validate input not null and sanitize key

oklabflensburg · Dec 25, 2024 · ad4b60a · ad4b60a
1 parent 58d445e
commit ad4b60a
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/.github/workflows/schemathesis.yml b/.github/workflows/schemathesis.yml
@@ -15,4 +15,4 @@ jobs:
     steps:
       - uses: schemathesis/action@v1
         with:
-          schema: https://api.oklabflensburg.de/openapi.json --experimental=openapi-3.1
+          schema: 'https://api.oklabflensburg.de/openapi.json --experimental=openapi-3.1'
diff --git a/app/services/climate.py b/app/services/climate.py
@@ -4,13 +4,22 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.future import select
 from sqlalchemy.orm import aliased
+from fastapi import HTTPException
 
+from ..utils.validators import validate_not_none
+from ..utils.sanitizer import sanitize_string
 from ..models.climate import DwdStationReference, WeatherStation
 from ..models.administrative import Vg250Gem
 
 
 
 async def get_dwd_stations_by_municipality_key(session: AsyncSession, municipality_key: str):
+    try:
+        validated_key = validate_not_none(municipality_key)
+        validated_key = sanitize_string(validated_key)
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
     geojson = cast(func.ST_AsGeoJSON(DwdStationReference.wkb_geometry, 15), JSON).label('geojson')
     gem_alias = aliased(Vg250Gem)
 
@@ -41,7 +50,7 @@ async def get_dwd_stations_by_municipality_key(session: AsyncSession, municipali
         )
     )
 
-    result = await session.execute(stmt, {'municipality_key': municipality_key})
+    result = await session.execute(stmt, {'municipality_key': validated_key})
     return result.mappings().all()