From f14409937735d7f0cf98550dc3574bd49960f1f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Uhl=C3=AD=C5=99?= <adam@uhlir.dev>
Date: Wed, 14 May 2025 10:46:16 +0200
Subject: [PATCH] fix(api): availability creation validation (#1212)

---
 codex/rest/api.nim                          | 17 +++++++++
 tests/integration/testrestapivalidation.nim | 39 +++++++++++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/codex/rest/api.nim b/codex/rest/api.nim
index 0d9e5d80..93c5d242 100644
--- a/codex/rest/api.nim
+++ b/codex/rest/api.nim
@@ -478,6 +478,23 @@ proc initSalesApi(node: CodexNodeRef, router: var RestRouter) =
           Http422, "Total size must be larger then zero", headers = headers
         )
 
+      if restAv.duration == 0:
+        return RestApiResponse.error(
+          Http422, "duration must be larger then zero", headers = headers
+        )
+
+      if restAv.minPricePerBytePerSecond == 0:
+        return RestApiResponse.error(
+          Http422,
+          "minPricePerBytePerSecond must be larger then zero",
+          headers = headers,
+        )
+
+      if restAv.totalCollateral == 0:
+        return RestApiResponse.error(
+          Http422, "totalCollateral must be larger then zero", headers = headers
+        )
+
       if not reservations.hasAvailable(restAv.totalSize):
         return
           RestApiResponse.error(Http422, "Not enough storage quota", headers = headers)
diff --git a/tests/integration/testrestapivalidation.nim b/tests/integration/testrestapivalidation.nim
index adeffa77..7c286c79 100644
--- a/tests/integration/testrestapivalidation.nim
+++ b/tests/integration/testrestapivalidation.nim
@@ -380,5 +380,44 @@ asyncchecksuite "Rest API validation":
       response.status == 422
       (await response.body) == "Cannot set until to a negative value"
 
+  test "creating availability fails when duration is zero":
+    let response = await client.postAvailabilityRaw(
+      totalSize = 12.uint64,
+      duration = 0.uint64,
+      minPricePerBytePerSecond = 1.u256,
+      totalCollateral = 22.u256,
+      until = -1.SecondsSince1970.some,
+    )
+
+    check:
+      response.status == 422
+      (await response.body) == "duration must be larger then zero"
+
+  test "creating availability fails when minPricePerBytePerSecond is zero":
+    let response = await client.postAvailabilityRaw(
+      totalSize = 12.uint64,
+      duration = 1.uint64,
+      minPricePerBytePerSecond = 0.u256,
+      totalCollateral = 22.u256,
+      until = -1.SecondsSince1970.some,
+    )
+
+    check:
+      response.status == 422
+      (await response.body) == "minPricePerBytePerSecond must be larger then zero"
+
+  test "creating availability fails when totalCollateral is zero":
+    let response = await client.postAvailabilityRaw(
+      totalSize = 12.uint64,
+      duration = 1.uint64,
+      minPricePerBytePerSecond = 2.u256,
+      totalCollateral = 0.u256,
+      until = -1.SecondsSince1970.some,
+    )
+
+    check:
+      response.status == 422
+      (await response.body) == "totalCollateral must be larger then zero"
+
   waitFor node.stop()
   node.removeDataDir()