code cleanup and fix int overflow

0x7d8 · 0x7d8 · commit a8717dd05555 · 2025-04-01T12:02:01.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "api"
-version = "3.2.1"
+version = "3.2.2"
 edition = "2024"
 
 [dependencies]
diff --git a/src/models/build.rs b/src/models/build.rs
@@ -186,8 +186,12 @@ impl Build {
             96 => Some("sha384"),
             128 => Some("sha512"),
             _ => {
-                if identifier.parse::<u32>().is_ok() {
-                    None
+                if let Ok(id) = identifier.parse::<i32>() {
+                    if id < 1 {
+                        return None;
+                    } else {
+                        None
+                    }
                 } else {
                     return None;
                 }
diff --git a/src/models/organization.rs b/src/models/organization.rs
@@ -165,6 +165,10 @@ impl Organization {
         cache: &crate::cache::Cache,
         id: i32,
     ) -> Option<Self> {
+        if id < 1 {
+            return None;
+        }
+
         cache
             .cached(&format!("organization::{}", id), 300, || async {
                 sqlx::query(&format!(
@@ -386,6 +390,10 @@ impl OrganizationKey {
     }
 
     pub async fn by_id(database: &crate::database::Database, id: i32) -> Option<Self> {
+        if id < 1 {
+            return None;
+        }
+
         sqlx::query(&format!(
             "SELECT {} FROM organization_keys WHERE organization_keys.id = $1",
             Self::columns_sql(None, None)
diff --git a/src/routes/user/invites/_organization_/accept.rs b/src/routes/user/invites/_organization_/accept.rs
@@ -20,18 +20,17 @@ mod post {
         (status = NOT_FOUND, body = inline(ApiError)),
     ), params(
         (
-            "organization" = u32,
+            "organization" = i32,
             description = "The organization ID",
             minimum = 1,
         ),
     ))]
     pub async fn route(
         state: GetState,
         user: GetUser,
-        Path(organization): Path<u32>,
+        Path(organization): Path<i32>,
     ) -> axum::Json<serde_json::Value> {
-        let organization =
-            Organization::by_id(&state.database, &state.cache, organization as i32).await;
+        let organization = Organization::by_id(&state.database, &state.cache, organization).await;
 
         if let Some(organization) = organization {
             let subuser =
diff --git a/src/routes/user/invites/_organization_/decline.rs b/src/routes/user/invites/_organization_/decline.rs
@@ -20,18 +20,17 @@ mod post {
         (status = NOT_FOUND, body = inline(ApiError)),
     ), params(
         (
-            "organization" = u32,
+            "organization" = i32,
             description = "The organization ID",
             minimum = 1,
         ),
     ))]
     pub async fn route(
         state: GetState,
         user: GetUser,
-        Path(organization): Path<u32>,
+        Path(organization): Path<i32>,
     ) -> axum::Json<serde_json::Value> {
-        let organization =
-            Organization::by_id(&state.database, &state.cache, organization as i32).await;
+        let organization = Organization::by_id(&state.database, &state.cache, organization).await;
 
         if let Some(organization) = organization {
             let deleted =
diff --git a/src/routes/user/organizations/_organization_/api_keys/_key_.rs b/src/routes/user/organizations/_organization_/api_keys/_key_.rs
@@ -23,22 +23,22 @@ mod get {
         (status = NOT_FOUND, body = inline(ApiError)),
     ), params(
         (
-            "organization" = u32,
+            "organization" = i32,
             description = "The organization ID",
             example = 1,
         ),
         (
-            "key" = u32,
+            "key" = i32,
             description = "The api key ID",
             example = 1,
         ),
     ))]
     pub async fn route(
         state: GetState,
         organization: GetOrganization,
-        Path((_organization, key)): Path<(u32, u32)>,
+        Path((_organization, key)): Path<(i32, i32)>,
     ) -> (StatusCode, axum::Json<serde_json::Value>) {
-        let key = OrganizationKey::by_id(&state.database, key as i32).await;
+        let key = OrganizationKey::by_id(&state.database, key).await;
 
         if let Some(key) = key {
             if key.organization_id != organization.id {
@@ -86,22 +86,22 @@ mod delete {
         (status = NOT_FOUND, body = inline(ApiError)),
     ), params(
         (
-            "organization" = u32,
+            "organization" = i32,
             description = "The organization ID",
             example = 1,
         ),
         (
-            "key" = u32,
+            "key" = i32,
             description = "The api key ID",
             example = 1,
         ),
     ))]
     pub async fn route(
         state: GetState,
         organization: GetOrganization,
-        Path((_organization, key)): Path<(u32, u32)>,
+        Path((_organization, key)): Path<(i32, i32)>,
     ) -> (StatusCode, axum::Json<serde_json::Value>) {
-        let key = OrganizationKey::by_id(&state.database, key as i32).await;
+        let key = OrganizationKey::by_id(&state.database, key).await;
 
         if let Some(key) = key {
             if key.organization_id != organization.id {
diff --git a/src/routes/user/organizations/_organization_/mod.rs b/src/routes/user/organizations/_organization_/mod.rs
@@ -25,8 +25,20 @@ async fn auth(
     mut req: Request,
     next: Next,
 ) -> Result<Response, StatusCode> {
-    let organization = match organization[0].parse::<u32>() {
-        Ok(organization) => organization as i32,
+    let organization = match organization[0].parse::<i32>() {
+        Ok(organization) => {
+            if organization < 1 {
+                return Ok(Response::builder()
+                    .status(StatusCode::BAD_REQUEST)
+                    .header("Content-Type", "application/json")
+                    .body(Body::from(
+                        serde_json::to_string(&ApiError::new(&["invalid organization"])).unwrap(),
+                    ))
+                    .unwrap());
+            }
+
+            organization
+        }
         Err(_) => {
             return Ok(Response::builder()
                 .status(StatusCode::BAD_REQUEST)
diff --git a/src/routes/v1/builds/_type_/_version_/_build_.rs b/src/routes/v1/builds/_type_/_version_/_build_.rs
@@ -41,11 +41,20 @@ mod get {
         state: GetState,
         Path((r#type, version, build)): Path<(ServerType, String, String)>,
     ) -> (StatusCode, axum::Json<serde_json::Value>) {
-        let build: Option<u32> = if build == "latest" {
+        let build: Option<i32> = if build == "latest" {
             None
         } else {
             match build.parse() {
-                Ok(build) => Some(build),
+                Ok(build) => {
+                    if build < 0 {
+                        return (
+                            StatusCode::BAD_REQUEST,
+                            axum::Json(ApiError::new(&["invalid build"]).to_value()),
+                        );
+                    }
+
+                    Some(build)
+                }
                 Err(_) => {
                     return (
                         StatusCode::BAD_REQUEST,
@@ -68,15 +77,7 @@ mod get {
                         build.map(|b| b.to_string()).unwrap_or("latest".to_string())
                     ),
                     3600,
-                    || {
-                        Build::by_build_number(
-                            &state.database,
-                            r#type,
-                            &location,
-                            &version,
-                            build.map(|b| b as i32),
-                        )
-                    },
+                    || Build::by_build_number(&state.database, r#type, &location, &version, build),
                 )
                 .await;
 
