chore: added input validation to search query (#3921)

packages/hoppscotch-backend/src/errors.ts

@@ -750,3 +750,8 @@ export const DATABASE_TABLE_NOT_EXIST =
  * (InfraConfigService)
  */
 export const POSTHOG_CLIENT_NOT_INITIALIZED = 'posthog/client_not_initialized';
+
+/**
+ * Inputs supplied are invalid
+ */
+export const INVALID_PARAMS = 'invalid_parameters' as const;

packages/hoppscotch-backend/src/team-collection/team-collection.controller.ts

@@ -1,4 +1,11 @@
-import { Controller, Get, Param, Query, UseGuards } from '@nestjs/common';
+import {
+  Controller,
+  Get,
+  HttpStatus,
+  Param,
+  Query,
+  UseGuards,
+} from '@nestjs/common';
 import { TeamCollectionService } from './team-collection.service';
 import * as E from 'fp-ts/Either';
 import { ThrottlerBehindProxyGuard } from 'src/guards/throttler-behind-proxy.guard';
@@ -7,6 +14,8 @@ import { RequiresTeamRole } from 'src/team/decorators/requires-team-role.decorat
 import { TeamMemberRole } from '@prisma/client';
 import { RESTTeamMemberGuard } from 'src/team/guards/rest-team-member.guard';
 import { throwHTTPErr } from 'src/utils';
+import { RESTError } from 'src/types/RESTError';
+import { INVALID_PARAMS } from 'src/errors';
 
 @UseGuards(ThrottlerBehindProxyGuard)
 @Controller({ path: 'team-collection', version: '1' })
@@ -26,8 +35,15 @@ export class TeamCollectionController {
     @Query('take') take: string,
     @Query('skip') skip: string,
   ) {
+    if (!teamID || !searchQuery) {
+      return <RESTError>{
+        message: INVALID_PARAMS,
+        statusCode: HttpStatus.BAD_REQUEST,
+      };
+    }
+
     const res = await this.teamCollectionService.searchByTitle(
-      searchQuery,
+      searchQuery.trim(),
       teamID,
       parseInt(take),
       parseInt(skip),