From 6fc3a329aba55dfa2d4867bde9d8a3126b45f59a Mon Sep 17 00:00:00 2001
From: Ritu Sood <ritu.sood@intel.com>
Date: Tue, 4 Aug 2020 14:46:34 -0700
Subject: Add Validation for API's

Adding input validations for API based
on Json schemas

Issue-ID: MULTICLOUD-1096
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: If6591bdef6305f87cbce7ef56d894376f687c6c1
---
 src/orchestrator/api/apphandler.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'src/orchestrator/api/apphandler.go')

diff --git a/src/orchestrator/api/apphandler.go b/src/orchestrator/api/apphandler.go
index 2c81431c..7d901a8f 100644
--- a/src/orchestrator/api/apphandler.go
+++ b/src/orchestrator/api/apphandler.go
@@ -70,9 +70,11 @@ func (h appHandler) createAppHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Name is required.
-	if a.Metadata.Name == "" {
-		http.Error(w, "Missing name in POST request", http.StatusBadRequest)
+	jsonFile := "json-schemas/metadata.json"
+	// Verify JSON Body
+	err, httpError := validation.ValidateJsonSchemaData(jsonFile, a)
+	if err != nil {
+		http.Error(w, err.Error(), httpError)
 		return
 	}
 
@@ -84,14 +86,17 @@ func (h appHandler) createAppHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	defer file.Close()
-
 	//Convert the file content to base64 for storage
 	content, err := ioutil.ReadAll(file)
 	if err != nil {
 		http.Error(w, "Unable to read file", http.StatusUnprocessableEntity)
 		return
 	}
-
+	// Limit file Size to 1 GB
+	if len(content) > 1073741824 {
+		http.Error(w, "File Size Exceeds 1 GB", http.StatusUnprocessableEntity)
+		return
+	}
 	err = validation.IsTarGz(bytes.NewBuffer(content))
 	if err != nil {
 		http.Error(w, "Error in file format", http.StatusUnprocessableEntity)
-- 
cgit 1.2.3-korg