fix: tighten route integer parsing and test coverage
This commit is contained in:
@@ -11,7 +11,6 @@ import {
|
||||
* Search eBay for listings (default: Buy It Now only, Canada only)
|
||||
*/
|
||||
export async function ebayRoute(req: Request): Promise<Response> {
|
||||
try {
|
||||
const reqUrl = new URL(req.url);
|
||||
|
||||
const SEARCH_QUERY = getRequiredSearchQuery(req);
|
||||
@@ -64,6 +63,8 @@ export async function ebayRoute(req: Request): Promise<Response> {
|
||||
canadaOnly,
|
||||
maxItems,
|
||||
};
|
||||
|
||||
try {
|
||||
if (hideUnstableResults) {
|
||||
const items = await fetchEbayItems(SEARCH_QUERY, 1, opts, {
|
||||
hideUnstableResults: true,
|
||||
|
||||
@@ -12,6 +12,15 @@ export function getRequiredSearchQuery(req: Request): string | Response {
|
||||
return query;
|
||||
}
|
||||
|
||||
export function parseNonNegativeIntegerParam(
|
||||
searchParams: URLSearchParams,
|
||||
name: string,
|
||||
defaultValue: number,
|
||||
): number | Response;
|
||||
export function parseNonNegativeIntegerParam(
|
||||
searchParams: URLSearchParams,
|
||||
name: string,
|
||||
): number | undefined | Response;
|
||||
export function parseNonNegativeIntegerParam(
|
||||
searchParams: URLSearchParams,
|
||||
name: string,
|
||||
@@ -21,8 +30,14 @@ export function parseNonNegativeIntegerParam(
|
||||
if (rawValue === null) {
|
||||
return defaultValue;
|
||||
}
|
||||
if (!/^\d+$/.test(rawValue)) {
|
||||
return Response.json(
|
||||
{ message: `Invalid ${name} parameter` },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
const value = Number(rawValue);
|
||||
if (!Number.isInteger(value) || value < 0) {
|
||||
if (value < 0) {
|
||||
return Response.json(
|
||||
{ message: `Invalid ${name} parameter` },
|
||||
{ status: 400 },
|
||||
|
||||
@@ -501,6 +501,66 @@ describe("API routes", () => {
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute returns 400 for non-integer maxItems", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
new Request("http://localhost/api/ebay?q=laptop&maxItems=10abc"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute returns 400 for decimal maxItems", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
new Request("http://localhost/api/ebay?q=laptop&maxItems=1.5"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute returns 400 for empty maxItems", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
new Request("http://localhost/api/ebay?q=laptop&maxItems="),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute returns 400 for whitespace maxItems", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
new Request("http://localhost/api/ebay?q=laptop&maxItems=%20%20"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute returns 400 for hex maxItems", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
new Request("http://localhost/api/ebay?q=laptop&maxItems=0x10"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("facebookRoute returns 400 for invalid maxItems", async () => {
|
||||
const { facebookRoute } = await import("../src/routes/facebook");
|
||||
|
||||
@@ -513,7 +573,67 @@ describe("API routes", () => {
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute rejects non-integer minPrice", async () => {
|
||||
test("facebookRoute returns 400 for non-integer maxItems", async () => {
|
||||
const { facebookRoute } = await import("../src/routes/facebook");
|
||||
|
||||
const response = await facebookRoute(
|
||||
new Request("http://localhost/api/facebook?q=laptop&maxItems=10abc"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("facebookRoute returns 400 for decimal maxItems", async () => {
|
||||
const { facebookRoute } = await import("../src/routes/facebook");
|
||||
|
||||
const response = await facebookRoute(
|
||||
new Request("http://localhost/api/facebook?q=laptop&maxItems=1.5"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("facebookRoute returns 400 for empty maxItems", async () => {
|
||||
const { facebookRoute } = await import("../src/routes/facebook");
|
||||
|
||||
const response = await facebookRoute(
|
||||
new Request("http://localhost/api/facebook?q=laptop&maxItems="),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("facebookRoute returns 400 for whitespace maxItems", async () => {
|
||||
const { facebookRoute } = await import("../src/routes/facebook");
|
||||
|
||||
const response = await facebookRoute(
|
||||
new Request("http://localhost/api/facebook?q=laptop&maxItems=%20%20"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("facebookRoute returns 400 for hex maxItems", async () => {
|
||||
const { facebookRoute } = await import("../src/routes/facebook");
|
||||
|
||||
const response = await facebookRoute(
|
||||
new Request("http://localhost/api/facebook?q=laptop&maxItems=0x10"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute returns 400 for non-integer minPrice", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
@@ -537,7 +657,19 @@ describe("API routes", () => {
|
||||
expect(body.message).toBe("Invalid minPrice parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute rejects non-integer maxPrice", async () => {
|
||||
