Fix URL encoding for pubsubTopic and contentTopics parameters

Related to #3128 Update the API to enforce mandatory URL encoding for `pubsubTopic` and `content_topic`. * Update `docs/api/rest-api.md` to include examples of URL-encoded `pubsubTopic` and `contentTopics` parameters. * Modify `waku/waku_api/rest/store/handlers.nim` to validate and enforce URL encoding for `pubsubTopic` and `contentTopics` parameters. * Add error handling for invalid or non-encoded `pubsubTopic` and `contentTopics` parameters in `waku/waku_api/rest/store/handlers.nim`. * Update `decodeRequestBody` function in `waku/waku_api/rest/rest_serdes.nim` to validate and enforce URL encoding for `pubsubTopic` and `contentTopics` parameters. * Add error handling for invalid or non-encoded `pubsubTopic` and `contentTopics` parameters in `waku/waku_api/rest/rest_serdes.nim`.
2025-01-13 08:14:43 +00:00 · 2024-12-07 00:58:01 +05:30 · 2024-12-07 00:58:01 +05:30 · 6aa62acc0f
commit 6aa62acc0f
parent 1b532e8ab9
3 changed files with 29 additions and 0 deletions
--- a/docs/api/rest-api.md
+++ b/docs/api/rest-api.md
@ -38,6 +38,19 @@ A particular OpenAPI spec can be easily imported into [Postman](https://www.post
 curl http://localhost:8645/debug/v1/info -s | jq
 ```

+#### [`get_waku_v2_store_v3_messages`](https://rfc.vac.dev/spec/16/#get_waku_v2_store_v3_messages)
+
+```bash
+curl -v -X GET "http://127.0.0.1:49153/store/v3/messages?includeData=true&pubsubTopic=/waku/2/rs/3/0&pageSize=20&ascending=true"
+```
+
+or call it encoded
+
+```bash
+curl -v -X GET "http://127.0.0.1:5213/store/v3/messages?includeData=true&pubsubTopic=%2Fwaku%2F2%2Frs%2F3%2F0&pageSize=20&ascending=true"
+```
+
+In both cases, it works and retrieves the message with the correct topic name.

 ### Node configuration
 Find details [here](https://github.com/waku-org/nwaku/tree/master/docs/operators/how-to/configure-rest-api.md)
--- a/waku/waku_api/rest/rest_serdes.nim
+++ b/waku/waku_api/rest/rest_serdes.nim
@ -53,6 +53,18 @@ func decodeRequestBody*[T](
      )
    )

+  # Validate and enforce URL encoding for pubsubTopic and contentTopics
+  if T.hasKey("pubsubTopic"):
+    let pubsubTopic = T["pubsubTopic"]
+    if pubsubTopic != encodeUrl(pubsubTopic):
+      return err(RestApiResponse.badRequest("Invalid or non-encoded pubsubTopic parameter"))
+
+  if T.hasKey("contentTopics"):
+    let contentTopics = T["contentTopics"]
+    for topic in contentTopics:
+      if topic != encodeUrl(topic):
+        return err(RestApiResponse.badRequest("Invalid or non-encoded content_topic parameter"))
+
  return ok(requestResult.get())

 proc decodeBytes*(
--- a/waku/waku_api/rest/store/handlers.nim
+++ b/waku/waku_api/rest/store/handlers.nim
@ -99,6 +99,8 @@ proc createStoreQuery(
    let decodedPubsubTopic = decodeUrl(pubsubTopic.get())
    if decodedPubsubTopic != "":
      parsedPubsubTopic = some(decodedPubsubTopic)
+    else:
+      return err("Invalid or non-encoded pubsubTopic parameter")

  # Parse the content topics
  var parsedContentTopics = newSeq[ContentTopic](0)
@ -106,6 +108,8 @@ proc createStoreQuery(
    let ctList = decodeUrl(contentTopics.get())
    if ctList != "":
      for ct in ctList.split(','):
+        if ct == "":
+          return err("Invalid or non-encoded content_topic parameter")
        parsedContentTopics.add(ct)

  # Parse start time