Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-10-27 11:18:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move pagination limit/page query param validation to middleware & check for positive integer

Browse Source
This commit is contained in:
advplyr 2024-10-06 16:29:30 -05:00
parent 8ba17db877
commit 64b78b5822
2 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/components/app/BookShelfToolbar.vue
View File

@ -479,8 +479,6 @@ export default {
}) })
}, },
async fetchAllAuthors() { async fetchAllAuthors() {
const authors = []
// fetch all authors from the server, in the order that they are currently displayed // fetch all authors from the server, in the order that they are currently displayed
const response = await this.$axios.$get(`/api/libraries/${this.currentLibraryId}/authors?sort=${this.settings.authorSortBy}&desc=${this.settings.authorSortDesc}`) const response = await this.$axios.$get(`/api/libraries/${this.currentLibraryId}/authors?sort=${this.settings.authorSortBy}&desc=${this.settings.authorSortDesc}`)
return response.authors return response.authors

44
server/controllers/LibraryController.js
View File

@ -493,8 +493,8 @@ class LibraryController {
const payload = { const payload = {
results: [], results: [],
total: undefined, total: undefined,
limit: req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) : 0, limit: req.query.limit,
page: req.query.page && !isNaN(req.query.page) ? Number(req.query.page) : 0, page: req.query.page,
sortBy: req.query.sort, sortBy: req.query.sort,
sortDesc: req.query.desc === '1', sortDesc: req.query.desc === '1',
filterBy: req.query.filter, filterBy: req.query.filter,
@ -504,13 +504,6 @@ class LibraryController {
include: include.join(',') include: include.join(',')
} }
if (!Number.isInteger(payload.limit) || payload.limit < 0) {
return res.status(400).send('Invalid request. Limit must be a positive integer')
}
if (!Number.isInteger(payload.page) || payload.page < 0) {
return res.status(400).send('Invalid request. Page must be a positive integer')
}
payload.offset = payload.page * payload.limit payload.offset = payload.page * payload.limit
// TODO: Temporary way of handling collapse sub-series. Either remove feature or handle through sql queries // TODO: Temporary way of handling collapse sub-series. Either remove feature or handle through sql queries
@ -602,8 +595,8 @@ class LibraryController {
const payload = { const payload = {
results: [], results: [],
total: 0, total: 0,
limit: req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) : 0, limit: req.query.limit,
page: req.query.page && !isNaN(req.query.page) ? Number(req.query.page) : 0, page: req.query.page,
sortBy: req.query.sort, sortBy: req.query.sort,
sortDesc: req.query.desc === '1', sortDesc: req.query.desc === '1',
filterBy: req.query.filter, filterBy: req.query.filter,
@ -674,8 +667,8 @@ class LibraryController {
const payload = { const payload = {
results: [], results: [],
total: 0, total: 0,
limit: req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) : 0, limit: req.query.limit,
page: req.query.page && !isNaN(req.query.page) ? Number(req.query.page) : 0, page: req.query.page,
sortBy: req.query.sort, sortBy: req.query.sort,
sortDesc: req.query.desc === '1', sortDesc: req.query.desc === '1',
filterBy: req.query.filter, filterBy: req.query.filter,
@ -710,8 +703,8 @@ class LibraryController {
const payload = { const payload = {
results: [], results: [],
total: playlistsForUser.length, total: playlistsForUser.length,
limit: req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) : 0, limit: req.query.limit,
page: req.query.page && !isNaN(req.query.page) ? Number(req.query.page) : 0 page: req.query.page
} }
if (payload.limit) { if (payload.limit) {
@ -742,7 +735,7 @@ class LibraryController {
* @param {Response} res * @param {Response} res
*/ */
async getUserPersonalizedShelves(req, res) { async getUserPersonalizedShelves(req, res) {
const limitPerShelf = req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) || 10 : 10 const limitPerShelf = req.query.limit || 10
const include = (req.query.include || '') const include = (req.query.include || '')
.split(',') .split(',')
.map((v) => v.trim().toLowerCase()) .map((v) => v.trim().toLowerCase())
@ -815,7 +808,7 @@ class LibraryController {
return res.status(400).send('Invalid request. Query param "q" must be a string') return res.status(400).send('Invalid request. Query param "q" must be a string')
} }
const limit = req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) : 12 const limit = req.query.limit || 12
const query = asciiOnlyToLowerCase(req.query.q.trim()) const query = asciiOnlyToLowerCase(req.query.q.trim())
const matches = await libraryItemFilters.search(req.user, req.library, query, limit) const matches = await libraryItemFilters.search(req.user, req.library, query, limit)
@ -873,7 +866,7 @@ class LibraryController {
* @param {Response} res * @param {Response} res
*/ */
async getAuthors(req, res) { async getAuthors(req, res) {
const isPaginated = req.query.limit && !isNaN(req.query.limit) && req.query.page && !isNaN(req.query.page) const isPaginated = req.query.limit && !isNaN(req.query.limit) && !isNaN(req.query.page)
const payload = { const payload = {
results: [], results: [],
@ -1147,8 +1140,8 @@ class LibraryController {
const payload = { const payload = {
episodes: [], episodes: [],
limit: req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) : 0, limit: req.query.limit,
page: req.query.page && !isNaN(req.query.page) ? Number(req.query.page) : 0 page: req.query.page
} }
const offset = payload.page * payload.limit const offset = payload.page * payload.limit
@ -1251,6 +1244,17 @@ class LibraryController {
return res.status(404).send('Library not found') return res.status(404).send('Library not found')
} }
req.library = library req.library = library
// Ensure pagination query params are positive integers
for (const queryKey of ['limit', 'page']) {
if (req.query[queryKey] !== undefined) {
req.query[queryKey] = !isNaN(req.query[queryKey]) ? Number(req.query[queryKey]) : 0
if (!Number.isInteger(req.query[queryKey]) || req.query[queryKey] < 0) {
return res.status(400).send(`Invalid request. ${queryKey} must be a positive integer`)
}
}
}
next() next()
} }
} }