From caf7212cca2a5041b43e944b793e9d5fbe0881dd Mon Sep 17 00:00:00 2001
From: Joey Hines <joey@ahines.net>
Date: Wed, 22 Dec 2021 19:00:40 -0700
Subject: [PATCH] Added string length validation (#4)

+ Added a length check to string fields on add_item and add_location
+ Only doing length validation for now
+ Clippy + Fmt
---
 geoffrey_api/src/commands/add_item.rs     | 20 ++++++++++++--------
 geoffrey_api/src/commands/add_location.rs |  6 ++++++
 geoffrey_api/src/commands/mod.rs          |  5 +++--
 geoffrey_api/src/config.rs                |  1 +
 geoffrey_api/src/helper/mod.rs            |  9 +++++++++
 geoffrey_bot/src/bot/commands/register.rs |  6 +++---
 geoffrey_bot/src/bot/lang.rs              |  3 ++-
 geoffrey_models/src/models/mod.rs         |  2 +-
 8 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/geoffrey_api/src/commands/add_item.rs b/geoffrey_api/src/commands/add_item.rs
index ff9b96b..a3079e1 100644
--- a/geoffrey_api/src/commands/add_item.rs
+++ b/geoffrey_api/src/commands/add_item.rs
@@ -1,5 +1,7 @@
 use crate::commands::{Command, RequestType};
+use crate::config::GeoffreyAPIConfig;
 use crate::context::Context;
+use crate::helper::validate_string_parameter;
 use crate::Result;
 use geoffrey_db::helper::{find_location_by_name_type, load_location};
 use geoffrey_models::models::item::ItemListing;
@@ -28,14 +30,6 @@ impl Command for AddItem {
         CommandLevel::REGISTERED
     }
 
-    fn validate_parameters(req: &Self::Req) -> Result<()> {
-        if req.quantity == 0 {
-            Err(GeoffreyAPIError::ParameterInvalid("quantity".to_string()))
-        } else {
-            Ok(())
-        }
-    }
-
     fn run_command(ctx: Arc<Context>, req: &Self::Req, user: Option<Player>) -> Result<Self::Resp> {
         let user = user.unwrap();
 
@@ -56,4 +50,14 @@ impl Command for AddItem {
             Err(GeoffreyAPIError::EntryNotFound)
         }
     }
+
+    fn validate_parameters(req: &Self::Req, cfg: &GeoffreyAPIConfig) -> Result<()> {
+        if req.quantity == 0 {
+            return Err(GeoffreyAPIError::ParameterInvalid("quantity".to_string()));
+        }
+
+        validate_string_parameter("item_name", &req.item_name, cfg.max_str_len)?;
+
+        Ok(())
+    }
 }
diff --git a/geoffrey_api/src/commands/add_location.rs b/geoffrey_api/src/commands/add_location.rs
index d19cd5c..8a4647d 100644
--- a/geoffrey_api/src/commands/add_location.rs
+++ b/geoffrey_api/src/commands/add_location.rs
@@ -1,5 +1,7 @@
 use crate::commands::{Command, RequestType};
+use crate::config::GeoffreyAPIConfig;
 use crate::context::Context;
+use crate::helper::validate_string_parameter;
 use crate::Result;
 use geoffrey_db::helper::load_location;
 use geoffrey_models::models::locations::{Location, LocationDb};
@@ -41,4 +43,8 @@ impl Command for AddLocation {
 
         load_location(&ctx.db, &location).map_err(|err| err.into())
     }
+
+    fn validate_parameters(req: &Self::Req, cfg: &GeoffreyAPIConfig) -> Result<()> {
+        validate_string_parameter("name", &req.name, cfg.max_str_len)
+    }
 }
diff --git a/geoffrey_api/src/commands/mod.rs b/geoffrey_api/src/commands/mod.rs
index d305715..0e7a9f8 100644
--- a/geoffrey_api/src/commands/mod.rs
+++ b/geoffrey_api/src/commands/mod.rs
@@ -9,6 +9,7 @@ use crate::commands::register::Register;
 use crate::commands::remove_item::RemoveItem;
 use crate::commands::selling::Selling;
 use crate::commands::set_portal::SetPortal;
+use crate::config::GeoffreyAPIConfig;
 use crate::context::Context;
 use crate::helper::{get_player_from_req, get_token_from_req};
 use crate::Result;
@@ -54,7 +55,7 @@ pub trait Command {
     fn command_level() -> CommandLevel;
     fn run_command(ctx: Arc<Context>, req: &Self::Req, user: Option<Player>) -> Result<Self::Resp>;
 
-    fn validate_parameters(_: &Self::Req) -> Result<()> {
+    fn validate_parameters(_: &Self::Req, _: &GeoffreyAPIConfig) -> Result<()> {
         Ok(())
     }
 
