fix: improved pagination validation
This commit is contained in:
parent
32f83311f6
commit
0a8a685c12
|
@ -10,24 +10,39 @@ export default function pagination(options?: Object) {
|
|||
) {
|
||||
const opts = {
|
||||
defaultLimit: 15,
|
||||
defaultOffset: 0,
|
||||
maxLimit: 100,
|
||||
...options,
|
||||
};
|
||||
|
||||
let query = ctx.request.query;
|
||||
let body = ctx.request.body;
|
||||
// $FlowFixMe
|
||||
let limit = parseInt(query.limit || body.limit, 10);
|
||||
// $FlowFixMe
|
||||
let offset = parseInt(query.offset || body.offset, 10);
|
||||
limit = isNaN(limit) ? opts.defaultLimit : limit;
|
||||
offset = isNaN(offset) ? 0 : offset;
|
||||
let body: Object = ctx.request.body;
|
||||
let limit = query.limit || body.limit;
|
||||
let offset = query.offset || body.offset;
|
||||
|
||||
if (limit && isNaN(limit)) {
|
||||
throw new InvalidRequestError(`Pagination limit must be a valid number`);
|
||||
}
|
||||
if (offset && isNaN(offset)) {
|
||||
throw new InvalidRequestError(`Pagination offset must be a valid number`);
|
||||
}
|
||||
|
||||
limit = parseInt(limit || opts.defaultLimit, 10);
|
||||
offset = parseInt(offset || opts.defaultOffset, 10);
|
||||
|
||||
if (limit > opts.maxLimit) {
|
||||
throw new InvalidRequestError(
|
||||
`Pagination limit is too large (max ${opts.maxLimit})`
|
||||
);
|
||||
}
|
||||
if (limit <= 0) {
|
||||
throw new InvalidRequestError(`Pagination limit must be greater than 0`);
|
||||
}
|
||||
if (offset < 0) {
|
||||
throw new InvalidRequestError(
|
||||
`Pagination offset must be greater than or equal to 0`
|
||||
);
|
||||
}
|
||||
|
||||
ctx.state.pagination = {
|
||||
limit: limit,
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
/* eslint-disable flowtype/require-valid-file-annotation */
|
||||
import TestServer from 'fetch-test-server';
|
||||
import app from '../../app';
|
||||
import { flushdb, seed } from '../../test/support';
|
||||
|
||||
const server = new TestServer(app.callback());
|
||||
|
||||
beforeEach(flushdb);
|
||||
afterAll(server.close);
|
||||
|
||||
describe('#pagination', async () => {
|
||||
it('should allow offset and limit', async () => {
|
||||
const { user } = await seed();
|
||||
const res = await server.post('/api/users.list', {
|
||||
body: { token: user.getJwtToken(), limit: 1, offset: 1 },
|
||||
});
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
|
||||
it('should not allow negative limit', async () => {
|
||||
const { user } = await seed();
|
||||
const res = await server.post('/api/users.list', {
|
||||
body: { token: user.getJwtToken(), limit: -1 },
|
||||
});
|
||||
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
|
||||
it('should not allow non-integer limit', async () => {
|
||||
const { user } = await seed();
|
||||
const res = await server.post('/api/users.list', {
|
||||
body: { token: user.getJwtToken(), limit: 'blah' },
|
||||
});
|
||||
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
|
||||
it('should not allow negative offset', async () => {
|
||||
const { user } = await seed();
|
||||
const res = await server.post('/api/users.list', {
|
||||
body: { token: user.getJwtToken(), offset: -1 },
|
||||
});
|
||||
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
|
||||
it('should not allow non-integer offset', async () => {
|
||||
const { user } = await seed();
|
||||
const res = await server.post('/api/users.list', {
|
||||
body: { token: user.getJwtToken(), offset: 'blah' },
|
||||
});
|
||||
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
});
|
Reference in New Issue