quantity".to_string())); + } + + validate_string_parameter("item_name", &req.item_name, cfg.max_str_len)?; + + Ok(()) + } } diff --git a/geoffrey_api/src/commands/add_location.rs b/geoffrey_api/src/commands/add_location.rs index d19cd5c..8a4647d 100644 --- a/geoffrey_api/src/commands/add_location.rs +++ b/geoffrey_api/src/commands/add_location.rs @@ -1,5 +1,7 @@ use crate::commands::{Command, RequestType}; +use crate::config::GeoffreyAPIConfig; use crate::context::Context; +use crate::helper::validate_string_parameter; use crate::Result; use geoffrey_db::helper::load_location; use geoffrey_models::models::locations::{Location, LocationDb}; @@ -41,4 +43,8 @@ impl Command for AddLocation { load_location(&ctx.db, &location).map_err(|err| err.into()) } + + fn validate_parameters(req: &Self::Req, cfg: &GeoffreyAPIConfig) -> Result<()> { + validate_string_parameter("name", &req.name, cfg.max_str_len) + } } diff --git a/geoffrey_api/src/commands/mod.rs b/geoffrey_api/src/commands/mod.rs index d305715..0e7a9f8 100644 --- a/geoffrey_api/src/commands/mod.rs +++ b/geoffrey_api/src/commands/mod.rs @@ -9,6 +9,7 @@ use crate::commands::register::Register; use crate::commands::remove_item::RemoveItem; use crate::commands::selling::Selling; use crate::commands::set_portal::SetPortal; +use crate::config::GeoffreyAPIConfig; use crate::context::Context; use crate::helper::{get_player_from_req, get_token_from_req}; use crate::Result; @@ -54,7 +55,7 @@ pub trait Command { fn command_level() -> CommandLevel; fn run_command(ctx: Arc, req: &Self::Req, user: Option) -> Result; - fn validate_parameters(_: &Self::Req) -> Result<()> { + fn validate_parameters(_: &Self::Req, _: &GeoffreyAPIConfig) -> Result<()> { Ok(()) } @@ -97,7 +98,7 @@ pub fn handle_command( match T::user_is_authorized(&token, &user) { Ok(_) => { - T::validate_parameters(&req.params)?; + T::validate_parameters(&req.params, &ctx.cfg)?; T::run_command(ctx, &req.params, user) } Err(e) => Err(e), diff --git a/geoffrey_api/src/config.rs b/geoffrey_api/src/config.rs index 2ba58f2..0e420a3 100644 --- a/geoffrey_api/src/config.rs +++ b/geoffrey_api/src/config.rs @@ -6,6 +6,7 @@ use std::path::{Path, PathBuf}; pub struct GeoffreyAPIConfig { pub db_path: PathBuf, pub host: String, + pub max_str_len: usize, } impl GeoffreyAPIConfig { diff --git a/geoffrey_api/src/helper/mod.rs b/geoffrey_api/src/helper/mod.rs index b08a614..de315cb 100644 --- a/geoffrey_api/src/helper/mod.rs +++ b/geoffrey_api/src/helper/mod.rs @@ -2,6 +2,7 @@ use crate::Result; use geoffrey_db::database::Database; use geoffrey_models::models::parameters::{CommandRequest, GeoffreyParam}; use geoffrey_models::models::player::Player; +use geoffrey_models::models::response::api_error::GeoffreyAPIError; use geoffrey_models::models::token::Token; pub fn get_player_from_req( @@ -25,3 +26,11 @@ pub fn get_token_from_req( .filter(|_, token: &Token| token.secret == req.token)? .next()) } + +pub fn validate_string_parameter(param_name: &str, s: &str, max_len: usize) -> Result<()> { + if s.len() < max_len { + Ok(()) + } else { + Err(GeoffreyAPIError::ParameterInvalid(param_name.to_string())) + } +} diff --git a/geoffrey_bot/src/bot/commands/register.rs b/geoffrey_bot/src/bot/commands/register.rs index 007b478..3f76012 100644 --- a/geoffrey_bot/src/bot/commands/register.rs +++ b/geoffrey_bot/src/bot/commands/register.rs @@ -6,11 +6,11 @@ use serenity::model::interactions::application_command::{ use crate::bot::arg_parse::option_to_string; use crate::bot::commands::{BotCommand, CommandError}; +use crate::bot::lang::ACCOUNT_LINK_INVALID; use geoffrey_models::models::parameters::register_params::RegisterParameters; use geoffrey_models::models::player::{Player, UserID}; -use serenity::builder::CreateApplicationCommand; use geoffrey_models::models::response::api_error::GeoffreyAPIError; -use crate::bot::lang::ACCOUNT_LINK_INVALID; +use serenity::builder::CreateApplicationCommand; pub struct RegisterCommand; @@ -32,7 +32,7 @@ impl BotCommand for RegisterCommand { CommandError::GeoffreyApi(GeoffreyAPIError::AccountLinkInvalid) => { Some(ACCOUNT_LINK_INVALID.to_string()) } - _ => None + _ => None, } } diff --git a/geoffrey_bot/src/bot/lang.rs b/geoffrey_bot/src/bot/lang.rs index 23499dc..9b84abf 100644 --- a/geoffrey_bot/src/bot/lang.rs +++ b/geoffrey_bot/src/bot/lang.rs @@ -4,4 +4,5 @@ pub const PLAYER_DOES_NOT_HAVE_MATCHING_SHOP: &str = "You don't have a shop by that name, try again champ."; pub const PLAYER_ALREADY_SELLS_ITEM: &str = "You already sell that ding dong"; pub const NO_LOCATION_FOUND: &str = "No location found by that name goober"; -pub const ACCOUNT_LINK_INVALID: &str = "Your link code is invalid. You may need a new one. Or to git gud."; +pub const ACCOUNT_LINK_INVALID: &str = + "Your link code is invalid. You may need a new one. Or to git gud."; diff --git a/geoffrey_models/src/models/mod.rs b/geoffrey_models/src/models/mod.rs index a52e059..52909d8 100644 --- a/geoffrey_models/src/models/mod.rs +++ b/geoffrey_models/src/models/mod.rs @@ -90,7 +90,7 @@ impl Display for Position { write!( f, "({} x={}, y={}, z={}) ", - self.dimension ,self.x, self.y, self.z + self.dimension, self.x, self.y, self.z ) } }