@@ -97,7 +98,7 @@ pub fn handle_command<T: Command>(
 
     match T::user_is_authorized(&token, &user) {
         Ok(_) => {
-            T::validate_parameters(&req.params)?;
+            T::validate_parameters(&req.params, &ctx.cfg)?;
             T::run_command(ctx, &req.params, user)
         }
         Err(e) => Err(e),
diff --git a/geoffrey_api/src/config.rs b/geoffrey_api/src/config.rs
index 2ba58f2..0e420a3 100644
--- a/geoffrey_api/src/config.rs
+++ b/geoffrey_api/src/config.rs
@@ -6,6 +6,7 @@ use std::path::{Path, PathBuf};
 pub struct GeoffreyAPIConfig {
     pub db_path: PathBuf,
     pub host: String,
+    pub max_str_len: usize,
 }
 
 impl GeoffreyAPIConfig {
diff --git a/geoffrey_api/src/helper/mod.rs b/geoffrey_api/src/helper/mod.rs
index b08a614..de315cb 100644
--- a/geoffrey_api/src/helper/mod.rs
+++ b/geoffrey_api/src/helper/mod.rs
@@ -2,6 +2,7 @@ use crate::Result;
 use geoffrey_db::database::Database;
 use geoffrey_models::models::parameters::{CommandRequest, GeoffreyParam};
 use geoffrey_models::models::player::Player;
+use geoffrey_models::models::response::api_error::GeoffreyAPIError;
 use geoffrey_models::models::token::Token;
 
 pub fn get_player_from_req<T: GeoffreyParam>(
@@ -25,3 +26,11 @@ pub fn get_token_from_req<T: GeoffreyParam>(
         .filter(|_, token: &Token| token.secret == req.token)?
         .next())
 }
+
+pub fn validate_string_parameter(param_name: &str, s: &str, max_len: usize) -> Result<()> {
+    if s.len() < max_len {
+        Ok(())
+    } else {
+        Err(GeoffreyAPIError::ParameterInvalid(param_name.to_string()))
+    }
+}
diff --git a/geoffrey_bot/src/bot/commands/register.rs b/geoffrey_bot/src/bot/commands/register.rs
index 007b478..3f76012 100644
--- a/geoffrey_bot/src/bot/commands/register.rs
+++ b/geoffrey_bot/src/bot/commands/register.rs
@@ -6,11 +6,11 @@ use serenity::model::interactions::application_command::{
 
 use crate::bot::arg_parse::option_to_string;
 use crate::bot::commands::{BotCommand, CommandError};
+use crate::bot::lang::ACCOUNT_LINK_INVALID;
 use geoffrey_models::models::parameters::register_params::RegisterParameters;
 use geoffrey_models::models::player::{Player, UserID};
-use serenity::builder::CreateApplicationCommand;
 use geoffrey_models::models::response::api_error::GeoffreyAPIError;
-use crate::bot::lang::ACCOUNT_LINK_INVALID;
+use serenity::builder::CreateApplicationCommand;
 
 pub struct RegisterCommand;
 
@@ -32,7 +32,7 @@ impl BotCommand for RegisterCommand {
             CommandError::GeoffreyApi(GeoffreyAPIError::AccountLinkInvalid) => {
                 Some(ACCOUNT_LINK_INVALID.to_string())
             }
-            _ => None
+            _ => None,
         }
     }
 
diff --git a/geoffrey_bot/src/bot/lang.rs b/geoffrey_bot/src/bot/lang.rs
index 23499dc..9b84abf 100644
--- a/geoffrey_bot/src/bot/lang.rs
+++ b/geoffrey_bot/src/bot/lang.rs
@@ -4,4 +4,5 @@ pub const PLAYER_DOES_NOT_HAVE_MATCHING_SHOP: &str =
     "You don't have a shop by that name, try again champ.";
 pub const PLAYER_ALREADY_SELLS_ITEM: &str = "You already sell that ding dong";
 pub const NO_LOCATION_FOUND: &str = "No location found by that name goober";
-pub const ACCOUNT_LINK_INVALID: &str = "Your link code is invalid. You may need a new one. Or to git gud.";
+pub const ACCOUNT_LINK_INVALID: &str =
+    "Your link code is invalid. You may need a new one. Or to git gud.";
diff --git a/geoffrey_models/src/models/mod.rs b/geoffrey_models/src/models/mod.rs
index a52e059..52909d8 100644
--- a/geoffrey_models/src/models/mod.rs
+++ b/geoffrey_models/src/models/mod.rs
@@ -90,7 +90,7 @@ impl Display for Position {
         write!(
             f,
             "({} x={}, y={}, z={}) ",
-            self.dimension ,self.x, self.y, self.z
+            self.dimension, self.x, self.y, self.z
         )
     }
 }