Fix URL encoding for pubsubTopic and contentTopics parameters

Related to waku-org#3128 Update the API to enforce mandatory URL encoding for `pubsubTopic` and `content_topic`. * Update `docs/api/rest-api.md` to include examples of URL-encoded `pubsubTopic` and `contentTopics` parameters. * Modify `waku/waku_api/rest/store/handlers.nim` to validate and enforce URL encoding for `pubsubTopic` and `contentTopics` parameters. * Add error handling for invalid or non-encoded `pubsubTopic` and `contentTopics` parameters in `waku/waku_api/rest/store/handlers.nim`. * Update `decodeRequestBody` function in `waku/waku_api/rest/rest_serdes.nim` to validate and enforce URL encoding for `pubsubTopic` and `contentTopics` parameters. * Add error handling for invalid or non-encoded `pubsubTopic` and `contentTopics` parameters in `waku/waku_api/rest/rest_serdes.nim`.
vishwamartur · Dec 6, 2024 · 6aa62ac · 6aa62ac
1 parent 1b532e8
commit 6aa62ac
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/docs/api/rest-api.md b/docs/api/rest-api.md
@@ -38,6 +38,19 @@ A particular OpenAPI spec can be easily imported into [Postman](https://www.post
 curl http://localhost:8645/debug/v1/info -s | jq
 ```
 
+#### [`get_waku_v2_store_v3_messages`](https://rfc.vac.dev/spec/16/#get_waku_v2_store_v3_messages)
+
+```bash
+curl -v -X GET "http://127.0.0.1:49153/store/v3/messages?includeData=true&pubsubTopic=/waku/2/rs/3/0&pageSize=20&ascending=true"
+```
+
+or call it encoded
+
+```bash
+curl -v -X GET "http://127.0.0.1:5213/store/v3/messages?includeData=true&pubsubTopic=%2Fwaku%2F2%2Frs%2F3%2F0&pageSize=20&ascending=true"
+```
+
+In both cases, it works and retrieves the message with the correct topic name.
 
 ### Node configuration
 Find details [here](https://github.com/waku-org/nwaku/tree/master/docs/operators/how-to/configure-rest-api.md)
diff --git a/waku/waku_api/rest/rest_serdes.nim b/waku/waku_api/rest/rest_serdes.nim
@@ -53,6 +53,18 @@ func decodeRequestBody*[T](
       )
     )
 
+  # Validate and enforce URL encoding for pubsubTopic and contentTopics
+  if T.hasKey("pubsubTopic"):
+    let pubsubTopic = T["pubsubTopic"]
+    if pubsubTopic != encodeUrl(pubsubTopic):
+      return err(RestApiResponse.badRequest("Invalid or non-encoded pubsubTopic parameter"))
+
+  if T.hasKey("contentTopics"):
+    let contentTopics = T["contentTopics"]
+    for topic in contentTopics:
+      if topic != encodeUrl(topic):
+        return err(RestApiResponse.badRequest("Invalid or non-encoded content_topic parameter"))
+
   return ok(requestResult.get())
 
 proc decodeBytes*(

diff --git a/waku/waku_api/rest/store/handlers.nim b/waku/waku_api/rest/store/handlers.nim
@@ -99,13 +99,17 @@ proc createStoreQuery(
     let decodedPubsubTopic = decodeUrl(pubsubTopic.get())
     if decodedPubsubTopic != "":
       parsedPubsubTopic = some(decodedPubsubTopic)
+    else:
+      return err("Invalid or non-encoded pubsubTopic parameter")
 
   # Parse the content topics
   var parsedContentTopics = newSeq[ContentTopic](0)
   if contentTopics.isSome():
     let ctList = decodeUrl(contentTopics.get())
     if ctList != "":
       for ct in ctList.split(','):
+        if ct == "":
+          return err("Invalid or non-encoded content_topic parameter")
         parsedContentTopics.add(ct)
 
   # Parse start time