chore: Assert integers validation for most numeric input values (#741)

Author: arcoraven

src/server/routes/admin/nonces.ts

@@ -27,7 +27,7 @@ export const responseBodySchema = Type.Object({
         ...AddressSchema,
         description: "Backend wallet address",
       },
-      chainId: Type.Number({
+      chainId: Type.Integer({
         description: "Chain ID",
         examples: [80002],
       }),

src/server/routes/backend-wallet/getAll.ts

@@ -1,5 +1,5 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { getAllWallets } from "../../../db/wallets/getAllWallets";
 import {
@@ -8,15 +8,17 @@ import {
 } from "../../schemas/sharedApiSchemas";
 
 const QuerySchema = Type.Object({
-  page: Type.Number({
+  page: Type.Integer({
     description: "The page of wallets to get.",
     examples: ["1"],
     default: "1",
+    minimum: 1,
   }),
-  limit: Type.Number({
+  limit: Type.Integer({
     description: "The number of wallets to get per page.",
     examples: ["10"],
     default: "10",
+    minimum: 1,
   }),
 });
 

src/server/routes/backend-wallet/getNonce.ts

@@ -1,7 +1,7 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
-import { Address } from "thirdweb";
+import type { Address } from "thirdweb";
 import { inspectNonce } from "../../../db/wallets/walletNonce";
 import { standardResponseSchema } from "../../schemas/sharedApiSchemas";
 import { walletWithAddressParamSchema } from "../../schemas/wallet";
@@ -11,7 +11,7 @@ const requestSchema = walletWithAddressParamSchema;
 
 const responseSchema = Type.Object({
   result: Type.Object({
-    nonce: Type.Number(),
+    nonce: Type.Integer(),
   }),
 });
 

src/server/routes/backend-wallet/getTransactionsByNonce.ts

@@ -1,10 +1,10 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { TransactionDB } from "../../../db/transactions/db";
 import { getNonceMap } from "../../../db/wallets/nonceMap";
 import { normalizeAddress } from "../../../utils/primitiveTypes";
-import { AnyTransaction } from "../../../utils/transaction/types";
+import type { AnyTransaction } from "../../../utils/transaction/types";
 import { standardResponseSchema } from "../../schemas/sharedApiSchemas";
 import {
   TransactionSchema,
@@ -34,7 +34,7 @@ const requestQuerySchema = Type.Object({
 const responseBodySchema = Type.Object({
   result: Type.Array(
     Type.Object({
-      nonce: Type.Number(),
+      nonce: Type.Integer(),
       // Returns the transaction details by default.
       // Falls back to the queueId if the transaction details have been pruned.
       transaction: Type.Union([TransactionSchema, Type.String()]),

src/server/routes/backend-wallet/signTransaction.ts

@@ -21,8 +21,8 @@ const requestBodySchema = Type.Object({
     gasPrice: Type.Optional(Type.String()),
     data: Type.Optional(Type.String()),
     value: Type.Optional(Type.String()),
-    chainId: Type.Optional(Type.Number()),
-    type: Type.Optional(Type.Number()),
+    chainId: Type.Optional(Type.Integer()),
+    type: Type.Optional(Type.Integer()),
     accessList: Type.Optional(Type.Any()),
     maxFeePerGas: Type.Optional(Type.String()),
     maxPriorityFeePerGas: Type.Optional(Type.String()),

src/server/routes/configuration/backend-wallet-balance/update.ts

@@ -1,16 +1,18 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { updateConfiguration } from "../../../../db/configuration/updateConfiguration";
 import { getConfig } from "../../../../utils/cache/getConfig";
+import { WeiAmountStringSchema } from "../../../schemas/number";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 import { responseBodySchema } from "./get";
 
 const requestBodySchema = Type.Partial(
   Type.Object({
-    minWalletBalance: Type.String({
+    minWalletBalance: {
+      ...WeiAmountStringSchema,
       description: "Minimum wallet balance in wei",
-    }),
+    },
   }),
 );
 

src/server/routes/configuration/cache/update.ts

@@ -5,12 +5,12 @@ import { updateConfiguration } from "../../../../db/configuration/updateConfigur
 import { getConfig } from "../../../../utils/cache/getConfig";
 import { clearCacheCron } from "../../../../utils/cron/clearCacheCron";
 import { isValidCron } from "../../../../utils/cron/isValidCron";
+import { createCustomError } from "../../../middleware/error";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 import { responseBodySchema } from "./get";
 
 const requestBodySchema = Type.Object({
   clearCacheCronSchedule: Type.String({
-    minLength: 11,
     description:
       "Cron expression for clearing cache. It should be in the format of 'ss mm hh * * *' where ss is seconds, mm is minutes and hh is hours. Seconds should not be '*' or less than 10",
     default: "*/30 * * * * *",
@@ -37,12 +37,11 @@ export async function updateCacheConfiguration(fastify: FastifyInstance) {
     handler: async (req, res) => {
       const { clearCacheCronSchedule } = req.body;
       if (isValidCron(clearCacheCronSchedule) === false) {
-        return res.status(400).send({
-          error: {
-            code: 400,
-            message: "Invalid cron expression",
-          },
-        });
+        throw createCustomError(
+          "Invalid cron expression.",
+          StatusCodes.BAD_REQUEST,
+          "INVALID_CRON",
+        );
       }
 
