old4ever/ca-marketplace-scraper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: tighten route integer parsing and test coverage

Browse Source
This commit is contained in:
Dmytro Stanchiev
2026-04-29 00:32:23 -04:00
parent 3ea6ee3938
commit 3e4e35c9ae
3 changed files with 377 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
packages/api-server/src/routes/ebay.ts
View File

@@ -11,59 +11,60 @@ import {
* Search eBay for listings (default: Buy It Now only, Canada only) * Search eBay for listings (default: Buy It Now only, Canada only)
*/ */
export async function ebayRoute(req: Request): Promise<Response> { export async function ebayRoute(req: Request): Promise<Response> {
const reqUrl = new URL(req.url);
const SEARCH_QUERY = getRequiredSearchQuery(req);
if (SEARCH_QUERY instanceof Response) {
return SEARCH_QUERY;
}
const minPrice = parseNonNegativeIntegerParam(
reqUrl.searchParams,
"minPrice",
);
if (minPrice instanceof Response) {
return minPrice;
}
const maxPrice = parseNonNegativeIntegerParam(
reqUrl.searchParams,
"maxPrice",
);
if (maxPrice instanceof Response) {
return maxPrice;
}
const strictMode = reqUrl.searchParams.get("strictMode") === "true";
const buyItNowOnly = reqUrl.searchParams.get("buyItNowOnly") !== "false";
const canadaOnly = reqUrl.searchParams.get("canadaOnly") !== "false";
const exclusionsParam = reqUrl.searchParams.get("exclusions");
const exclusions = exclusionsParam
? exclusionsParam.split(",").map((s) => s.trim())
: [];
const keywordsParam = reqUrl.searchParams.get("keywords");
const keywords = keywordsParam
? keywordsParam.split(",").map((s) => s.trim())
: [SEARCH_QUERY];
const maxItems = parseNonNegativeIntegerParam(
reqUrl.searchParams,
"maxItems",
);
if (maxItems instanceof Response) {
return maxItems;
}
const hideUnstableResults =
reqUrl.searchParams.get("unstableFilter") === "true";
const opts = {
minPrice,
maxPrice,
strictMode,
exclusions,
keywords,
buyItNowOnly,
canadaOnly,
maxItems,
};
try { try {
const reqUrl = new URL(req.url);
const SEARCH_QUERY = getRequiredSearchQuery(req);
if (SEARCH_QUERY instanceof Response) {
return SEARCH_QUERY;
}
const minPrice = parseNonNegativeIntegerParam(
reqUrl.searchParams,
"minPrice",
);
if (minPrice instanceof Response) {
return minPrice;
}
const maxPrice = parseNonNegativeIntegerParam(
reqUrl.searchParams,
"maxPrice",
);
if (maxPrice instanceof Response) {
return maxPrice;
}
const strictMode = reqUrl.searchParams.get("strictMode") === "true";
const buyItNowOnly = reqUrl.searchParams.get("buyItNowOnly") !== "false";
const canadaOnly = reqUrl.searchParams.get("canadaOnly") !== "false";
const exclusionsParam = reqUrl.searchParams.get("exclusions");
const exclusions = exclusionsParam
? exclusionsParam.split(",").map((s) => s.trim())
: [];
const keywordsParam = reqUrl.searchParams.get("keywords");
const keywords = keywordsParam
? keywordsParam.split(",").map((s) => s.trim())
: [SEARCH_QUERY];
const maxItems = parseNonNegativeIntegerParam(
reqUrl.searchParams,
"maxItems",
);
if (maxItems instanceof Response) {
return maxItems;
}
const hideUnstableResults =
reqUrl.searchParams.get("unstableFilter") === "true";
const opts = {
minPrice,
maxPrice,
strictMode,
exclusions,
keywords,
buyItNowOnly,
canadaOnly,
maxItems,
};
if (hideUnstableResults) { if (hideUnstableResults) {
const items = await fetchEbayItems(SEARCH_QUERY, 1, opts, { const items = await fetchEbayItems(SEARCH_QUERY, 1, opts, {
hideUnstableResults: true, hideUnstableResults: true,

