Feature/add validator to pixel routes (#64)

* feat: add the check for position and color in pixel and indexer routes

* Revert "feat: add the check for position and color in pixel and indexer routes"

This reverts commit ed6d46c.

* feat: add the checks for pixel and intexer routes

* fix: resolve the review changes

* Gofmt

---------

Co-authored-by: Brandon Roberts <[email protected]>

backend/routes/indexer.go

@@ -115,6 +115,15 @@ func processPixelPlacedEvent(event map[string]interface{}, w http.ResponseWriter
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
+	//validate position
+	maxPosition := int64(core.ArtPeaceBackend.CanvasConfig.Canvas.Width) * int64(core.ArtPeaceBackend.CanvasConfig.Canvas.Height)
+
+	// Perform comparison with maxPosition
+	if position < 0 || position >= maxPosition {
+		http.Error(w, "Position out of range", http.StatusBadRequest)
+		return
+	}
+
 	dayIdx, err := strconv.ParseInt(dayIdxHex.(string), 0, 64)
 	if err != nil {
 		fmt.Println("Error converting day index hex to int: ", err)
@@ -127,6 +136,12 @@ func processPixelPlacedEvent(event map[string]interface{}, w http.ResponseWriter
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
+	//validate color
+	colorsLength := len(core.ArtPeaceBackend.CanvasConfig.Colors)
+	if int(color) < 0 || int(color) >= colorsLength {
+		http.Error(w, "Color value exceeds bit width", http.StatusBadRequest)
+		return
+	}
 
 	bitfieldType := "u" + strconv.Itoa(int(core.ArtPeaceBackend.CanvasConfig.ColorsBitWidth))
 	pos := uint(position) * core.ArtPeaceBackend.CanvasConfig.ColorsBitWidth

backend/routes/pixel.go

@@ -24,11 +24,19 @@ func InitPixelRoutes() {
 }
 
 func getPixel(w http.ResponseWriter, r *http.Request) {
-	position, err := strconv.Atoi(r.URL.Query().Get("position"))
+	positionStr := r.URL.Query().Get("position")
+	position, err := strconv.Atoi(positionStr)
 	if err != nil {
-		// TODO: panic or return error?
-		panic(err)
+		http.Error(w, "Invalid position parameter", http.StatusBadRequest)
+		return
+	}
+
+	// Check if position is within canvas bounds
+	if position < 0 || position >= (int(core.ArtPeaceBackend.CanvasConfig.Canvas.Width)*int(core.ArtPeaceBackend.CanvasConfig.Canvas.Height)) {
+		http.Error(w, "Position out of range", http.StatusBadRequest)
+		return
 	}
+
 	bitfieldType := "u" + strconv.Itoa(int(core.ArtPeaceBackend.CanvasConfig.ColorsBitWidth))
 	pos := uint(position) * core.ArtPeaceBackend.CanvasConfig.ColorsBitWidth
 
@@ -66,27 +74,52 @@ func placePixelDevnet(w http.ResponseWriter, r *http.Request) {
 
 	reqBody, err := io.ReadAll(r.Body)
 	if err != nil {
-		panic(err)
+		http.Error(w, "Failed to read request body", http.StatusInternalServerError)
+		return
 	}
+
 	var jsonBody map[string]string
 	err = json.Unmarshal(reqBody, &jsonBody)
 	if err != nil {
 		panic(err)
 	}
 
-	position, err := strconv.Atoi(jsonBody["position"])
+	positionStr := jsonBody["position"]
+	position, err := strconv.Atoi(positionStr)
 	if err != nil {
-		panic(err)
+		http.Error(w, "Invalid position parameter", http.StatusBadRequest)
+		return
+	}
+
+	colorStr := jsonBody["color"]
+	color, err := strconv.Atoi(colorStr)
+	if err != nil {
+		http.Error(w, "Invalid color parameter", http.StatusBadRequest)
+		return
+	}
+
+	// Validate position range
+	if position < 0 || position >= int(core.ArtPeaceBackend.CanvasConfig.Canvas.Width*core.ArtPeaceBackend.CanvasConfig.Canvas.Height) {
+		http.Error(w, "Position out of range", http.StatusBadRequest)
+		return
+	}
+
+	// Validate color format (e.g., validate against allowed colors)
+	colorsLength := len(core.ArtPeaceBackend.CanvasConfig.Colors)
+	if color < 0 || color > colorsLength {
+		http.Error(w, "Color value exceeds bit width", http.StatusBadRequest)
+		return
 	}
 
 	shellCmd := core.ArtPeaceBackend.BackendConfig.Scripts.PlacePixelDevnet
 	contract := os.Getenv("ART_PEACE_CONTRACT_ADDRESS")
 
-	cmd := exec.Command(shellCmd, contract, "place_pixel", strconv.Itoa(position), jsonBody["color"])
+	cmd := exec.Command(shellCmd, contract, "place_pixel", strconv.Itoa(position), colorStr)
 	_, err = cmd.Output()
 	if err != nil {
 		fmt.Println("Error executing shell command: ", err)
-		panic(err)
+		http.Error(w, "Failed to place pixel", http.StatusInternalServerError)
+		return
 	}
 
 	w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -141,21 +174,45 @@ func placePixelRedis(w http.ResponseWriter, r *http.Request) {
 	// TODO: Only allow mods to place pixels on redis instance
 	reqBody, err := io.ReadAll(r.Body)
 	if err != nil {
-		panic(err)
+		http.Error(w, "Failed to read request body", http.StatusInternalServerError)
+		return
 	}
+
 	var jsonBody map[string]uint
-	err = json.Unmarshal(reqBody, &jsonBody)
-	if err != nil {
-		panic(err)
+	if err := json.Unmarshal(reqBody, &jsonBody); err != nil {
+		http.Error(w, "Invalid JSON format", http.StatusBadRequest)
+		return
 	}
+
 	position := jsonBody["position"]
 	color := jsonBody["color"]
+
+	canvasWidth := core.ArtPeaceBackend.CanvasConfig.Canvas.Width
+	canvasHeight := core.ArtPeaceBackend.CanvasConfig.Canvas.Height
+
+	// Validate position range
+	if position >= canvasWidth*canvasHeight {
+		http.Error(w, "Position out of range", http.StatusBadRequest)
+		return
+	}
+
+	// Validate color range (e.g., ensure color value fits within bit width)
+	colorsLength := uint(len(core.ArtPeaceBackend.CanvasConfig.Colors))
+	if color >= colorsLength {
+		http.Error(w, "Color value exceeds bit width", http.StatusBadRequest)
+		return
+	}
+
 	bitfieldType := "u" + strconv.Itoa(int(core.ArtPeaceBackend.CanvasConfig.ColorsBitWidth))
 	pos := position * core.ArtPeaceBackend.CanvasConfig.ColorsBitWidth
 
 	ctx := context.Background()
 	err = core.ArtPeaceBackend.Databases.Redis.BitField(ctx, "canvas", "SET", bitfieldType, pos, color).Err()
 	if err != nil {
-		panic(err)
+		http.Error(w, "Failed to set pixel in Redis", http.StatusInternalServerError)
+		return
 	}
+
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Write([]byte("Pixel placed"))
 }