       await updateConfiguration({ ...req.body });

src/server/routes/configuration/contract-subscriptions/update.ts

@@ -1,5 +1,5 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { updateConfiguration } from "../../../../db/configuration/updateConfiguration";
 import { getConfig } from "../../../../utils/cache/getConfig";
@@ -10,8 +10,12 @@ import {
 } from "../../../schemas/sharedApiSchemas";
 
 const requestBodySchema = Type.Object({
-  maxBlocksToIndex: Type.Optional(Type.Number({ minimum: 1, maximum: 25 })),
-  contractSubscriptionsRequeryDelaySeconds: Type.Optional(Type.String()),
+  maxBlocksToIndex: Type.Optional(Type.Integer({ minimum: 1, maximum: 100 })),
+  contractSubscriptionsRequeryDelaySeconds: Type.Optional(
+    Type.String({
+      description: `Requery after one or more delays. Use comma-separated positive integers. Example: "2,10" means requery after 2s and 10s.`,
+    }),
+  ),
 });
 
 const responseSchema = Type.Object({
@@ -51,11 +55,14 @@ export async function updateContractSubscriptionsConfiguration(
 
       if (contractSubscriptionsRequeryDelaySeconds) {
         try {
-          contractSubscriptionsRequeryDelaySeconds.split(",").forEach((d) => {
-            if (Number.isNaN(parseInt(d))) {
-              throw "Invalid number";
+          for (const delayStr of contractSubscriptionsRequeryDelaySeconds.split(
+            ",",
+          )) {
+            const delayInt = Number.parseInt(delayStr);
+            if (Number.isNaN(delayInt) || delayInt <= 0) {
+              throw `Invalid delay value. Use comma-separated positive integers: "2,10"`;
             }
-          });
+          }
         } catch {
           throw createCustomError(
             'At least one integer "contractSubscriptionsRequeryDelaySeconds" is required',

src/server/routes/configuration/transactions/get.ts

@@ -1,20 +1,20 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { getConfig } from "../../../../utils/cache/getConfig";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 
 const responseBodySchema = Type.Object({
   result: Type.Object({
-    minTxsToProcess: Type.Number(),
-    maxTxsToProcess: Type.Number(),
+    minTxsToProcess: Type.Integer(),
+    maxTxsToProcess: Type.Integer(),
     minedTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    maxTxsToUpdate: Type.Number(),
+    maxTxsToUpdate: Type.Integer(),
     retryTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    minEllapsedBlocksBeforeRetry: Type.Number(),
+    minEllapsedBlocksBeforeRetry: Type.Integer(),
     maxFeePerGasForRetries: Type.String(),
     maxPriorityFeePerGasForRetries: Type.String(),
-    maxRetriesPerTx: Type.Number(),
+    maxRetriesPerTx: Type.Integer(),
     clearCacheCronSchedule: Type.Union([Type.String(), Type.Null()]),
   }),
 });

src/server/routes/configuration/transactions/update.ts

@@ -1,35 +1,33 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { updateConfiguration } from "../../../../db/configuration/updateConfiguration";
 import { getConfig } from "../../../../utils/cache/getConfig";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 
 const requestBodySchema = Type.Partial(
   Type.Object({
-    minTxsToProcess: Type.Number(),
-    maxTxsToProcess: Type.Number(),
+    maxTxsToProcess: Type.Integer({ minimum: 1, maximum: 10_000 }),
+    maxTxsToUpdate: Type.Integer({ minimum: 1, maximum: 10_000 }),
     minedTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    maxTxsToUpdate: Type.Number(),
     retryTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    minEllapsedBlocksBeforeRetry: Type.Number(),
+    minEllapsedBlocksBeforeRetry: Type.Integer({ minimum: 1, maximum: 10_000 }),
     maxFeePerGasForRetries: Type.String(),
-    maxPriorityFeePerGasForRetries: Type.String(),
-    maxRetriesPerTx: Type.Number(),
+    maxRetriesPerTx: Type.Integer({ minimum: 0, maximum: 10_000 }),
   }),
 );
 
 const responseBodySchema = Type.Object({
   result: Type.Object({
-    minTxsToProcess: Type.Number(),
-    maxTxsToProcess: Type.Number(),
+    minTxsToProcess: Type.Integer(),
+    maxTxsToProcess: Type.Integer(),
     minedTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    maxTxsToUpdate: Type.Number(),
+    maxTxsToUpdate: Type.Integer(),
     retryTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    minEllapsedBlocksBeforeRetry: Type.Number(),
+    minEllapsedBlocksBeforeRetry: Type.Integer(),
     maxFeePerGasForRetries: Type.String(),
     maxPriorityFeePerGasForRetries: Type.String(),
-    maxRetriesPerTx: Type.Number(),
+    maxRetriesPerTx: Type.Integer(),
   }),
 });