Merge pull request #3105 from LiskHQ/3005-validate_filters_getter_met…

…hods

Validate filter getter methods - Closes #3005

framework/src/components/storage/entities/account.js

@@ -276,6 +276,7 @@ class Account extends BaseEntity {
 
 		const defaultSort = { sort: 'balance:asc' };
 		this.extendDefaultOptions(defaultSort);
+		this.sortingFields.push('productivity');
 
 		this.SQLs = this.loadSQLFiles('account', sqlFiles);
 	}
@@ -396,6 +397,9 @@ class Account extends BaseEntity {
 	}
 
 	_getResults(filters, options, tx, expectedResultCount = undefined) {
+		this.validateFilters(filters);
+		this.validateOptions(options);
+
 		const mergedFilters = this.mergeFilters(filters);
 		const parsedFilters = this.parseFilters(mergedFilters);
 		const parsedOptions = _.defaults(

framework/src/components/storage/entities/base_entity.js

@@ -40,8 +40,10 @@ class BaseEntity {
 		this.defaultOptions = {
 			limit: 10,
 			offset: 0,
+			sort: false,
 			extended: false,
 		};
+		this.sortingFields = [];
 	}
 
 	/**
@@ -156,7 +158,7 @@ class BaseEntity {
 		// TODO: The dynamic generated json-schema should be implemented for validation
 
 		this.fields[name] = new Field(name, type, options, writer);
-
+		this.sortingFields.push(name);
 		this.filters = {
 			...this.filters,
 			...this.fields[name].getFilters(),
@@ -329,7 +331,7 @@ class BaseEntity {
 			);
 		}
 
-		if (!isSortOptionValid(options.sort, Object.keys(this.fields))) {
+		if (!isSortOptionValid(options.sort, this.sortingFields)) {
 			throw new NonSupportedOptionError('Invalid sort option.', options.sort);
 		}
 

framework/src/components/storage/entities/transaction.js

@@ -230,8 +230,10 @@ class Transaction extends BaseEntity {
 			condition: '"transferData" LIKE ${data_like}',
 		});
 
-		this.addFilter('dapp_name', filterTypes.CUSTOM, {
-			condition:
+		this.addField('dapp_name', 'string', {
+			fieldName: "asset->'dapp'->>'name'",
+			filter: filterTypes.CUSTOM,
+			filterCondition:
 				'asset @> \'{ "dapp": { "name": "${dapp_name:value}" } }\'::jsonb',
 		});
 
@@ -286,6 +288,7 @@ class Transaction extends BaseEntity {
 	 */
 	// eslint-disable-next-line no-unused-vars
 	count(filters, _options = {}, tx) {
+		this.validateFilters(filters);
 		filters = Transaction._sanitizeFilters(filters);
 
 		const mergedFilters = this.mergeFilters(filters);
@@ -375,6 +378,8 @@ class Transaction extends BaseEntity {
 
 	_getResults(filters, options, tx, expectedResultCount = undefined) {
 		filters = Transaction._sanitizeFilters(filters);
+		this.validateFilters(filters);
+		this.validateOptions(options);
 
 		const mergedFilters = this.mergeFilters(filters);
 		const parsedFilters = this.parseFilters(mergedFilters);

framework/src/modules/http_api/controllers/accounts.js

@@ -84,6 +84,12 @@ function accountFormatter(totalSupply, account) {
  * @todo Add description for the function and the params
  */
 AccountsController.getAccounts = async function(context, next) {
+	const invalidParams = swaggerHelper.invalidParams(context.request);
+
+	if (invalidParams.length) {
+		return next(swaggerHelper.generateParamsErrorObject(invalidParams));
+	}
+
 	const params = context.request.swagger.params;
 
 	let filters = {

framework/src/modules/http_api/controllers/blocks.js

@@ -19,6 +19,7 @@ const { getAddressFromPublicKey } = require('@liskhq/lisk-cryptography');
 const Bignumber = require('bignumber.js');
 const ApiError = require('../api_error');
 const apiCodes = require('../api_codes');
+const swaggerHelper = require('../helpers/swagger');
 
 let library;
 let sortFields;
@@ -60,6 +61,12 @@ function BlocksController(scope) {
  * @todo Add description for the function and the params
  */
 BlocksController.getBlocks = function(context, next) {
+	const invalidParams = swaggerHelper.invalidParams(context.request);
+
+	if (invalidParams.length) {
+		return next(swaggerHelper.generateParamsErrorObject(invalidParams));
+	}
+
 	const params = context.request.swagger.params;
 
 	let parsedParams = {

framework/src/modules/http_api/controllers/dapps.js

@@ -15,6 +15,7 @@
 'use strict';
 
 const _ = require('lodash');
+const swaggerHelper = require('../helpers/swagger');
 
 const { TRANSACTION_TYPES } = global.constants;
 
