From adbbe391f19f3862a2f20661af01f160d845d53d Mon Sep 17 00:00:00 2001
From: DerekFurstPitt <drf57@pitt.edu>
Date: Fri, 2 Aug 2024 01:05:58 -0400
Subject: [PATCH 1/2] added validator function for the json body in
 /constraints. Expects json list of constraints, each constraint represented
 by an object. Each object with only keys 'ancestors' or 'descendants'. The
 value to these keys must either be an object or a list of objects. Any
 further validation of keys and values is performed later

---
 src/app.py | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/src/app.py b/src/app.py
index 6007d6e0..e888ca4a 100644
--- a/src/app.py
+++ b/src/app.py
@@ -1,3 +1,4 @@
+import sys
 import collections
 import yaml
 from typing import List
@@ -2294,6 +2295,9 @@ def validate_constraints():
     if not request.is_json:
         bad_request_error("A json body and appropriate Content-Type header are required")
     json_entry = request.get_json()
+    is_valid = constraints_json_is_valid(json_entry)
+    if is_valid is not True:
+        bad_request_error(is_valid)
     is_match = request.values.get('match')
     order = request.values.get('order')
 
@@ -4343,6 +4347,35 @@ def internal_server_error(err_msg):
     abort(500, description = err_msg)
 
 
+"""
+Validates the incoming json for the endpoint /constraints. 
+Returns true if the json matches the required format. If 
+invalid, returns a string explaining why.
+"""
+def constraints_json_is_valid(json_entry):
+    if not isinstance(json_entry, list):
+        return "JSON body expects a list."
+    
+    for constraint in json_entry:
+        if not isinstance(constraint, dict):
+            return "Each constraint in the list must be a JSON object."
+
+        for key in constraint:
+            if key not in ["ancestors", "descendants"]:
+                return f"Invalid key '{key}'. Allowed keys are 'ancestors' and 'descendants'."
+            
+            value = constraint[key]
+            if isinstance(value, dict):
+                continue
+            elif isinstance(value, list):
+                for item in value:
+                    if not isinstance(item, dict):
+                        return f"The value for '{key}' must be represented as a JSON object or as a list of objects"
+            else:
+                return f"The value for '{key}' must be a JSON object or a list of JSON objects."
+    return True
+
+
 """
 Parse the token from Authorization header
 

From a5689e3baa6575e514de84c269ffc62c4c0a9081 Mon Sep 17 00:00:00 2001
From: DerekFurstPitt <drf57@pitt.edu>
Date: Fri, 2 Aug 2024 01:07:34 -0400
Subject: [PATCH 2/2] removed errant sys import

---
 src/app.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/app.py b/src/app.py
index e888ca4a..f3d0db3e 100644
--- a/src/app.py
+++ b/src/app.py
@@ -1,4 +1,3 @@
-import sys
 import collections
 import yaml
 from typing import List