trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

fix: add parseInt(value, 10) with isNaN() guards to all integer query param parsing

Browse source 
- Add radix 10 to all parseInt() calls parsing integer query/path parameters
- Add isNaN() guards returning HTTP 400 with descriptive error messages
- Updated routes: annotations, candles, export, export/spans, annotation-types/[id], span-annotations, span-annotations/[id], span-label-types/[id]
- Ensures strict integer parsing and prevents invalid parameter values from reaching database queries
This commit is contained in:
Marko Djordjevic 2026-02-18 11:19:26 +01:00
parent 1678da2d9d
commit 15adf09b73
9 changed files with 124 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/app/api/candles/route.ts
View file

@ -17,6 +17,14 @@ export async function GET(request: NextRequest) {
chartId = String(latest[0].id);
}
const chartIdNum = parseInt(chartId, 10);
if (isNaN(chartIdNum)) {
return NextResponse.json(
{ error: 'Invalid parameter: chartId must be an integer' },
{ status: 400 }
);
}
const allCandles = await db
.select({
time: candles.time,
@ -26,7 +34,7 @@ export async function GET(request: NextRequest) {
close: candles.close,
})
.from(candles)
.where(eq(candles.chart_id, parseInt(chartId, 10)))
.where(eq(candles.chart_id, chartIdNum))
.orderBy(asc(candles.time));
const normalized = allCandles.map((c) => ({