validate more inputs

src/main/java/com/commafeed/frontend/model/request/AddCategoryRequest.java

@@ -2,6 +2,9 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,9 +15,12 @@
 public class AddCategoryRequest implements Serializable {
 
 	@ApiModelProperty(value = "name", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String name;
 
 	@ApiModelProperty(value = "parent category id, if any")
+	@Size(max = 128)
 	private String parentId;
 
 }

src/main/java/com/commafeed/frontend/model/request/CategoryModificationRequest.java

@@ -2,6 +2,9 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,12 +15,15 @@
 public class CategoryModificationRequest implements Serializable {
 
 	@ApiModelProperty(value = "id", required = true)
+	@NotEmpty
 	private Long id;
 
 	@ApiModelProperty(value = "new name, null if not changed")
+	@Size(max = 128)
 	private String name;
 
 	@ApiModelProperty(value = "new parent category id")
+	@Size(max = 128)
 	private String parentId;
 
 	@ApiModelProperty(value = "new display position, null if not changed")

src/main/java/com/commafeed/frontend/model/request/FeedInfoRequest.java

@@ -2,6 +2,9 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,6 +15,8 @@
 public class FeedInfoRequest implements Serializable {
 
 	@ApiModelProperty(value = "feed url", required = true)
+	@NotEmpty
+	@Size(max = 4096)
 	private String url;
 
 }

src/main/java/com/commafeed/frontend/model/request/FeedModificationRequest.java

@@ -2,6 +2,8 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -15,15 +17,18 @@ public class FeedModificationRequest implements Serializable {
 	private Long id;
 
 	@ApiModelProperty(value = "new name, null if not changed")
+	@Size(max = 128)
 	private String name;
 
 	@ApiModelProperty(value = "new parent category id")
+	@Size(max = 128)
 	private String categoryId;
 
 	@ApiModelProperty(value = "new display position, null if not changed")
 	private Integer position;
 
 	@ApiModelProperty(value = "JEXL string evaluated on new entries to mark them as read if they do not match")
+	@Size(max = 4096)
 	private String filter;
 
 }

src/main/java/com/commafeed/frontend/model/request/LoginRequest.java

@@ -2,6 +2,9 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,8 +15,11 @@
 public class LoginRequest implements Serializable {
 
 	@ApiModelProperty(value = "username", required = true)
+	@Size(min = 3, max = 32)
 	private String name;
 
 	@ApiModelProperty(value = "password", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String password;
 }

src/main/java/com/commafeed/frontend/model/request/MarkRequest.java

@@ -3,6 +3,9 @@
 import java.io.Serializable;
 import java.util.List;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -13,6 +16,8 @@
 public class MarkRequest implements Serializable {
 
 	@ApiModelProperty(value = "entry id, category id, 'all' or 'starred'", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String id;
 
 	@ApiModelProperty(value = "mark as read or unread", required = true)
@@ -24,6 +29,7 @@ public class MarkRequest implements Serializable {
 	private Long olderThan;
 
 	@ApiModelProperty(value = "only mark read if a feed has these keywords in the title or rss content", required = false)
+	@Size(max = 128)
 	private String keywords;
 
 	@ApiModelProperty(value = "if marking a category or 'all', exclude those subscriptions from the marking", required = false)

src/main/java/com/commafeed/frontend/model/request/MultipleMarkRequest.java

@@ -3,6 +3,8 @@
 import java.io.Serializable;
 import java.util.List;
 
+import javax.validation.Valid;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -13,6 +15,6 @@
 public class MultipleMarkRequest implements Serializable {
 
 	@ApiModelProperty(value = "list of mark requests", required = true)
-	private List<MarkRequest> requests;
+	private List<@Valid MarkRequest> requests;
 
 }

src/main/java/com/commafeed/frontend/model/request/PasswordResetRequest.java

@@ -4,6 +4,7 @@
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
@@ -17,5 +18,6 @@ public class PasswordResetRequest implements Serializable {
 	@ApiModelProperty(value = "email address for password recovery", required = true)
 	@Email
 	@NotEmpty
+	@Size(max = 255)
 	private String email;
 }

src/main/java/com/commafeed/frontend/model/request/ProfileModificationRequest.java

@@ -2,6 +2,9 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import com.commafeed.frontend.auth.ValidPassword;
 
 import io.swagger.annotations.ApiModel;
@@ -13,9 +16,12 @@
 @Data
 public class ProfileModificationRequest implements Serializable {
 	@ApiModelProperty(value = "current user password, required to change profile data", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String currentPassword;
 
 	@ApiModelProperty(value = "changes email of the user, if specified")
+	@Size(max = 255)
 	private String email;
 
