Prevent invalid date_format values

Author: ObserverOfTime

reader/filters.py

@@ -185,9 +185,15 @@ def to_html(self, *args, **kwargs) -> str:
 class DateFormat(BaseFilterBackend):
     """Date format filter."""
     description = 'Change the displayed date format.'
+    _values = ('iso-8601', 'rfc-5322', 'timestamp')
 
     def filter_queryset(self, request: Request, queryset: QuerySet,
                         view: ViewSet) -> QuerySet:
+        fmt = request.query_params.get('date_format')
+        if fmt and fmt not in self._values:
+            raise ValidationError(detail={
+                'error': f"Invalid date format: '{fmt}'."
+            })
         return queryset  # no actual filtering is performed
 
     def get_schema_operation_parameters(self, view: ViewSet) -> List[Dict]:
@@ -199,7 +205,7 @@ def get_schema_operation_parameters(self, view: ViewSet) -> List[Dict]:
             'schema': {
                 'type': 'string',
                 'default': 'iso-8601',
-                'enum': ('iso-8601', 'rfc-5322', 'timestamp')
+                'enum': self._values
             }
         }]
 

reader/serializers.py

@@ -64,14 +64,13 @@ class ChapterSerializer(ModelSerializer):
     def to_representation(self, instance: Chapter) -> Dict:
         rep = super().to_representation(instance)
         # HACK: adapt the date format based on a query param
-        dt_format = self.context['request'] \
-            .query_params.get('date_format', 'iso-8601')
+        fmt = self.context['request'].query_params.get('date_format')
         published = instance.published
         rep['published'] = {
             'iso-8601': published.strftime('%Y-%m-%dT%H:%M:%SZ'),
             'rfc-5322': published.strftime('%a, %d %b %Y %H:%M:%S GMT'),
             'timestamp': str(round(published.timestamp() * 1e3))
-        }.get(dt_format)
+        }.get(fmt or 'iso-8601')
         return rep
 
     def __uri(self, path: str) -> str: