add min max parameter validation for Number and Integer datatypes

Author: ubergesundheit

lib/controllers/measurementsController.js

@@ -340,7 +340,7 @@ module.exports = {
       { name: 'download', defaultValue: 'false', allowedValues: ['true', 'false'] },
       { predef: 'delimiter' },
       { name: 'outliers', allowedValues: ['mark', 'replace'] },
-      { name: 'outlierWindow', dataType: 'Number', aliases: ['outlier-window'], defaultValue: 15 },
+      { name: 'outlierWindow', dataType: 'Integer', aliases: ['outlier-window'], defaultValue: 15, min: 1, max: 50 },
       { predef: 'toDate' },
       { predef: 'fromDate' }
     ]),

lib/controllers/statisticsController.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const models = require('../models'),
-  { BadRequestError, UnprocessableEntityError } = require('restify-errors'),
+  { UnprocessableEntityError } = require('restify-errors'),
   statistics = require('../statistics'),
   { addCache } = require('../helpers/apiUtils'),
   { retrieveParameters, validateFromToTimeParams } = require('../helpers/userParamHelpers'),
@@ -72,26 +72,6 @@ const idwColumns = ['sensorId', 'value', 'lat', 'lon'];
 const idwHandler = function (req, res, next) {
   const { phenomenon, bbox, exposure, cellWidth, gridType, power, numTimeSteps, numClasses, fromDate, toDate } = req._userParams;
 
-  // validate numTimeSteps
-  if (numTimeSteps < 1 || numTimeSteps >= 10) {
-    return next(new BadRequestError('parameter numTimeSteps must be between 1 and 10'));
-  }
-
-  // validate power
-  if (power < 1 || power > 9) {
-    return next(new BadRequestError('parameter power must be between 1 and 9'));
-  }
-
-  // validate cellWidth
-  if (cellWidth < 0) {
-    return next(new BadRequestError('parameter cellWidth must be positive'));
-  }
-
-  // validate numClasses
-  if (numClasses < 0) {
-    return next(new BadRequestError('parameter numClasses must be positive'));
-  }
-
   // validate bbox param, we don't want too much load on our server!
   const areaSqKm = area(bbox) / 10e6;
 
@@ -152,14 +132,14 @@ module.exports = {
   ],
   getIdw: [
     retrieveParameters([
-      { predef: 'bbox' },
+      { predef: 'bbox', required: true },
       { name: 'exposure', allowedValues: models.Box.BOX_VALID_EXPOSURES },
       { name: 'phenomenon', required: true },
       { name: 'gridType', defaultValue: 'hex', allowedValues: ['hex', 'square', 'triangle'] },
-      { name: 'cellWidth', dataType: 'Number', defaultValue: 50 },
-      { name: 'power', dataType: 'Number', defaultValue: 1 },
-      { name: 'numTimeSteps', dataType: 'Number', defaultValue: 6 },
-      { name: 'numClasses', dataType: 'Number', defaultValue: 6 },
+      { name: 'cellWidth', dataType: 'Number', defaultValue: 50, min: 0.001 },
+      { name: 'power', dataType: 'Number', defaultValue: 1, min: 1, max: 9 },
+      { name: 'numTimeSteps', dataType: 'Integer', defaultValue: 6, min: 1, max: 10 },
+      { name: 'numClasses', dataType: 'Integer', defaultValue: 6, min: 1 },
       { predef: 'toDate' },
       { predef: 'fromDate' }
     ]),

lib/helpers/userParamHelpers.js

@@ -142,6 +142,11 @@ const paramParsersAndChecks = {
   'bbox': {
     parser: bboxParser,
     check: poly => poly
+  },
+  'Integer': {
+    parser: Number.parseFloat,
+    check: Number.isSafeInteger,
+    failOnCheckResultEquals: false
   }
 };
 
@@ -208,25 +213,53 @@ const extractParam = function extractParam ({ req: { params, rawBody, body, _bod
   return { value, nameUsed };
 };
 
