Merge pull request #411 from TeamPiped/parameter-validation

Add better validation for some parameters.

src/main/java/me/kavin/piped/server/handlers/auth/AuthPlaylistHandlers.java

@@ -120,7 +120,7 @@ public class AuthPlaylistHandlers {
 
     public static byte[] createPlaylist(String session, String name) throws IOException {
 
-        if (StringUtils.isBlank(name))
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(name))
             return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         User user = DatabaseHelper.getUserFromSession(session);
@@ -144,7 +144,7 @@ public class AuthPlaylistHandlers {
 
     public static byte[] renamePlaylistResponse(String session, String playlistId, String newName) throws IOException {
 
-        if (StringUtils.isBlank(playlistId))
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId))
             return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         User user = DatabaseHelper.getUserFromSession(session);
@@ -176,7 +176,7 @@ public class AuthPlaylistHandlers {
 
     public static byte[] deletePlaylistResponse(String session, String playlistId) throws IOException {
 
-        if (StringUtils.isBlank(playlistId))
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId))
             return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         User user = DatabaseHelper.getUserFromSession(session);
@@ -206,7 +206,7 @@ public class AuthPlaylistHandlers {
 
     public static byte[] addToPlaylistResponse(String session, String playlistId, String videoId) throws IOException, ExtractionException {
 
-        if (StringUtils.isBlank(playlistId) || StringUtils.isBlank(videoId))
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId) || StringUtils.isBlank(videoId))
             return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         var user = DatabaseHelper.getUserFromSession(session);
@@ -267,7 +267,7 @@ public class AuthPlaylistHandlers {
 
     public static byte[] removeFromPlaylistResponse(String session, String playlistId, int index) throws IOException {
 
-        if (StringUtils.isBlank(playlistId))
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId))
             return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         try (Session s = DatabaseSessionFactory.createSession()) {
@@ -303,7 +303,7 @@ public class AuthPlaylistHandlers {
 
     public static byte[] importPlaylistResponse(String session, String playlistId) throws IOException, ExtractionException {
 
-        if (StringUtils.isBlank(playlistId))
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId))
             return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         var user = DatabaseHelper.getUserFromSession(session);
@@ -379,6 +379,9 @@ public class AuthPlaylistHandlers {
 
     public static byte[] playlistsResponse(String session) throws IOException {
 
+        if (StringUtils.isBlank(session))
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
+
         try (Session s = DatabaseSessionFactory.createSession()) {
 
             User user = DatabaseHelper.getUserFromSession(session, s);

src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java

@@ -19,6 +19,7 @@ import me.kavin.piped.utils.obj.db.User;
 import me.kavin.piped.utils.obj.db.Video;
 import me.kavin.piped.utils.resp.AcceptedResponse;
 import me.kavin.piped.utils.resp.AuthenticationFailureResponse;
+import me.kavin.piped.utils.resp.InvalidRequestResponse;
 import me.kavin.piped.utils.resp.SubscribeStatusResponse;
 import org.apache.commons.lang3.StringUtils;
 import org.hibernate.Session;
@@ -37,6 +38,9 @@ public class FeedHandlers {
     public static byte[] subscribeResponse(String session, String channelId)
             throws IOException {
 
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId))
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
+
         try (Session s = DatabaseSessionFactory.createSession()) {
 
             User user = DatabaseHelper.getUserFromSessionWithSubscribed(session);
@@ -68,6 +72,10 @@ public class FeedHandlers {
     }
 
     public static byte[] isSubscribedResponse(String session, String channelId) throws IOException {
+
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId))
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
+
         try (StatelessSession s = DatabaseSessionFactory.createStatelessSession()) {
             var cb = s.getCriteriaBuilder();
             var query = cb.createQuery(Long.class);
@@ -86,7 +94,7 @@ public class FeedHandlers {
     public static byte[] feedResponse(String session) throws IOException {
 
         if (StringUtils.isBlank(session))
-            return mapper.writeValueAsBytes(new AuthenticationFailureResponse());
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         User user = DatabaseHelper.getUserFromSession(session);
 
@@ -131,7 +139,7 @@ public class FeedHandlers {
     public static byte[] feedResponseRSS(String session) throws IOException, FeedException {
 
         if (StringUtils.isBlank(session))
-            return mapper.writeValueAsBytes(new AuthenticationFailureResponse());
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         User user = DatabaseHelper.getUserFromSession(session);
 
@@ -369,6 +377,8 @@ public class FeedHandlers {
 
     public static byte[] importResponse(String session, String[] channelIds, boolean override) throws IOException {
 
+        if (StringUtils.isBlank(session))
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         User user = DatabaseHelper.getUserFromSessionWithSubscribed(session);
 
@@ -418,6 +428,9 @@ public class FeedHandlers {
     public static byte[] subscriptionsResponse(String session)
             throws IOException {
 
+        if (StringUtils.isBlank(session))
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
+
         User user = DatabaseHelper.getUserFromSession(session);
 
         if (user != null) {
@@ -484,6 +497,9 @@ public class FeedHandlers {
     public static byte[] unsubscribeResponse(String session, String channelId)
             throws IOException {
 
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId))
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
+
         User user = DatabaseHelper.getUserFromSession(session);
 
         if (user != null) {

src/main/java/me/kavin/piped/server/handlers/auth/UserHandlers.java

@@ -112,7 +112,7 @@ public class UserHandlers {
 
     public static byte[] deleteUserResponse(String session, String pass) throws IOException {
 
-        if (StringUtils.isBlank(pass))
+        if (StringUtils.isBlank(session) || StringUtils.isBlank(pass))
             return mapper.writeValueAsBytes(new InvalidRequestResponse());
 
         try (Session s = DatabaseSessionFactory.createSession()) {
@@ -140,6 +140,9 @@ public class UserHandlers {
 
     public static byte[] logoutResponse(String session) throws JsonProcessingException {
 
+        if (StringUtils.isBlank(session))
+            return mapper.writeValueAsBytes(new InvalidRequestResponse());
+
         try (StatelessSession s = DatabaseSessionFactory.createStatelessSession()) {
             var tr = s.beginTransaction();
             if (s.createMutationQuery("UPDATE User user SET user.sessionId = :newSessionId where user.sessionId = :sessionId")