From fe2bc038a9b91b04c49d6e718c5e510b7eafd573 Mon Sep 17 00:00:00 2001 From: ITQ Date: Fri, 24 Jan 2025 18:09:37 +0300 Subject: [PATCH] fix: added strict validation to all ingress ints --- solution/api/v1/business/schemas.py | 14 ++++++-------- solution/api/v1/business/views.py | 12 ++++++------ solution/api/v1/user/schemas.py | 5 +++-- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/solution/api/v1/business/schemas.py b/solution/api/v1/business/schemas.py index 02f0c4c..0730c9d 100644 --- a/solution/api/v1/business/schemas.py +++ b/solution/api/v1/business/schemas.py @@ -3,7 +3,7 @@ import uuid from typing import ClassVar, Literal from ninja import ModelSchema, Schema -from pydantic import Field +from pydantic import Field, StrictInt from pydantic_extra_types.country import CountryAlpha2 from apps.business.models import Business @@ -40,26 +40,24 @@ class BusinessSignInOut(Schema): class PromocodeTarget(ModelSchema): categories: list[str] | None = None - country: str | None = None + age_from: StrictInt | None = None + age_until: StrictInt | None = None class Meta: model = PromocodeTarget - fields: ClassVar[list[str]] = [ - PromocodeTarget.age_from.field.name, - PromocodeTarget.age_until.field.name, - ] + fields: ClassVar[list[str]] = [PromocodeTarget.country.field.name] class CreatePromocodeIn(ModelSchema): target: PromocodeTarget promo_unique: list[str] | None = None + max_count: StrictInt class Meta: model = Promocode fields: ClassVar[list[str]] = [ Promocode.description.field.name, Promocode.image_url.field.name, - Promocode.max_count.field.name, Promocode.active_from.field.name, Promocode.active_until.field.name, Promocode.mode.field.name, @@ -109,7 +107,7 @@ class PatchPromocodeIn(Schema): description: str | None = None image_url: str | None = None target: PromocodeTarget | None = None - max_count: int | None = None + max_count: StrictInt | None = None active_from: datetime.date | None = None active_until: datetime.date | None = None diff --git a/solution/api/v1/business/views.py b/solution/api/v1/business/views.py index 601110a..8133986 100644 --- a/solution/api/v1/business/views.py +++ b/solution/api/v1/business/views.py @@ -176,7 +176,7 @@ def list_promocode( promocodes = promocodes[filters.offset : filters.offset + filters.limit] - return [ + return status.OK, [ utils.map_promocode_to_schema(promocode) for promocode in promocodes ] @@ -192,7 +192,7 @@ def list_promocode( ) def get_promocode( request: HttpRequest, promocode_id: str -) -> schemas.PromocodeViewOut: +) -> tuple[int, schemas.PromocodeViewOut]: business = request.auth promocodes = Promocode.objects.filter(id=promocode_id) @@ -218,7 +218,7 @@ def get_promocode( promocode = promocodes.first() - return utils.map_promocode_to_schema(promocode) + return status.OK, utils.map_promocode_to_schema(promocode) @router.patch( @@ -234,7 +234,7 @@ def patch_promocode( request: HttpRequest, promocode_id: str, patched_fields: schemas.PatchPromocodeIn, -) -> schemas.PromocodeViewOut: +) -> tuple[status.OK, schemas.PromocodeViewOut]: business = request.auth promocodes = Promocode.objects.filter(id=promocode_id) @@ -275,7 +275,7 @@ def patch_promocode( promocode.save() - return utils.map_promocode_to_schema(promocode) + return status.OK, utils.map_promocode_to_schema(promocode) @router.get( @@ -289,7 +289,7 @@ def patch_promocode( ) def promocode_stat( request: HttpRequest, promocode_id: str -) -> schemas.PromocodeStats: +) -> tuple[int, schemas.PromocodeStats]: business = request.auth promocodes = Promocode.objects.filter(id=promocode_id) diff --git a/solution/api/v1/user/schemas.py b/solution/api/v1/user/schemas.py index 9ebdfb3..6bdabd1 100644 --- a/solution/api/v1/user/schemas.py +++ b/solution/api/v1/user/schemas.py @@ -2,16 +2,17 @@ import uuid from typing import ClassVar from ninja import ModelSchema, Schema -from pydantic import Field +from pydantic import Field, StrictInt from apps.user.models import User class UserTarget(ModelSchema): + age: StrictInt + class Meta: model = User fields: ClassVar[list[str]] = [ - User.age.field.name, User.country.field.name, ]