17
packages/api-server/src/routes/helpers.ts
View File

@@ -12,6 +12,15 @@ export function getRequiredSearchQuery(req: Request): string | Response {
return query; return query;
} }
export function parseNonNegativeIntegerParam(
searchParams: URLSearchParams,
name: string,
defaultValue: number,
): number | Response;
export function parseNonNegativeIntegerParam(
searchParams: URLSearchParams,
name: string,
): number | undefined | Response;
export function parseNonNegativeIntegerParam( export function parseNonNegativeIntegerParam(
searchParams: URLSearchParams, searchParams: URLSearchParams,
name: string, name: string,
@@ -21,8 +30,14 @@ export function parseNonNegativeIntegerParam(
if (rawValue === null) { if (rawValue === null) {
return defaultValue; return defaultValue;
} }
if (!/^\d+$/.test(rawValue)) {
return Response.json(
{ message: `Invalid ${name} parameter` },
{ status: 400 },
);
}
const value = Number(rawValue); const value = Number(rawValue);
if (!Number.isInteger(value) || value < 0) { if (value < 0) {
return Response.json( return Response.json(
{ message: `Invalid ${name} parameter` }, { message: `Invalid ${name} parameter` },
{ status: 400 }, { status: 400 },

316
packages/api-server/test/routes.test.ts
View File

@@ -501,6 +501,66 @@ describe("API routes", () => {
expect(body.message).toBe("Invalid maxItems parameter"); expect(body.message).toBe("Invalid maxItems parameter");
}); });
test("ebayRoute returns 400 for non-integer maxItems", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request("http://localhost/api/ebay?q=laptop&maxItems=10abc"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("ebayRoute returns 400 for decimal maxItems", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request("http://localhost/api/ebay?q=laptop&maxItems=1.5"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("ebayRoute returns 400 for empty maxItems", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request("http://localhost/api/ebay?q=laptop&maxItems="),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("ebayRoute returns 400 for whitespace maxItems", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request("http://localhost/api/ebay?q=laptop&maxItems=%20%20"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("ebayRoute returns 400 for hex maxItems", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request("http://localhost/api/ebay?q=laptop&maxItems=0x10"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("facebookRoute returns 400 for invalid maxItems", async () => { test("facebookRoute returns 400 for invalid maxItems", async () => {
const { facebookRoute } = await import("../src/routes/facebook"); const { facebookRoute } = await import("../src/routes/facebook");
@@ -513,7 +573,67 @@ describe("API routes", () => {
expect(body.message).toBe("Invalid maxItems parameter"); expect(body.message).toBe("Invalid maxItems parameter");
}); });
test("ebayRoute rejects non-integer minPrice", async () => { test("facebookRoute returns 400 for non-integer maxItems", async () => {
const { facebookRoute } = await import("../src/routes/facebook");
const response = await facebookRoute(
new Request("http://localhost/api/facebook?q=laptop&maxItems=10abc"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("facebookRoute returns 400 for decimal maxItems", async () => {
const { facebookRoute } = await import("../src/routes/facebook");
const response = await facebookRoute(
new Request("http://localhost/api/facebook?q=laptop&maxItems=1.5"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("facebookRoute returns 400 for empty maxItems", async () => {
const { facebookRoute } = await import("../src/routes/facebook");
const response = await facebookRoute(
new Request("http://localhost/api/facebook?q=laptop&maxItems="),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("facebookRoute returns 400 for whitespace maxItems", async () => {
const { facebookRoute } = await import("../src/routes/facebook");
const response = await facebookRoute(
new Request("http://localhost/api/facebook?q=laptop&maxItems=%20%20"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("facebookRoute returns 400 for hex maxItems", async () => {
const { facebookRoute } = await import("../src/routes/facebook");
const response = await facebookRoute(
new Request("http://localhost/api/facebook?q=laptop&maxItems=0x10"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter");
});
test("ebayRoute returns 400 for non-integer minPrice", async () => {
const { ebayRoute } = await import("../src/routes/ebay"); const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute( const response = await ebayRoute(
@@ -537,7 +657,19 @@ describe("API routes", () => {
expect(body.message).toBe("Invalid minPrice parameter"); expect(body.message).toBe("Invalid minPrice parameter");
}); });
test("ebayRoute rejects non-integer maxPrice", async () => { test("ebayRoute returns 400 for decimal minPrice", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request("http://localhost/api/ebay?q=laptop&minPrice=1.5"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid minPrice parameter");
});
test("ebayRoute returns 400 for non-integer maxPrice", async () => {
const { ebayRoute } = await import("../src/routes/ebay"); const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute( const response = await ebayRoute(
