From 6601ef19c2953438b266c6d605ecb5624e0bc0da Mon Sep 17 00:00:00 2001
From: andreas-unleash <andreas@getunleash.ai>
Date: Tue, 11 Jul 2023 12:06:28 +0300
Subject: [PATCH] fix: return 400 on incorrect client metrics input (#4193)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->
Wraps the whole `registerClientMetrics` function with try/catch to
return 400 on error
## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

<!-- Does it close an issue? Multiple? -->
Closes #
[1-1037](https://linear.app/unleash/issue/1-1037/return-4xx-error-for-incorrect-metrics-input)

<!-- (For internal contributors): Does it relate to an issue on public
roadmap? -->
<!--
Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item:
#
-->

### Important files
<!-- PRs can contain a lot of changes, but not all changes are equally
important. Where should a reviewer start looking to get an overview of
the changes? Are any files particularly important? -->


## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->
![Screenshot 2023-07-10 at 14 23
13](https://github.com/Unleash/unleash/assets/104830839/5417fb39-ce24-4b70-b3d3-c63374a29a12)

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
---
 src/lib/routes/client-api/metrics.ts                  | 11 +++++++----
 src/lib/services/client-metrics/metrics-service-v2.ts | 10 ++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/lib/routes/client-api/metrics.ts b/src/lib/routes/client-api/metrics.ts
index c879e2d975..253d7f2408 100644
--- a/src/lib/routes/client-api/metrics.ts
+++ b/src/lib/routes/client-api/metrics.ts
@@ -65,11 +65,14 @@ export default class ClientMetricsController extends Controller {
     }
 
     async registerMetrics(req: IAuthRequest, res: Response): Promise<void> {
-        const { body: data, ip: clientIp, user } = req;
-        data.environment = this.metricsV2.resolveMetricsEnvironment(user, data);
-        await this.clientInstanceService.registerInstance(data, clientIp);
-
         try {
+            const { body: data, ip: clientIp, user } = req;
+            data.environment = this.metricsV2.resolveMetricsEnvironment(
+                user,
+                data,
+            );
+            await this.clientInstanceService.registerInstance(data, clientIp);
+
             await this.metricsV2.registerClientMetrics(data, clientIp);
             res.status(202).end();
         } catch (e) {
diff --git a/src/lib/services/client-metrics/metrics-service-v2.ts b/src/lib/services/client-metrics/metrics-service-v2.ts
index bf545aa433..308c4192dc 100644
--- a/src/lib/services/client-metrics/metrics-service-v2.ts
+++ b/src/lib/services/client-metrics/metrics-service-v2.ts
@@ -20,6 +20,8 @@ import { collapseHourlyMetrics } from '../../util/collapseHourlyMetrics';
 import { LastSeenService } from './last-seen-service';
 import { generateHourBuckets } from '../../util/time-utils';
 import { ClientMetricsSchema } from 'lib/openapi';
+import { nameSchema } from '../../schema/feature-schema';
+import { BadDataError } from '../../error';
 
 export default class ClientMetricsServiceV2 {
     private config: IUnleashConfig;
@@ -81,6 +83,14 @@ export default class ClientMetricsServiceV2 {
                 ),
         );
 
+        for (const toggle of toggleNames) {
+            if (!(await nameSchema.validateAsync({ name: toggle }))) {
+                throw new BadDataError(
+                    `Invalid feature toggle name "${toggle}"`,
+                );
+            }
+        }
+
         this.logger.debug(`got metrics from ${clientIp}`);
 
         const clientMetrics: IClientMetricsEnv[] = toggleNames.map((name) => ({