@@ -42,6 +43,12 @@ function DappsController(scope) {
  * @todo Add description for the function and the params
  */
 DappsController.getDapps = async function(context, next) {
+	const invalidParams = swaggerHelper.invalidParams(context.request);
+
+	if (invalidParams.length) {
+		return next(swaggerHelper.generateParamsErrorObject(invalidParams));
+	}
+
 	const params = context.request.swagger.params;
 
 	let options = {

framework/src/modules/http_api/controllers/delegates.js

@@ -49,6 +49,12 @@ function DelegatesController(scope) {
  * @todo Add description for the function and the params
  */
 DelegatesController.getDelegates = async function(context, next) {
+	const invalidParams = swaggerHelper.invalidParams(context.request);
+
+	if (invalidParams.length) {
+		return next(swaggerHelper.generateParamsErrorObject(invalidParams));
+	}
+
 	const params = context.request.swagger.params;
 
 	let filters = {

framework/src/modules/http_api/controllers/node.js

@@ -57,6 +57,12 @@ function NodeController(scope) {
  * @todo Add description for the function and the params
  */
 NodeController.getConstants = async (context, next) => {
+	const invalidParams = swaggerHelper.invalidParams(context.request);
+
+	if (invalidParams.length) {
+		return next(swaggerHelper.generateParamsErrorObject(invalidParams));
+	}
+
 	try {
 		const [lastBlock] = await library.components.storage.entities.Block.get(
 			{},

framework/src/modules/http_api/controllers/peers.js

@@ -15,6 +15,7 @@
 'use strict';
 
 const _ = require('lodash');
+const swaggerHelper = require('../helpers/swagger');
 
 // Private Fields
 let channel;
@@ -40,6 +41,12 @@ function PeersController(scope) {
  * @todo Add description for the function and the params
  */
 PeersController.getPeers = async function(context, next) {
+	const invalidParams = swaggerHelper.invalidParams(context.request);
+
+	if (invalidParams.length) {
+		return next(swaggerHelper.generateParamsErrorObject(invalidParams));
+	}
+
 	const params = context.request.swagger.params;
 
 	let filters = {

framework/src/modules/http_api/controllers/voters.js

@@ -48,6 +48,12 @@ function VotersController(scope) {
  * @todo Add description for the function and the params
  */
 VotersController.getVoters = async function(context, next) {
+	const invalidParams = swaggerHelper.invalidParams(context.request);
+
+	if (invalidParams.length) {
+		return next(swaggerHelper.generateParamsErrorObject(invalidParams));
+	}
+
 	const params = context.request.swagger.params;
 
 	let filters = {

framework/test/mocha/functional/http/get/blocks.js

@@ -16,6 +16,7 @@
 
 require('../../functional');
 
+const accountFixtures = require('../../../fixtures/accounts');
 const waitFor = require('../../../common/utils/wait_for');
 const SwaggerEndpoint = require('../../../common/swagger_spec');
 const apiHelpers = require('../../../common/helpers/api');
@@ -87,7 +88,7 @@ describe('GET /blocks', () => {
 			});
 
 			it('using invalid height = -1 should fail with error', async () => {
-				return blocksEndpoint.makeRequest({ height: 0 }, 400).then(res => {
+				return blocksEndpoint.makeRequest({ height: -1 }, 400).then(res => {
 					expectSwaggerParamError(res, 'height');
 				});
 			});
@@ -407,5 +408,90 @@ describe('GET /blocks', () => {
 				});
 			});
 		});
+
+		describe('with wrong input', () => {
+			it('using invalid field name should fail', async () => {
+				return blocksEndpoint
+					.makeRequest(
+						{
+							blockId: '1',
+							whatever: accountFixtures.genesis.address,
+						},
+						400
+					)
+					.then(res => {
+						expectSwaggerParamError(res, 'whatever');
+					});
+			});
+
+			it('using invalid field name (x:z) should fail', async () => {
+				return blocksEndpoint
+					.makeRequest(
+						{
+							'and:senderId': accountFixtures.genesis.address,
+						},
+						400
+					)
+					.then(res => {
+						expectSwaggerParamError(res, 'and:senderId');
+					});
+			});
+
+			it('using empty parameter should fail', async () => {
+				return blocksEndpoint
+					.makeRequest(
+						{
+							sort: '',
+						},
+						400
+					)
+					.then(res => {
+						expectSwaggerParamError(res, 'sort');
+					});
+			});
+
+			it('using completely invalid fields should fail', async () => {
+				return blocksEndpoint
+					.makeRequest(
+						{
+							blockId: 'invalid',
+							limit: 'invalid',
+							offset: 'invalid',
+							sort: 'invalid',
+						},
+						400
+					)
+					.then(res => {
+						expectSwaggerParamError(res, 'blockId');
+						expectSwaggerParamError(res, 'limit');
+						expectSwaggerParamError(res, 'offset');
+						expectSwaggerParamError(res, 'sort');
+					});
+			});
+
+			it('using partially invalid fields should fail', async () => {
+				return blocksEndpoint
+					.makeRequest(
+						{
+							blockId: 'invalid',
+							limit: 'invalid',
+							offset: 'invalid',
+							sort: 'height:desc',
+						},
+						400
+					)
+					.then(res => {
+						expectSwaggerParamError(res, 'blockId');
+						expectSwaggerParamError(res, 'limit');
+						expectSwaggerParamError(res, 'offset');
+					});
+			});
+		});
+
+		it('using no params should be ok', async () => {
+			return blocksEndpoint.makeRequest({}, 200).then(res => {
+				expect(res.body.data).to.not.empty;
+			});
+		});
 	});
 });