From 2d20aa8fb15d0c48f405c4acaa9f43e7680d99d8 Mon Sep 17 00:00:00 2001
From: fu351 <122320084+fu351@users.noreply.github.com>
Date: Fri, 15 Dec 2023 08:54:43 -0500
Subject: [PATCH] Invalid ID check

---
 search.js                      |  2 +-
 upload_update_download_rate.js | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/search.js b/search.js
index 041cec11..d2a9322e 100644
--- a/search.js
+++ b/search.js
@@ -19,7 +19,7 @@ router.get('/package/:id', (req, res) => {
     //console.log(process.env.AWS_ACCESS_Key_ID, process.env.AWS_SECRET_ACCESS_Key)
     const packageID = req.params.id;
     const xauth = req.headers['x-authorization'];
-    if (!packageID) {
+    if (!packageID || typeof packageID !== 'string') {
         return res.status(400).json({ error: 'Missing package ID' });
     }
     if (xauth != "0") {
diff --git a/upload_update_download_rate.js b/upload_update_download_rate.js
index 9afc9463..3eee7c0a 100644
--- a/upload_update_download_rate.js
+++ b/upload_update_download_rate.js
@@ -313,6 +313,9 @@ router.get('/download/:id', async (req, res) => { //download package from bucket
   if (xauth != "0" || !xauth) { //need all fields to be present
     return res.status(400).json({error: 'There are missing fields in the Request Body'});
   }
+  if (!ID || typeof ID != 'string') {
+    return res.status(400).json({ error: 'Missing PackageID' });
+  }
   const params = {
     Bucket: '461testbucket', 
     Key: `packages/${ID}.zip`, // Use the selected package name to generate the Object key
@@ -421,7 +424,9 @@ router.put('/package/:id', async (req, res) => { //update package
         //process.exit(1);
       }
     }
-  
+  if (!URL) {
+    URL = existingMetaData.url;
+  }
   const s3uploadparams = { //replace old content with the new content
     Bucket: '461testbucket',
     Key: `packages/${ID}.zip`,
@@ -458,7 +463,7 @@ router.get('/package/:id/rate', async (req, res) => { //rate package
   }
   console.log("ID",packageId);
   //There is missing field(s) in the PackageID/AuthenticationToken or it is formed improperly, or the AuthenticationToken is invalid. return 400 error
-  if (!packageId) {
+  if (!packageId || typeof packageId != 'string') {
     return res.status(400).json({ error: 'Missing PackageID' });
   }
   try {
@@ -484,7 +489,7 @@ router.get('/package/:id/rate', async (req, res) => { //rate package
       const metric = score[i];
       if (isNaN(metric)) { //check for ingestion
         console.log('Package Net Score too low, ingestion blocked.');
-        return res.status(500).json({ error: 'Package not uploaded due to rating' });
+        return res.status(500).json({ error: 'choke' });
       }
     }
     if (!score) {