 	@ApiModelProperty(value = "changes password of the user, if specified")

src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java

@@ -4,8 +4,7 @@
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
-
-import org.hibernate.validator.constraints.Length;
+import javax.validation.constraints.Size;
 
 import com.commafeed.frontend.auth.ValidPassword;
 
@@ -19,18 +18,19 @@
 public class RegistrationRequest implements Serializable {
 
 	@ApiModelProperty(value = "username, between 3 and 32 characters", required = true)
-	@Length(min = 3, max = 32)
 	@NotEmpty
+	@Size(min = 3, max = 32)
 	private String name;
 
 	@ApiModelProperty(value = "password, minimum 6 characters", required = true)
-	@ValidPassword
 	@NotEmpty
+	@ValidPassword
 	private String password;
 
 	@ApiModelProperty(value = "email address for password recovery", required = true)
 	@Email
 	@NotEmpty
+	@Size(max = 255)
 	private String email;
 
 }

src/main/java/com/commafeed/frontend/model/request/StarRequest.java

@@ -2,6 +2,9 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,6 +15,8 @@
 public class StarRequest implements Serializable {
 
 	@ApiModelProperty(value = "id", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String id;
 
 	@ApiModelProperty(value = "feed id", required = true)

src/main/java/com/commafeed/frontend/model/request/SubscribeRequest.java

@@ -2,6 +2,9 @@
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,12 +15,17 @@
 public class SubscribeRequest implements Serializable {
 
 	@ApiModelProperty(value = "url of the feed", required = true)
+	@NotEmpty
+	@Size(max = 4096)
 	private String url;
 
 	@ApiModelProperty(value = "name of the feed for the user", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String title;
 
 	@ApiModelProperty(value = "id of the user category to place the feed in")
+	@Size(max = 128)
 	private String categoryId;
 
 }

src/main/java/com/commafeed/frontend/resource/CategoryREST.java

@@ -14,6 +14,7 @@
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
@@ -244,7 +245,7 @@ public Response getCategoryEntriesAsFeed(@ApiParam(hidden = true) @SecurityCheck
 	@ApiOperation(value = "Mark category entries", notes = "Mark feed entries of this category as read")
 	@Timed
 	public Response markCategoryEntries(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "category id, or 'all'", required = true) MarkRequest req) {
+			@Valid @ApiParam(value = "category id, or 'all'", required = true) MarkRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 
@@ -285,7 +286,8 @@ private void removeExcludedSubscriptions(List<FeedSubscription> subs, List<Long>
 	@UnitOfWork
 	@ApiOperation(value = "Add a category", notes = "Add a new feed category", response = Long.class)
 	@Timed
-	public Response addCategory(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) AddCategoryRequest req) {
+	public Response addCategory(@ApiParam(hidden = true) @SecurityCheck User user,
+			@Valid @ApiParam(required = true) AddCategoryRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getName());
 
@@ -343,7 +345,7 @@ public Response deleteCategory(@ApiParam(hidden = true) @SecurityCheck User user
 	@ApiOperation(value = "Rename a category", notes = "Rename an existing feed category")
 	@Timed
 	public Response modifyCategory(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(required = true) CategoryModificationRequest req) {
+			@Valid @ApiParam(required = true) CategoryModificationRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 

src/main/java/com/commafeed/frontend/resource/EntryREST.java

@@ -4,6 +4,7 @@
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -48,7 +49,7 @@ public class EntryREST {
 	@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
 	@Timed
 	public Response markEntry(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Mark Request", required = true) MarkRequest req) {
+			@Valid @ApiParam(value = "Mark Request", required = true) MarkRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 
@@ -62,7 +63,7 @@ public Response markEntry(@ApiParam(hidden = true) @SecurityCheck User user,
 	@ApiOperation(value = "Mark multiple feed entries", notes = "Mark feed entries as read/unread")
 	@Timed
 	public Response markEntries(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Multiple Mark Request", required = true) MultipleMarkRequest req) {
+			@Valid @ApiParam(value = "Multiple Mark Request", required = true) MultipleMarkRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getRequests());
 
@@ -79,7 +80,7 @@ public Response markEntries(@ApiParam(hidden = true) @SecurityCheck User user,
 	@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
 	@Timed
 	public Response starEntry(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Star Request", required = true) StarRequest req) {
+			@Valid @ApiParam(value = "Star Request", required = true) StarRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 		Preconditions.checkNotNull(req.getFeedId());
@@ -105,7 +106,7 @@ public Response getTags(@ApiParam(hidden = true) @SecurityCheck User user) {
 	@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
 	@Timed
 	public Response tagEntry(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Tag Request", required = true) TagRequest req) {
+			@Valid @ApiParam(value = "Tag Request", required = true) TagRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getEntryId());