test("ebayRoute returns 400 for decimal minPrice", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
new Request("http://localhost/api/ebay?q=laptop&minPrice=1.5"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid minPrice parameter");
|
||||
});
|
||||
|
||||
test("ebayRoute returns 400 for non-integer maxPrice", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
@@ -561,7 +693,19 @@ describe("API routes", () => {
|
||||
expect(body.message).toBe("Invalid maxPrice parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute rejects decimal maxPages", async () => {
|
||||
test("ebayRoute returns 400 for decimal maxPrice", async () => {
|
||||
const { ebayRoute } = await import("../src/routes/ebay");
|
||||
|
||||
const response = await ebayRoute(
|
||||
new Request("http://localhost/api/ebay?q=laptop&maxPrice=1.5"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxPrice parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for decimal maxPages", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
@@ -585,6 +729,54 @@ describe("API routes", () => {
|
||||
expect(body.message).toBe("Invalid maxPages parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for non-integer maxPages", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&maxPages=10abc"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxPages parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for empty maxPages", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&maxPages="),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxPages parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for whitespace maxPages", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&maxPages=%20%20"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxPages parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for hex maxPages", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&maxPages=0x10"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxPages parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for invalid priceMin", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
@@ -597,6 +789,66 @@ describe("API routes", () => {
|
||||
expect(body.message).toBe("Invalid priceMin parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for decimal priceMin", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMin=1.5"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMin parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for non-integer priceMin", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMin=10abc"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMin parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for empty priceMin", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMin="),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMin parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for whitespace priceMin", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMin=%20%20"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMin parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for hex priceMin", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMin=0x10"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMin parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for invalid priceMax", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
@@ -609,16 +861,64 @@ describe("API routes", () => {
|
||||
expect(body.message).toBe("Invalid priceMax parameter");
|
||||
});
|
||||
|
||||
test("facebookRoute rejects non-integer maxItems", async () => {
|
||||
const { facebookRoute } = await import("../src/routes/facebook");
|
||||
test("kijijiRoute returns 400 for decimal priceMax", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await facebookRoute(
|
||||
new Request("http://localhost/api/facebook?q=laptop&maxItems=10abc"),
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMax=1.5"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid maxItems parameter");
|
||||
expect(body.message).toBe("Invalid priceMax parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for non-integer priceMax", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMax=10abc"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMax parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for empty priceMax", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMax="),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMax parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for whitespace priceMax", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMax=%20%20"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMax parameter");
|
||||
});
|
||||
|
||||
test("kijijiRoute returns 400 for hex priceMax", async () => {
|
||||
const { kijijiRoute } = await import("../src/routes/kijiji");
|
||||
|
||||
const response = await kijijiRoute(
|
||||
new Request("http://localhost/api/kijiji?q=laptop&priceMax=0x10"),
|
||||
);
|
||||
|
||||
expect(response.status).toBe(400);
|
||||
const body = await response.json();
|
||||
expect(body.message).toBe("Invalid priceMax parameter");
|
||||
});
|
||||
|
||||
test("facebookRoute returns 400 for negative maxItems", async () => {
|
||||
|
||||
Reference in New Issue
Block a user