From 6aa62acc0f56b11a13b7d6e9ecc6fddc3d8f945e Mon Sep 17 00:00:00 2001 From: Vishwanath Martur <64204611+vishwamartur@users.noreply.github.com> Date: Sat, 7 Dec 2024 00:58:01 +0530 Subject: [PATCH 1/3] Fix URL encoding for pubsubTopic and contentTopics parameters Related to #3128 Update the API to enforce mandatory URL encoding for `pubsubTopic` and `content_topic`. * Update `docs/api/rest-api.md` to include examples of URL-encoded `pubsubTopic` and `contentTopics` parameters. * Modify `waku/waku_api/rest/store/handlers.nim` to validate and enforce URL encoding for `pubsubTopic` and `contentTopics` parameters. * Add error handling for invalid or non-encoded `pubsubTopic` and `contentTopics` parameters in `waku/waku_api/rest/store/handlers.nim`. * Update `decodeRequestBody` function in `waku/waku_api/rest/rest_serdes.nim` to validate and enforce URL encoding for `pubsubTopic` and `contentTopics` parameters. * Add error handling for invalid or non-encoded `pubsubTopic` and `contentTopics` parameters in `waku/waku_api/rest/rest_serdes.nim`. --- docs/api/rest-api.md | 13 +++++++++++++ waku/waku_api/rest/rest_serdes.nim | 12 ++++++++++++ waku/waku_api/rest/store/handlers.nim | 4 ++++ 3 files changed, 29 insertions(+) diff --git a/docs/api/rest-api.md b/docs/api/rest-api.md index eeb90abfb4..9e57bb802a 100644 --- a/docs/api/rest-api.md +++ b/docs/api/rest-api.md @@ -38,6 +38,19 @@ A particular OpenAPI spec can be easily imported into [Postman](https://www.post curl http://localhost:8645/debug/v1/info -s | jq ``` +#### [`get_waku_v2_store_v3_messages`](https://rfc.vac.dev/spec/16/#get_waku_v2_store_v3_messages) + +```bash +curl -v -X GET "http://127.0.0.1:49153/store/v3/messages?includeData=true&pubsubTopic=/waku/2/rs/3/0&pageSize=20&ascending=true" +``` + +or call it encoded + +```bash +curl -v -X GET "http://127.0.0.1:5213/store/v3/messages?includeData=true&pubsubTopic=%2Fwaku%2F2%2Frs%2F3%2F0&pageSize=20&ascending=true" +``` + +In both cases, it works and retrieves the message with the correct topic name. ### Node configuration Find details [here](https://github.com/waku-org/nwaku/tree/master/docs/operators/how-to/configure-rest-api.md) diff --git a/waku/waku_api/rest/rest_serdes.nim b/waku/waku_api/rest/rest_serdes.nim index 1b6d5a98d3..3513c056ac 100644 --- a/waku/waku_api/rest/rest_serdes.nim +++ b/waku/waku_api/rest/rest_serdes.nim @@ -53,6 +53,18 @@ func decodeRequestBody*[T]( ) ) + # Validate and enforce URL encoding for pubsubTopic and contentTopics + if T.hasKey("pubsubTopic"): + let pubsubTopic = T["pubsubTopic"] + if pubsubTopic != encodeUrl(pubsubTopic): + return err(RestApiResponse.badRequest("Invalid or non-encoded pubsubTopic parameter")) + + if T.hasKey("contentTopics"): + let contentTopics = T["contentTopics"] + for topic in contentTopics: + if topic != encodeUrl(topic): + return err(RestApiResponse.badRequest("Invalid or non-encoded content_topic parameter")) + return ok(requestResult.get()) proc decodeBytes*( diff --git a/waku/waku_api/rest/store/handlers.nim b/waku/waku_api/rest/store/handlers.nim index 663d796eab..1d72e5b7f4 100644 --- a/waku/waku_api/rest/store/handlers.nim +++ b/waku/waku_api/rest/store/handlers.nim @@ -99,6 +99,8 @@ proc createStoreQuery( let decodedPubsubTopic = decodeUrl(pubsubTopic.get()) if decodedPubsubTopic != "": parsedPubsubTopic = some(decodedPubsubTopic) + else: + return err("Invalid or non-encoded pubsubTopic parameter") # Parse the content topics var parsedContentTopics = newSeq[ContentTopic](0) @@ -106,6 +108,8 @@ proc createStoreQuery( let ctList = decodeUrl(contentTopics.get()) if ctList != "": for ct in ctList.split(','): + if ct == "": + return err("Invalid or non-encoded content_topic parameter") parsedContentTopics.add(ct) # Parse start time From b0694c69b374116df87cda71cdb107b36557ed74 Mon Sep 17 00:00:00 2001 From: Vishwanath Martur <64204611+vishwamartur@users.noreply.github.com> Date: Thu, 2 Jan 2025 22:48:59 +0530 Subject: [PATCH 2/3] Update waku/waku_api/rest/rest_serdes.nim Co-authored-by: Ivan FB <128452529+Ivansete-status@users.noreply.github.com> --- waku/waku_api/rest/rest_serdes.nim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/waku/waku_api/rest/rest_serdes.nim b/waku/waku_api/rest/rest_serdes.nim index 3513c056ac..c20dfe08fc 100644 --- a/waku/waku_api/rest/rest_serdes.nim +++ b/waku/waku_api/rest/rest_serdes.nim @@ -57,7 +57,7 @@ func decodeRequestBody*[T]( if T.hasKey("pubsubTopic"): let pubsubTopic = T["pubsubTopic"] if pubsubTopic != encodeUrl(pubsubTopic): - return err(RestApiResponse.badRequest("Invalid or non-encoded pubsubTopic parameter")) + return err(RestApiResponse.badRequest("Invalid or non-URL-encoded pubsubTopic parameter")) if T.hasKey("contentTopics"): let contentTopics = T["contentTopics"] From 15893bbaf517d287a1f92ef489bd4b480df76f07 Mon Sep 17 00:00:00 2001 From: Vishwanath Martur <64204611+vishwamartur@users.noreply.github.com> Date: Thu, 2 Jan 2025 22:49:09 +0530 Subject: [PATCH 3/3] Update waku/waku_api/rest/rest_serdes.nim Co-authored-by: Ivan FB <128452529+Ivansete-status@users.noreply.github.com> --- waku/waku_api/rest/rest_serdes.nim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/waku/waku_api/rest/rest_serdes.nim b/waku/waku_api/rest/rest_serdes.nim index c20dfe08fc..5d8c07cb7d 100644 --- a/waku/waku_api/rest/rest_serdes.nim +++ b/waku/waku_api/rest/rest_serdes.nim @@ -63,7 +63,7 @@ func decodeRequestBody*[T]( let contentTopics = T["contentTopics"] for topic in contentTopics: if topic != encodeUrl(topic): - return err(RestApiResponse.badRequest("Invalid or non-encoded content_topic parameter")) + return err(RestApiResponse.badRequest("Invalid or non-URL-encoded content_topic parameter")) return ok(requestResult.get())