Make API endpoint validation more strict, improve errors#1585
Merged
Conversation
bpfoley
force-pushed
the
method-err
branch
6 times, most recently
from
7eb81b5 to
b1c660d
Compare
bpfoley
changed the title
cpeel
reviewed
Jun 4, 2026
Member
|
These are great improvements, Brian! Before: After: |
Readonly properties were introduced in PHP 8.1
Handle the following cases: 1. A misspelled part is provided 2. A part for a node with no children 3. A missing part for nodes with children but no handler of its own.
This has two benefits: 1. It tightens up the type signature of the handler functions (as well as removing boilerplate). 2. It catches latent errors in the client.
Because of how the ouput JSON is built, api/v1/projects/ has the effect of sliently deduplicating the field. Report it as an error, as it may be a latent bug in the client
cpeel
approved these changes
Jun 4, 2026
srjfoo
approved these changes
Jun 5, 2026
Collaborator
Author
|
Reproducers: API_KEY=revoew
ROOT=https://www.pgdp.org/~bfoley/c.branch/method-err
# API endpoint v1/queues: Method WIBBLE not supported. Valid methods: GET
curl -i -X WIBBLE "$ROOT/api/v1/queues?roundid=P3&show=populated" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# 1. API endpoint /v1 has no part projectz. Valid child parts: documents, dictionaries, projects, queues, stats, storage.
curl -i -X GET "$ROOT/api/v1/projectz/projectID5e263d080c3f4/wordcheck/ai" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# 2. No children:
# API endpoint /v1/projects/projectID5e263d080c3f4/wordcheck has no part ai
curl -i -X GET "$ROOT/api/v1/projects/projectID5e263d080c3f4/wordcheck/ai" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# 3. Missing part.
# API endpoint /v1/stats is missing a part. Valid child parts: site, user.
curl -i -X GET "$ROOT/api/v1/stats" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# Invalid project state wibble. Valid states: ...
curl -i -X PUT "$ROOT/api/v1/projects/projectID5e263d080c3f4/checkout?state=wibble" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# Invalid page state wibble. Valid states: ...
curl -i -X PUT "$ROOT/api/v1/projects/projectID5e263d080c3f4/pages/042.png?state=F1.proj_avail&pagestate=wibble" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# API endpoint /v1/dictionaries takes no query parameters, but was called with param1, param2
curl -i -X GET "$ROOT/api/v1/dictionaries?param1=invalid¶m2" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# Duplicate field[] args: title
curl -i -X GET "$ROOT/api/v1/projects?per_page=1&page=1&state=P3.proj_avail&field[]=title&field[]=title" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY"
# Check ApiException::fromException works using a deleted project
# try { ... } catch (NoProjectPageTable $exception) {
# throw NotFoundError::fromException($exception);
# }
curl -i -X GET "$ROOT/api/v1/projects/projectID69668cd98b3b3/pages" \
-H "Accept: application/json" \
-H "X-API-KEY: $API_KEY" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Make API endpoint validation more strict and make the errors messages more helpful.
While here, improve some internal APIs:
ApiException::status_codereadonly property to reduce boilerplate in derived exceptions$query_paramsfrom all handler functions that don't have params.ApiException::fromExceptionto reduce boilerplate when converting exceptionsSandbox: https://www.pgdp.org/~cpeel/c.branch/method-err/