+const validateMinMaxParam = function validateMinMaxParam (valueArr, min, max) {
+  if (!Array.isArray(valueArr)) {
+    return valueArr;
+  }
+
+  for (const value of valueArr) {
+    const tooLow = (min && value < min),
+      tooHigh = (max && value > max);
+
+    const errStr = `Supplied value ${value} is outside of allowed range`;
+    if (tooLow === true && tooHigh === true) {
+      return new Error(`${errStr} (${min}, ${max})`);
+    }
+
+    if (tooLow === true) {
+      return new Error(`${errStr} (< ${min})`);
+    }
+
+    if (tooHigh === true) {
+      return new Error(`${errStr} (> ${max})`);
+    }
+  }
+
+  return valueArr;
+};
+
 const ARRAY_NOT_ALLOWED = 1,
   CAST_FAILED = 2,
   ILLEGAL_VALUE = 3,
   ERROR_CUSTOM_MESSAGE = 4;
 
-const validateAndCastParam = function validateAndCastParam ({ value, dataType, allowedValues, mapping, dataTypeIsArray }) {
+const validateAndCastParam = function validateAndCastParam ({ value, dataType, allowedValues, mapping, dataTypeIsArray, min, max }) {
   // wrap dataType in array for calling of casting function
   dataType = (dataTypeIsArray ? dataType[0] : dataType);
   if (!dataTypeIsArray && Array.isArray(value)) {
     return { error: ARRAY_NOT_ALLOWED };
   }
 
   // test and cast value against dataType
-  const castedValue = castParam(value, dataType, dataTypeIsArray);
+  let castedValue = castParam(value, dataType, dataTypeIsArray);
 
   if (typeof castedValue === 'undefined') {
     return { error: CAST_FAILED };
   }
 
+  castedValue = validateMinMaxParam(castedValue, min, max);
+
   if (castedValue instanceof Error) {
     return { error: ERROR_CUSTOM_MESSAGE, message: castedValue.message };
   }
@@ -325,7 +358,7 @@ const retrieveParametersPredefs = {
   }
 };
 
-const handleAndSetParameterRequest = function handleAndSetParameterRequest (req, next, { name, aliases, dataType = 'String', allowedValues, mapping, required = false, defaultValue, paramValidatorAndParser = validateAndCastParam }) {
+const handleAndSetParameterRequest = function handleAndSetParameterRequest (req, next, { name, aliases, dataType = 'String', allowedValues, mapping, required = false, defaultValue, min, max, paramValidatorAndParser = validateAndCastParam }) {
   // extract param from request
   const { value, nameUsed } = extractParam({ req, name, aliases });
   // there was no user supplied value but a default value
@@ -344,7 +377,7 @@ const handleAndSetParameterRequest = function handleAndSetParameterRequest (req,
   const dataTypeIsArray = Array.isArray(dataType);
   // at this point we can assume the parameter was set
   // validate
-  const { castedValue, error, message } = paramValidatorAndParser({ value, dataType, allowedValues, mapping, dataTypeIsArray });
+  const { castedValue, error, message } = paramValidatorAndParser({ value, dataType, allowedValues, mapping, dataTypeIsArray, min, max });
   switch (error) {
   case ARRAY_NOT_ALLOWED:
     return next(new BadRequestError(`Parameter ${nameUsed} must only be specified once`));
@@ -365,12 +398,14 @@ const handleAndSetParameterRequest = function handleAndSetParameterRequest (req,
 // A single parameter has the following properties:
 // name: String
 // aliases: String[]
-// dataType: ['String', ['String'], 'StringWithEmpty', ['StringWithEmpty'], 'Number', ['Number'] 'object', ['object'], 'ISO8601', ['ISO8601'], 'as-is'] // default: String 'as-is' disables casting and lets restify cast the value
+// dataType: ['String', ['String'], 'StringWithEmpty', ['StringWithEmpty'], 'Number', ['Number'] 'object', ['object'], 'ISO8601', ['ISO8601'], 'as-is', 'Integer', ['Integer']] // default: String 'as-is' disables casting and lets restify cast the value
 // allowedValues: String[]
 // mapping: Object
 // required: Boolean // default: false
 // defaultValue: Anything
 // predef: load definition from elsewhere
+// min: minimal value for Numbers and Integers. Compared with >=
+// max: maximal value for Numbers and Integers. Compared with <
 const retrieveParameters = function retrieveParameters (parameters = []) {
   return function (req, res, next) {
     //for (let { name, aliases, dataType, allowedValues, mapping, required, defaultValue, predef } of parameters) {