feat(http): add validation checks to PUT requests (#15096)

feat(http): add validation checks to PUT requests
2019-09-12 13:42:37 -05:00 · 2019-09-12 13:42:37 -05:00 · 1d14ba1d1c
parent dffca8f4fe 280b78e45d
commit 1d14ba1d1c
2 changed files with 41 additions and 22 deletions
--- a/http/check_service.go
+++ b/http/check_service.go
@ -342,22 +342,6 @@ func decodePostCheckRequest(ctx context.Context, r *http.Request) (influxdb.Chec
 }

 func decodePutCheckRequest(ctx context.Context, r *http.Request) (influxdb.Check, error) {
-	buf := new(bytes.Buffer)
-	_, err := buf.ReadFrom(r.Body)
-	if err != nil {
-		return nil, &influxdb.Error{
-			Code: influxdb.EInvalid,
-			Err:  err,
-		}
-	}
-	defer r.Body.Close()
-	chk, err := check.UnmarshalJSON(buf.Bytes())
-	if err != nil {
-		return nil, &influxdb.Error{
-			Code: influxdb.EInvalid,
-			Err:  err,
-		}
-	}
 	params := httprouter.ParamsFromContext(ctx)
 	id := params.ByName("id")
 	if id == "" {
@ -366,11 +350,40 @@ func decodePutCheckRequest(ctx context.Context, r *http.Request) (influxdb.Check
 			Msg:  "url missing id",
 		}
 	}
+
 	i := new(influxdb.ID)
 	if err := i.DecodeFromString(id); err != nil {
-		return nil, err
+		return nil, &influxdb.Error{
+			Code: influxdb.EInvalid,
+			Msg:  "invalid check id format",
+		}
+	}
+
+	defer r.Body.Close()
+	buf := new(bytes.Buffer)
+	_, err := buf.ReadFrom(r.Body)
+	if err != nil {
+		return nil, &influxdb.Error{
+			Code: influxdb.EInvalid,
+			Msg:  "unable to read HTTP body",
+			Err:  err,
+		}
+	}
+
+	chk, err := check.UnmarshalJSON(buf.Bytes())
+	if err != nil {
+		return nil, &influxdb.Error{
+			Code: influxdb.EInvalid,
+			Msg:  "malformed check body",
+			Err:  err,
+		}
 	}
 	chk.SetID(*i)
+
+	if err := chk.Valid(); err != nil {
+		return nil, err
+	}
+
 	return chk, nil
 }

--- a/http/check_test.go
+++ b/http/check_test.go
@ -1077,9 +1077,11 @@ func TestService_handleUpdateCheck(t *testing.T) {
 				id: "020f755c3c082000",
 				chk: &check.Deadman{
 					Base: check.Base{
-						Name:   "example",
-						Status: influxdb.Active,
-						TaskID: 3,
+						Name:    "example",
+						Status:  influxdb.Active,
+						TaskID:  3,
+						OwnerID: 42,
+						OrgID:   influxTesting.MustIDBase16("020f755c3c082000"),
 					},
 					Level: notification.Critical,
 				},
@ -1099,6 +1101,7 @@ func TestService_handleUpdateCheck(t *testing.T) {
 		  "updatedAt": "0001-01-01T00:00:00Z",
 		  "id": "020f755c3c082000",
 		  "orgID": "020f755c3c082000",
+		  "ownerID": "000000000000002a",
 		  "level": "CRIT",
 		  "name": "example",
 		  "query": {
@ -1140,7 +1143,10 @@ func TestService_handleUpdateCheck(t *testing.T) {
 				id: "020f755c3c082000",
 				chk: &check.Deadman{
 					Base: check.Base{
-						Name: "example",
+						Name:    "example",
+						Status:  influxdb.Active,
+						OwnerID: 42,
+						OrgID:   influxTesting.MustIDBase16("020f755c3c082000"),
 					},
 				},
 			},
@ -1183,7 +1189,7 @@ func TestService_handleUpdateCheck(t *testing.T) {
 			body, _ := ioutil.ReadAll(res.Body)

 			if res.StatusCode != tt.wants.statusCode {
-				t.Errorf("%q. handlePutCheck() = %v, want %v %v", tt.name, res.StatusCode, tt.wants.statusCode, w.Header())
+				t.Errorf("%q. handlePutCheck() = %v, want %v %v %v", tt.name, res.StatusCode, tt.wants.statusCode, w.Header(), string(body))
 			}
 			if tt.wants.contentType != "" && content != tt.wants.contentType {
 				t.Errorf("%q. handlePutCheck() = %v, want %v", tt.name, content, tt.wants.contentType)