Skip to content

Commit

Permalink
fix(api): Set expected type when getting parameter value
Browse files Browse the repository at this point in the history
  • Loading branch information
@nioc
nioc committed Mar 15, 2024
1 parent b82a7ae commit 6208526
Show file tree
Hide file tree
Showing 9 changed files with 44 additions and 19 deletions.
2 changes: 1 addition & 1 deletion server/api/accountCategories.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('aid', $id)) {
if (!$api->checkParameterExists('aid', $id, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the account id was not found in query
return;
Expand Down
6 changes: 3 additions & 3 deletions server/api/accountIcons.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
$api = new Api('json', ['GET', 'POST']);
switch ($api->method) {
case 'GET':
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
header('HTTP/1.0 404 Not Found');
//indicate the request is not valid
return;
Expand Down Expand Up @@ -43,7 +43,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the request is not valid
return;
Expand All @@ -60,7 +60,7 @@
return;
}
//account icon creation
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the request is not valid
return;
Expand Down
4 changes: 2 additions & 2 deletions server/api/accounts.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('id', $id)) {
if (!$api->checkParameterExists('id', $id, Api::PARAM_INTEGER)) {
//query all user's account
$user = new User($api->requesterId);
$accounts = array();
Expand Down Expand Up @@ -130,7 +130,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('id', $id)) {
if (!$api->checkParameterExists('id', $id, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the request is not valid
return;
Expand Down
8 changes: 4 additions & 4 deletions server/api/accounts_holders.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the account id was not provided
return;
Expand Down Expand Up @@ -47,7 +47,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the account id was not provided
return;
Expand Down Expand Up @@ -83,7 +83,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the account id was not provided
return;
Expand Down Expand Up @@ -125,7 +125,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('accountIdMustBeProvided'));
//indicate the account id was not provided
return;
Expand Down
4 changes: 2 additions & 2 deletions server/api/categories.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
//User not authentified/authorized
return;
}
if (!$api->checkParameterExists('id', $id)) {
if (!$api->checkParameterExists('id', $id, Api::PARAM_INTEGER)) {
//query all categories
$category = new Category();
$api->checkParameterExists('status', $status);
Expand Down Expand Up @@ -75,7 +75,7 @@
//indicate the requester is not allowed to update a category
return;
}
if (!$api->checkParameterExists('id', $id)) {
if (!$api->checkParameterExists('id', $id, Api::PARAM_INTEGER)) {
$api->output(400, $api->getMessage('categoryIsNotValid') . 'id');
//indicate the requester is not allowed to update a category
return;
Expand Down
2 changes: 1 addition & 1 deletion server/api/dataset.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
$file = $_FILES['file'];
// check extension
$allowedExtensions = array('.ofx');
if ($api->checkParameterExists('aid', $accountId)) {
if ($api->checkParameterExists('aid', $accountId, Api::PARAM_INTEGER)) {
$accountId = intval($accountId);
//allow json and qif files for dataset account
array_push($allowedExtensions, '.json', '.qif');
Expand Down
2 changes: 1 addition & 1 deletion server/api/graph.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
$isRecurringOnly = filter_var($isRecurringOnly, FILTER_VALIDATE_BOOLEAN);
}
//request transactions history
if ($api->checkParameterExists('aid', $aid)) {
if ($api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
//specific account
$account = new Account($aid);
if (!$account->get()) {
Expand Down
4 changes: 2 additions & 2 deletions server/api/transactions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
}
$api->checkParameterExists('periodStart', $periodStart);
$api->checkParameterExists('periodEnd', $periodEnd);
if (!$api->checkParameterExists('aid', $aid)) {
if (!$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER)) {
require_once $_SERVER['DOCUMENT_ROOT'].'/server/lib/User.php';
$user = new User($api->requesterId);
if ($api->checkParameterExists('id', $id) && $id !== '') {
Expand Down Expand Up @@ -112,7 +112,7 @@
//User not authentified/authorized
return;
}
$api->checkParameterExists('aid', $aid);
$api->checkParameterExists('aid', $aid, Api::PARAM_INTEGER);
if (!$api->checkParameterExists('id', $id) || $id === '') {
$api->output(400, $api->getMessage('transactionIdMustBeProvided'));
//Transaction was not provided, return an error
Expand Down
31 changes: 28 additions & 3 deletions server/lib/Api.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@
*/
class Api
{
const PARAM_STRING = 0;
const PARAM_INTEGER = 1;
const PARAM_FLOAT = 2;
/**
* @var string HTTP verb used to call API
*/
Expand Down Expand Up @@ -90,18 +93,40 @@ public function __construct($outputFormat = 'json', $allowedMethods = array('POS
* @param string $parameter The searched parameter
* @param string $value The returned value of the parameter
*/
public function checkParameterExists($parameter, &$value)
public function checkParameterExists($parameter, &$value, $type = self::PARAM_STRING)
{
$value = null;
if (array_key_exists($parameter, $this->query)) {
//parameter found in the query string
$value = $this->query[$parameter];
switch ($type) {
case self::PARAM_FLOAT:
$value = floatval($this->query[$parameter]);
break;
case self::PARAM_INTEGER:
$value = intval($this->query[$parameter]);
break;
case self::PARAM_STRING:
default:
$value = $this->query[$parameter];
break;
}
//returns requested parameter has been found in the query string
return true;
}
//try in the body request, if it exists
if (array_key_exists('body', $this->query) && $this->query['body'] && property_exists($this->query['body'], $parameter)) {
$value = $this->query['body']->$parameter;
switch ($type) {
case 'float':
$value = floatval($this->query['body']->$parameter);
break;
case 'integer':
$value = intval($this->query['body']->$parameter);
break;
case 'string':
default:
$value = $this->query['body']->$parameter;
break;
}
//returns requested parameter has been found in the body
return true;
}
Expand Down

0 comments on commit 6208526

Please sign in to comment.