validate params

max-ostapenko · max-ostapenko · commit bf41a1e5ea79 · 2025-06-08T21:57:49.000+02:00
diff --git a/src/__tests__/routes.test.js b/src/__tests__/routes.test.js
@@ -335,8 +335,10 @@ describe('API Routes', () => {
 
     it('should handle invalid query parameters gracefully', async () => {
       const res = await request(app).get('/v1/technologies?invalid=parameter');
-      expect(res.statusCode).toEqual(200);
-      expect(Array.isArray(res.body)).toBe(true);
+      expect(res.statusCode).toEqual(400);
+      expect(res.body).toHaveProperty('errors');
+      expect(res.body.errors[0]).toHaveProperty('error');
+      expect(res.body.errors[0].error).toContain('Unsupported parameters: ');
     });
   });
 
diff --git a/src/controllers/categoriesController.js b/src/controllers/categoriesController.js
@@ -6,6 +6,17 @@ import { executeQuery, validateArrayParameter } from '../utils/controllerHelpers
  */
 const listCategories = async (req, res) => {
   const queryBuilder = async (params) => {
+    // Validate parameters
+    const supportedParams = ['category', 'onlyname', 'fields'];
+    const providedParams = Object.keys(params);
+    const unsupportedParams = providedParams.filter(param => !supportedParams.includes(param));
+
+    if (unsupportedParams.length > 0) {
+      const error = new Error(`Unsupported parameters: ${unsupportedParams.join(', ')}.`);
+      error.statusCode = 400;
+      throw error;
+    }
+
     const isOnlyNames = params.onlyname || typeof params.onlyname === 'string';
     const hasCustomFields = params.fields && !isOnlyNames;
 
diff --git a/src/controllers/reportController.js b/src/controllers/reportController.js
@@ -49,6 +49,17 @@ const createReportController = (reportType) => {
         try {
             const params = req.query;
 
+            // Validate supported parameters
+            const supportedParams = ['technology', 'geo', 'rank', 'start', 'end'];
+            const providedParams = Object.keys(params);
+            const unsupportedParams = providedParams.filter(param => !supportedParams.includes(param));
+
+            if (unsupportedParams.length > 0) {
+                const error = new Error(`Unsupported parameters: ${unsupportedParams.join(', ')}.`);
+                error.statusCode = 400;
+                throw error;
+            }
+
             // Validate required parameters using shared utility
             const errors = validateRequiredParams(params, [
                 REQUIRED_PARAMS.GEO,
diff --git a/src/controllers/technologiesController.js b/src/controllers/technologiesController.js
@@ -6,6 +6,17 @@ import { executeQuery, validateTechnologyArray, validateArrayParameter, FIRESTOR
  */
 const listTechnologies = async (req, res) => {
   const queryBuilder = async (params) => {
+    // Validate parameters
+    const supportedParams = ['technology', 'category', 'onlyname', 'fields'];
+    const providedParams = Object.keys(params);
+    const unsupportedParams = providedParams.filter(param => !supportedParams.includes(param));
+
+    if (unsupportedParams.length > 0) {
+      const error = new Error(`Unsupported parameters: ${unsupportedParams.join(', ')}.`);
+      error.statusCode = 400;
+      throw error;
+    }
+
     const isOnlyNames = params.onlyname || typeof params.onlyname === 'string';
     const hasCustomFields = params.fields && !isOnlyNames;
 
diff --git a/src/controllers/versionsController.js b/src/controllers/versionsController.js
@@ -6,6 +6,17 @@ import { executeQuery, validateTechnologyArray, FIRESTORE_IN_LIMIT } from '../ut
  */
 const listVersions = async (req, res) => {
   const queryBuilder = async (params) => {
+    // Validate parameters
+    const supportedParams = ['version', 'technology', 'category', 'onlyname', 'fields'];
+    const providedParams = Object.keys(params);
+    const unsupportedParams = providedParams.filter(param => !supportedParams.includes(param));
+
+    if (unsupportedParams.length > 0) {
+      const error = new Error(`Unsupported parameters: ${unsupportedParams.join(', ')}.`);
+      error.statusCode = 400;
+      throw error;
+    }
+
     let query = firestore.collection('versions');
 
     // Apply technology filter with validation
diff --git a/src/utils/controllerHelpers.js b/src/utils/controllerHelpers.js
@@ -230,9 +230,14 @@ const getCacheStats = () => {
  */
 const handleControllerError = (res, error, operation) => {
   console.error(`Error ${operation}:`, error);
-  res.statusCode = 500;
+  const statusCode = error.statusCode || 500;
+  res.statusCode = statusCode;
+
+  // Use custom error message for client errors (4xx), generic message for server errors (5xx)
+  const errorMessage = statusCode >= 400 && statusCode < 500 ? error.message : `Failed to ${operation}`;
+
   res.end(JSON.stringify({
-    errors: [{ error: `Failed to ${operation}` }]
+    errors: [{ error: errorMessage }]
   }));
 };
 
diff --git a/test-api.sh b/test-api.sh
@@ -85,6 +85,7 @@ test_endpoint "/" ""
 
 # Test technologies endpoint
 test_cors_preflight "/v1/technologies"
+test_endpoint "/v1/technologies" "?onlyname=true"
 test_endpoint "/v1/technologies" "?technology=WordPress&onlyname=true"
 test_endpoint "/v1/technologies" "?technology=WordPress&onlyname=true&fields=technology,icon"
 test_endpoint "/v1/technologies" "?technology=WordPress&category=CMS&fields=technology,icon"