@@ -561,7 +693,19 @@ describe("API routes", () => {
expect(body.message).toBe("Invalid maxPrice parameter"); expect(body.message).toBe("Invalid maxPrice parameter");
}); });
test("kijijiRoute rejects decimal maxPages", async () => { test("ebayRoute returns 400 for decimal maxPrice", async () => {
const { ebayRoute } = await import("../src/routes/ebay");
const response = await ebayRoute(
new Request("http://localhost/api/ebay?q=laptop&maxPrice=1.5"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxPrice parameter");
});
test("kijijiRoute returns 400 for decimal maxPages", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji"); const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute( const response = await kijijiRoute(
@@ -585,6 +729,54 @@ describe("API routes", () => {
expect(body.message).toBe("Invalid maxPages parameter"); expect(body.message).toBe("Invalid maxPages parameter");
}); });
test("kijijiRoute returns 400 for non-integer maxPages", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&maxPages=10abc"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxPages parameter");
});
test("kijijiRoute returns 400 for empty maxPages", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&maxPages="),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxPages parameter");
});
test("kijijiRoute returns 400 for whitespace maxPages", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&maxPages=%20%20"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxPages parameter");
});
test("kijijiRoute returns 400 for hex maxPages", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&maxPages=0x10"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid maxPages parameter");
});
test("kijijiRoute returns 400 for invalid priceMin", async () => { test("kijijiRoute returns 400 for invalid priceMin", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji"); const { kijijiRoute } = await import("../src/routes/kijiji");
@@ -597,6 +789,66 @@ describe("API routes", () => {
expect(body.message).toBe("Invalid priceMin parameter"); expect(body.message).toBe("Invalid priceMin parameter");
}); });
test("kijijiRoute returns 400 for decimal priceMin", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMin=1.5"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMin parameter");
});
test("kijijiRoute returns 400 for non-integer priceMin", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMin=10abc"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMin parameter");
});
test("kijijiRoute returns 400 for empty priceMin", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMin="),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMin parameter");
});
test("kijijiRoute returns 400 for whitespace priceMin", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMin=%20%20"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMin parameter");
});
test("kijijiRoute returns 400 for hex priceMin", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMin=0x10"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMin parameter");
});
test("kijijiRoute returns 400 for invalid priceMax", async () => { test("kijijiRoute returns 400 for invalid priceMax", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji"); const { kijijiRoute } = await import("../src/routes/kijiji");
@@ -609,16 +861,64 @@ describe("API routes", () => {
expect(body.message).toBe("Invalid priceMax parameter"); expect(body.message).toBe("Invalid priceMax parameter");
}); });
test("facebookRoute rejects non-integer maxItems", async () => { test("kijijiRoute returns 400 for decimal priceMax", async () => {
const { facebookRoute } = await import("../src/routes/facebook"); const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await facebookRoute( const response = await kijijiRoute(
new Request("http://localhost/api/facebook?q=laptop&maxItems=10abc"), new Request("http://localhost/api/kijiji?q=laptop&priceMax=1.5"),
); );
expect(response.status).toBe(400); expect(response.status).toBe(400);
const body = await response.json(); const body = await response.json();
expect(body.message).toBe("Invalid maxItems parameter"); expect(body.message).toBe("Invalid priceMax parameter");
});
test("kijijiRoute returns 400 for non-integer priceMax", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMax=10abc"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMax parameter");
});
test("kijijiRoute returns 400 for empty priceMax", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMax="),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMax parameter");
});
test("kijijiRoute returns 400 for whitespace priceMax", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMax=%20%20"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMax parameter");
});
test("kijijiRoute returns 400 for hex priceMax", async () => {
const { kijijiRoute } = await import("../src/routes/kijiji");
const response = await kijijiRoute(
new Request("http://localhost/api/kijiji?q=laptop&priceMax=0x10"),
);
expect(response.status).toBe(400);
const body = await response.json();
expect(body.message).toBe("Invalid priceMax parameter");
}); });
test("facebookRoute returns 400 for negative maxItems", async () => { test("facebookRoute returns 400 for negative maxItems", async () => {