Merge pull request #1560 from zhulongcheng/before-validation

fix(http/task): add validation for beforeTime/afterTime params

http/task_service.go

@@ -560,14 +560,26 @@ func decodeGetRunsRequest(ctx context.Context, r *http.Request, orgs platform.Or
 		req.filter.Limit = i
 	}
 
-	if time := qp.Get("afterTime"); time != "" {
+	var at, bt string
-		// TODO (jm): verify valid RFC3339
+	var afterTime, beforeTime time.Time
-		req.filter.AfterTime = time
+	if at = qp.Get("afterTime"); at != "" {
+		afterTime, err = time.Parse(time.RFC3339, at)
+		if err != nil {
+			return nil, err
+		}
+		req.filter.AfterTime = at
 	}
 
-	if time := qp.Get("beforeTime"); time != "" {
+	if bt = qp.Get("beforeTime"); bt != "" {
-		// TODO (jm): verify valid RFC3339
+		beforeTime, err = time.Parse(time.RFC3339, bt)
-		req.filter.BeforeTime = time
+		if err != nil {
+			return nil, err
+		}
+		req.filter.BeforeTime = bt
+	}
+
+	if at != "" && bt != "" && !beforeTime.After(afterTime) {
+		return nil, kerrors.InvalidDataf("beforeTime must be later than afterTime")
 	}
 
 	return req, nil