old4ever/ca-marketplace-scraper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use explicit conditional calls and validate negative params

Browse Source
This commit is contained in:
Dmytro Stanchiev
2026-04-27 10:46:06 -04:00
parent a1af5d2630
commit 02b3f805b2
4 changed files with 131 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
packages/api-server/src/routes/ebay.ts
View File

@@ -21,7 +21,7 @@ export async function ebayRoute(req: Request): Promise<Response> {
const minPriceParam = reqUrl.searchParams.get("minPrice");
const minPrice = minPriceParam ? parseInt(minPriceParam, 10) : undefined;
if (minPriceParam && Number.isNaN(minPrice)) {
if (minPriceParam && (Number.isNaN(minPrice) || minPrice < 0)) {
return Response.json(
{ message: "Invalid minPrice parameter" },
{ status: 400 },
@@ -29,7 +29,7 @@ export async function ebayRoute(req: Request): Promise<Response> {
}
const maxPriceParam = reqUrl.searchParams.get("maxPrice");
const maxPrice = maxPriceParam ? parseInt(maxPriceParam, 10) : undefined;
if (maxPriceParam && Number.isNaN(maxPrice)) {
if (maxPriceParam && (Number.isNaN(maxPrice) || maxPrice < 0)) {
return Response.json(
{ message: "Invalid maxPrice parameter" },
{ status: 400 },
@@ -49,7 +49,7 @@ export async function ebayRoute(req: Request): Promise<Response> {
const maxItemsParam = reqUrl.searchParams.get("maxItems");
const maxItems = maxItemsParam ? parseInt(maxItemsParam, 10) : undefined;
if (maxItemsParam && Number.isNaN(maxItems)) {
if (maxItemsParam && (Number.isNaN(maxItems) || maxItems < 0)) {
return Response.json(
{ message: "Invalid maxItems parameter" },
{ status: 400 },
@@ -66,12 +66,11 @@ export async function ebayRoute(req: Request): Promise<Response> {
buyItNowOnly,
canadaOnly,
};
const items = await fetchEbayItems(
SEARCH_QUERY,
1,
opts,
...(hideUnstableResults ? [{ hideUnstableResults: true }] : []),
);
const items = hideUnstableResults
? await fetchEbayItems(SEARCH_QUERY, 1, opts, {
hideUnstableResults: true,
})
: await fetchEbayItems(SEARCH_QUERY, 1, opts);
const isEmpty = hideUnstableResults
? items.results.length === 0 && items.unstableResults.length === 0

14
packages/api-server/src/routes/facebook.ts
View File

@@ -20,7 +20,7 @@ export async function facebookRoute(req: Request): Promise<Response> {
const LOCATION = reqUrl.searchParams.get("location") || "toronto";
const maxItemsParam = reqUrl.searchParams.get("maxItems");
const maxItems = maxItemsParam ? parseInt(maxItemsParam, 10) : 25;
if (maxItemsParam && Number.isNaN(maxItems)) {
if (maxItemsParam && (Number.isNaN(maxItems) || maxItems < 0)) {
return Response.json(
{ message: "Invalid maxItems parameter" },
{ status: 400 },
@@ -30,13 +30,11 @@ export async function facebookRoute(req: Request): Promise<Response> {
reqUrl.searchParams.get("unstableFilter") === "true";
try {
const items = await fetchFacebookItems(
SEARCH_QUERY,
1,
LOCATION,
maxItems,
...(hideUnstableResults ? [{ hideUnstableResults: true }] : []),
);
const items = hideUnstableResults
? await fetchFacebookItems(SEARCH_QUERY, 1, LOCATION, maxItems, {
hideUnstableResults: true,
})
: await fetchFacebookItems(SEARCH_QUERY, 1, LOCATION, maxItems);
const isEmpty = hideUnstableResults
? items.results.length === 0 && items.unstableResults.length === 0

18
packages/api-server/src/routes/kijiji.ts
View File

@@ -19,7 +19,7 @@ export async function kijijiRoute(req: Request): Promise<Response> {
const maxPagesParam = reqUrl.searchParams.get("maxPages");
const maxPages = maxPagesParam ? parseInt(maxPagesParam, 10) : 5;
if (maxPagesParam && Number.isNaN(maxPages)) {
if (maxPagesParam && (Number.isNaN(maxPages) || maxPages < 0)) {
return Response.json(
{ message: "Invalid maxPages parameter" },
{ status: 400 },
@@ -27,7 +27,7 @@ export async function kijijiRoute(req: Request): Promise<Response> {
}
const priceMinParam = reqUrl.searchParams.get("priceMin");
const priceMin = priceMinParam ? parseInt(priceMinParam, 10) : undefined;
if (priceMinParam && Number.isNaN(priceMin)) {
if (priceMinParam && (Number.isNaN(priceMin) || priceMin < 0)) {
return Response.json(
{ message: "Invalid priceMin parameter" },
{ status: 400 },
@@ -35,7 +35,7 @@ export async function kijijiRoute(req: Request): Promise<Response> {
}
const priceMaxParam = reqUrl.searchParams.get("priceMax");
const priceMax = priceMaxParam ? parseInt(priceMaxParam, 10) : undefined;
if (priceMaxParam && Number.isNaN(priceMax)) {
if (priceMaxParam && (Number.isNaN(priceMax) || priceMax < 0)) {
return Response.json(
{ message: "Invalid priceMax parameter" },
{ status: 400 },
@@ -65,13 +65,21 @@ export async function kijijiRoute(req: Request): Promise<Response> {
};
try {
const items = await fetchKijijiItems(
const items = hideUnstableResults
? await fetchKijijiItems(
SEARCH_QUERY,
4, // 4 requests per second for faster scraping
"https://www.kijiji.ca",
searchOptions,
{},
{ hideUnstableResults: true },
)
: await fetchKijijiItems(
SEARCH_QUERY,
4, // 4 requests per second for faster scraping
"https://www.kijiji.ca",
searchOptions,
{},
...(hideUnstableResults ? [{ hideUnstableResults: true }] : []),
);
const isEmpty = hideUnstableResults

98
packages/api-server/test/routes.test.ts
View File

@@ -540,4 +540,102 @@ describe("API routes", () => {
const body = await response.json();
expect(body.message).toBe("Invalid priceMax parameter");
});
test("facebookRoute returns 400 for negative maxItems", async () => {
const { facebookRoute } = await import("../src/routes/facebook");
const response = await facebookRoute(
new Request(
"http://localhost/api/facebook?q=laptop&maxItems=-1",
),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("ebayRoute returns 400 for negative maxItems", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request(
"http://localhost/api/ebay?q=laptop&maxItems=-1",
),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("ebayRoute returns 400 for negative minPrice", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request(
"http://localhost/api/ebay?q=laptop&minPrice=-5",
),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid minPrice parameter");
});
test("ebayRoute returns 400 for negative maxPrice", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request(
"http://localhost/api/ebay?q=laptop&maxPrice=-10",
),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxPrice parameter");
});
test("kijijiRoute returns 400 for negative maxPages", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request(
"http://localhost/api/kijiji?q=laptop&maxPages=-2",
),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxPages parameter");
});
test("kijijiRoute returns 400 for negative priceMin", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request(
"http://localhost/api/kijiji?q=laptop&priceMin=-5",
),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMin parameter");
});
test("kijijiRoute returns 400 for negative priceMax", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request(
"http://localhost/api/kijiji?q=laptop&priceMax=-10",
),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMax parameter");
});
});