fix(api): validate execution and bucket query filters

pixel365 · pixel365 · commit b89314d2ded3 · 2026-04-07T07:33:16.000+03:00
diff --git a/internal/api/filters.go b/internal/api/filters.go
@@ -40,10 +40,15 @@ func executionFilterFromRequest(r *http.Request) (model.CheckExecutionFilter, er
 		if err != nil {
 			return filter, err
 		}
+
+		if limit < 0 {
+			return filter, fmt.Errorf("limit must be greater than or equal to zero")
+		}
+
 		filter.Limit = limit
 	}
 
-	return filter, nil
+	return filter, validateExecutionFilter(filter)
 }
 
 func (h *Handler) timelineFilterFromRequest(
@@ -180,6 +185,18 @@ func validateBucketFilter(filter model.CheckExecutionAggregateFilter) error {
 		return fmt.Errorf("check_id is required")
 	}
 
+	if filter.From == nil {
+		return fmt.Errorf("from is required")
+	}
+
+	if filter.To == nil {
+		return fmt.Errorf("to is required")
+	}
+
+	if !filter.To.After(*filter.From) {
+		return fmt.Errorf("to must be after from")
+	}
+
 	switch filter.Bucket {
 	case "", model.CheckExecutionBucketSecond, model.CheckExecutionBucketMinute,
 		model.CheckExecutionBucketHour, model.CheckExecutionBucketDay:
@@ -189,3 +206,19 @@ func validateBucketFilter(filter model.CheckExecutionAggregateFilter) error {
 
 	return nil
 }
+
+func validateExecutionFilter(filter model.CheckExecutionFilter) error {
+	if filter.ServiceID == "" {
+		return fmt.Errorf("service_id is required")
+	}
+
+	if filter.CheckID == "" {
+		return fmt.Errorf("check_id is required")
+	}
+
+	if filter.From != nil && filter.To != nil && !filter.To.After(*filter.From) {
+		return fmt.Errorf("to must be after from")
+	}
+
+	return nil
+}
