Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[http] validate request parameters #146

Closed
wants to merge 2 commits into from
Closed

[http] validate request parameters #146

wants to merge 2 commits into from

Conversation

zeylahellyer
Copy link
Member

When creating HTTP requests, validate the request parameters. This
includes things like checking that the content length of a message is
less than or equal to 2000 characters1, that a new channel's name is
within the range of 2-100 characters2, and more.

The request methods that do validation now return results with an error
type that is local to the module. For example, the
http::request::channel::UpdateChannel::name method can return an
error, which is defined at
http::request::channel::update_channel::UpdateChannelError.

Validation functions are located in http::request::validation, which
includes functions that simply return booleans of whether the input is
valid or not. Each of these sources where the validation limits are
documented. Some things, such as custom emoji names, don't have a
documented length limit3, so validation isn't done for them.

Closes issue #29.

Signed-off-by: Vivian Hellyer vivian@hellyer.dev

When creating HTTP requests, validate the request parameters. This
includes things like checking that the content length of a message is
less than or equal to 2000 characters[1], that a new channel's name is
within the range of 2-100 characters[2], and more.

The request methods that do validation now return results with an error
type that is local to the module. For example, the
`http::request::channel::UpdateChannel::name` method can return an
error, which is defined at
`http::request::channel::update_channel::UpdateChannelError`.

Validation functions are located in `http::request::validation`, which
includes functions that simply return booleans of whether the input is
valid or not. Each of these sources where the validation limits are
documented. Some things, such as custom emoji names, don't have a
documented length limit[3], so validation isn't done for them.

[1]: https://discordapp.com/developers/docs/resources/channel#create-message-params
[2]: https://discordapp.com/developers/docs/resources/channel#channel-object-channel-structure
[3]: https://discordapp.com/developers/docs/resources/emoji#create-guild-emoji-json-params

Closes issue #29.

Signed-off-by: Vivian Hellyer <vivian@hellyer.dev>
@zeylahellyer zeylahellyer added t-feature Addition of a new feature c-http Affects the http crate m-breaking change Breaks the public API. labels Apr 17, 2020
@zeylahellyer zeylahellyer requested a review from Erk- as a code owner April 17, 2020 19:12
Signed-off-by: Vivian Hellyer <vivian@hellyer.dev>
Copy link
Member

@Erk- Erk- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only one comment, but it could be more places, pretty much at all the places UTF-8 is used as I am not sure that is how they count it on Discords end. I am also not sure how much it will actually mean in practice.

self.fields.content.replace(content.into());
/// Set the content of the message.
///
/// The maximum length is 2000 UTF-8 characters.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The maximum length on discord is actually 2000 UTF-16 codepoints as they use python which calculates it in that way.

Though this may be a bit pedantic and I am not sure how to calculate the limit
in that case.

discord/discord-api-docs#1315 (comment)
https://stackoverflow.com/a/30775818

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After looking a bit more into it, It will still have the same amount of codepoints, but a different amount of code units. so the only thing left to resolve is if we should say utf-16 instead of utf-8.

zeylahellyer added a commit that referenced this pull request May 26, 2020
http: validate request parameters

This patch is a continuation of PR #146 with the comments applied.

When creating HTTP requests, validate the request parameters. This
includes things like checking that the content length of a message is
less than or equal to 2000 characters[1], that a new channel's name is
within the range of 2-100 characters[2], and more.

The request methods that do validation now return results with an error
type that is local to the module. For example, the
`http::request::channel::UpdateChannel::name` method can return an
error, which is defined at
`http::request::channel::update_channel::UpdateChannelError`.

Validation functions are located in `http::request::validation`, which
includes functions that simply return booleans of whether the input is
valid or not. Each of these sources where the validation limits are
documented. Some things, such as custom emoji names, don't have a
documented length limit[3], so validation isn't done for them.

[1]: https://discordapp.com/developers/docs/resources/channel#create-message-params
[2]: https://discordapp.com/developers/docs/resources/channel#channel-object-channel-structure
[3]: https://discordapp.com/developers/docs/resources/emoji#create-guild-emoji-json-params

Closes issue #29.

Approved-by: Erk-
Merged-by: Vivian Hellyer <vivian@hellyer.dev>
Signed-off-by: Vivian Hellyer <vivian@hellyer.dev>
@Erk- Erk- mentioned this pull request Sep 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c-http Affects the http crate m-breaking change Breaks the public API. t-feature Addition of a new feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants