fix: use endpoint-specific ordering validation (#1699)

aeternity · Mar 14, 2024 · 3a214d9 · 3a214d9
1 parent 797b1ef
commit 3a214d9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 13 deletions.
diff --git a/lib/ae_mdw/aexn_tokens.ex b/lib/ae_mdw/aexn_tokens.ex
@@ -55,7 +55,7 @@ defmodule AeMdw.AexnTokens do
     with {:ok, cursor} <- deserialize_aexn_cursor(cursor),
          {:ok, params} <- validate_params(query),
          {:ok, filters} <- Util.convert_params(params, &convert_param/1) do
-      sorting_table = Map.get(@sorting_table, order_by)
+      sorting_table = Map.fetch!(@sorting_table, order_by)
 
       paginated_aexn_contracts =
         filters

diff --git a/lib/ae_mdw_web/controllers/aexn_token_controller.ex b/lib/ae_mdw_web/controllers/aexn_token_controller.ex
@@ -22,7 +22,11 @@ defmodule AeMdwWeb.AexnTokenController do
 
   @endpoint_timeout Application.compile_env(:ae_mdw, :endpoint_timeout)
 
-  plug PaginatedPlug, order_by: ~w(name symbol creation pubkey amount)a
+  plug PaginatedPlug,
+       [order_by: ~w(name symbol creation)a] when action in ~w(aex9_contracts aex141_contracts)a
+
+  plug PaginatedPlug, [order_by: ~w(pubkey amount)a] when action in ~w(aex9_event_balances)a
+  plug PaginatedPlug when action in ~w(aex9_account_balances aex9_token_balance_history)a
 
   action_fallback(FallbackController)
 
@@ -73,7 +77,6 @@ defmodule AeMdwWeb.AexnTokenController do
     } = assigns
 
     with {:ok, contract_pk} <- validate_aex9(contract_id),
-         {:ok, order_by} <- validate_balances_order_by(order_by),
          {:ok, {prev_cursor, balance_keys, next_cursor}} <-
            Aex9.fetch_event_balances(state, contract_pk, pagination, cursor, order_by) do
       balances = Enum.map(balance_keys, &render_event_balance(state, &1))
@@ -168,16 +171,6 @@ defmodule AeMdwWeb.AexnTokenController do
     end
   end
 
-  defp validate_balances_order_by(:name), do: {:ok, :pubkey}
-
-  defp validate_balances_order_by(order_by) when order_by in [:amount, :pubkey] do
-    {:ok, order_by}
-  end
-
-  defp validate_balances_order_by(order_by) do
-    {:error, ErrInput.Query.exception(value: order_by)}
-  end
-
   defp validate_block_hash(nil), do: {:ok, nil}
 
   defp validate_block_hash(block_id) do

diff --git a/test/ae_mdw_web/controllers/aexn_token_controller_test.exs b/test/ae_mdw_web/controllers/aexn_token_controller_test.exs
@@ -420,6 +420,13 @@ defmodule AeMdwWeb.AexnTokenControllerTest do
       assert %{"error" => ^error_msg} =
                conn |> get("/v2/aex9", cursor: cursor) |> json_response(400)
     end
+
+    test "when invalid order by", %{conn: conn} do
+      assert %{"error" => "invalid query: by=pubkey"} =
+               conn
+               |> get("/v2/aex9", by: "pubkey")
+               |> json_response(400)
+    end
   end
 
   describe "aex141_count" do
@@ -865,6 +872,15 @@ defmodule AeMdwWeb.AexnTokenControllerTest do
 
       assert %{"data" => ^balances} = conn |> get(prev_balances) |> json_response(200)
     end
+
+    test "when invalid order by", %{conn: conn, contract_pk: contract_pk} do
+      contract_id = encode_contract(contract_pk)
+
+      assert %{"error" => "invalid query: by=foo"} =
+               conn
+               |> get("/v2/aex9/#{contract_id}/balances", by: "foo")
+               |> json_response(400)
+    end
   end
 
   describe "aex9_token_balance" do