afourmaux-agreg/agreg-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: add security constraints to devEUI on readings endpoint

Browse source
This commit is contained in:
Alexis Fourmaux 2026-05-12 23:58:46 +02:00
parent 35ac428e2d
commit 0dce6cf89a
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/backend/adapters/http/readings.py
View file

@ -1,7 +1,8 @@
from datetime import datetime from datetime import datetime
from typing import Annotated from typing import Annotated
from fastapi import APIRouter, Depends, Query, HTTPException from fastapi import APIRouter, Depends, Query, HTTPException, Path
from pydantic import constr
from domain.value_objects import Granularity from domain.value_objects import Granularity
from domain.exceptions import ValidationError, DatabaseError from domain.exceptions import ValidationError, DatabaseError
@ -12,10 +13,11 @@ from ._readings_schemas import ConsumptionResponseSchema
readings_router = APIRouter(prefix="/readings", tags=["readings"]) readings_router = APIRouter(prefix="/readings", tags=["readings"])
DevEUI = Annotated[constr(max_length=64, pattern=r'^[0-9A-Fa-f]+$'), Path()]
@readings_router.get("/{dev_eui}", response_model=ConsumptionResponseSchema) @readings_router.get("/{dev_eui}", response_model=ConsumptionResponseSchema)
def get_consumption( def get_consumption(
dev_eui: str, dev_eui: DevEUI,
start: Annotated[datetime, Query()], start: Annotated[datetime, Query()],
end: Annotated[datetime, Query()], end: Annotated[datetime, Query()],
granularity: Annotated[Granularity, Query()] = "day", granularity: Annotated[Granularity, Query()] = "day",