From ec6d7af3b1f138f6d956143cb2355cd5c622730a Mon Sep 17 00:00:00 2001 From: Frank Elsinga Date: Wed, 14 Aug 2024 21:55:55 +0200 Subject: [PATCH] made sure that the bbox argument follows the reverse-engineered schema --- server/src/maps/indoor.rs | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/server/src/maps/indoor.rs b/server/src/maps/indoor.rs index 75c6b3a0a..a580d0535 100644 --- a/server/src/maps/indoor.rs +++ b/server/src/maps/indoor.rs @@ -32,12 +32,6 @@ pub async fn fetch_indoor_map(pool: &PgPool, id: i64) -> anyhow::Result, @@ -62,12 +56,37 @@ struct RemoteMap { url: Url, } +#[derive(Deserialize)] +struct Arguments { + bbox: String, +} +impl Arguments{ + fn validate_bbox(&self) -> Result, HttpResponse> { + let bbox: Vec = self + .bbox + .split(",") + .filter_map(|s| s.parse().ok()) + .collect(); + if bbox.len() != 4 { + return Err(HttpResponse::BadRequest().body("the bbox-parameter needs 4 floading point numbers with")); + } + Ok(geo::Rect::new( + geo::Coord::from((bbox[0], bbox[1])), + geo::Coord::from((bbox[2], bbox[3])), + )) + } +} + #[get("/api/maps/indoor")] pub async fn list_indoor_maps( web::Query(args): web::Query, data: web::Data, ) -> HttpResponse { - let maps = fetch_indoor_maps_inside_of(&data.pool, args.bbox.into()).await; + let bbox = match args.validate_bbox() { + Ok(bbox) => bbox, + Err(e) => return e, + }; + let maps = fetch_indoor_maps_inside_of(&data.pool, bbox.into()).await; let maps = match maps { Ok(m) => m, Err(e) => {