feat: reject submits that are not object

TeamVastsea · Jan 27, 2025 · 3ff5122 · 3ff5122
1 parent 86f7d02
commit 3ff5122
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/src/controller/error.rs b/src/controller/error.rs
@@ -3,9 +3,9 @@ use axum::response::{IntoResponse, Response};
 
 #[derive(Debug)]
 pub enum ErrorMessage {
-    // InvalidParams(String),
+    InvalidParams(String),
     InvalidToken,
-    TokenNotActivated,
+    // TokenNotActivated,
     PermissionDenied,
     TooManySubmit,
     NotFound,
@@ -20,17 +20,17 @@ impl IntoResponse for ErrorMessage {
         let builder = Response::builder();
 
         match self {
-            // ErrorMessage::InvalidParams(name) => {
-            //     builder.status(StatusCode::BAD_REQUEST).body(format!("Invalid params: {}.", name).into()).unwrap()
-            // }
+            ErrorMessage::InvalidParams(name) => {
+                builder.status(StatusCode::BAD_REQUEST).body(format!("Invalid params: {}.", name).into()).unwrap()
+            }
 
             ErrorMessage::InvalidToken => {
                 builder.status(StatusCode::UNAUTHORIZED).body("Invalid token.".into()).unwrap()
             }
 
-            ErrorMessage::TokenNotActivated => {
-                builder.status(StatusCode::UNAUTHORIZED).body("Token not activated.".into()).unwrap()
-            }
+            // ErrorMessage::TokenNotActivated => {
+            //     builder.status(StatusCode::UNAUTHORIZED).body("Token not activated.".into()).unwrap()
+            // }
 
             ErrorMessage::PermissionDenied => {
                 builder.status(StatusCode::FORBIDDEN).body("Permission denied.".into()).unwrap()

diff --git a/src/controller/score/submit.rs b/src/controller/score/submit.rs
@@ -17,6 +17,10 @@ pub async fn submit(TokenInfo(user): TokenInfo, Json(request): Json<SubmitBody>)
     struct SurveyAllowReSubmit {
         allow_re_submit: bool,
     }
+
+    if !request.content.is_object() { 
+        return Err(ErrorMessage::InvalidParams("content".to_string()));
+    }
 
     let score = match request.id {
         None => {

diff --git a/src/controller/survey/query.rs b/src/controller/survey/query.rs
@@ -14,7 +14,7 @@ pub async fn query_surveys(Query(query): Query<QueryParams>, TokenInfo(user): To
     debug!("User {} (admin: {admin}) is trying to get surveys", user.uid);
 
     let size = query.size.unwrap_or(10);
-    let page = query.page.unwrap_or(1);
+    let page = query.page.unwrap_or(0);
 
     let current_time = chrono::Local::now().naive_local();