From dc357d8b5a034991e3a5bac250181e895d9177cf Mon Sep 17 00:00:00 2001
From: ringsaturn <ringsaturn.me@gmail.com>
Date: Wed, 15 Nov 2023 23:43:16 +0800
Subject: [PATCH] fix param validation

---
 internal/handler/api.go | 14 +++++++-------
 internal/handler/web.go |  8 ++++----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/internal/handler/api.go b/internal/handler/api.go
index dfe547b..e6303c2 100644
--- a/internal/handler/api.go
+++ b/internal/handler/api.go
@@ -9,8 +9,8 @@ import (
 )
 
 type LocationRequest struct {
-	Lng float64 `query:"lng"`
-	Lat float64 `query:"lat"`
+	Lng float64 `query:"lng" vd:"$>=-180 && $<=180"`
+	Lat float64 `query:"lat" vd:"$>=-90 && $<=90"`
 }
 
 type GetTimezoneNameResponse struct {
@@ -21,9 +21,9 @@ type GetTimezoneNameResponse struct {
 
 func GetTimezoneName(ctx context.Context, c *app.RequestContext) {
 	req := &LocationRequest{}
-	err := c.Bind(req)
+	err := c.BindAndValidate(req)
 	if err != nil {
-		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": c.Request.RequestURI})
+		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": string(c.Request.RequestURI())})
 		return
 	}
 	timezone := finder.GetTimezoneName(req.Lng, req.Lat)
@@ -44,9 +44,9 @@ type GetTimezoneNamesResponse struct {
 
 func GetTimezoneNames(ctx context.Context, c *app.RequestContext) {
 	req := &LocationRequest{}
-	err := c.Bind(req)
+	err := c.BindAndValidate(req)
 	if err != nil {
-		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": c.Request.RequestURI})
+		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": string(c.Request.RequestURI())})
 		return
 	}
 	timezones, err := finder.GetTimezoneNames(req.Lng, req.Lat)
@@ -85,7 +85,7 @@ type GetTimezoneInfoRequest struct {
 
 func GetTimezoneShape(ctx context.Context, c *app.RequestContext) {
 	req := &GetTimezoneInfoRequest{}
-	err := c.Bind(req)
+	err := c.BindAndValidate(req)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, utils.H{"err": err.Error()})
 		return
diff --git a/internal/handler/web.go b/internal/handler/web.go
index 0cc3f72..366463e 100644
--- a/internal/handler/web.go
+++ b/internal/handler/web.go
@@ -21,8 +21,8 @@ type GetTimezoneInfoPageResponse struct {
 
 func GetTimezoneInfoPage(ctx context.Context, c *app.RequestContext) {
 	req := &GetTimezoneInfoRequest{}
-	if err := c.Bind(req); err != nil {
-		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": c.Request.RequestURI})
+	if err := c.BindAndValidate(req); err != nil {
+		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": string(c.Request.RequestURI())})
 		return
 	}
 
@@ -47,7 +47,7 @@ func GetTimezoneInfoPage(ctx context.Context, c *app.RequestContext) {
 
 func GetTimezonesInfoPage(ctx context.Context, c *app.RequestContext) {
 	req := &LocationRequest{}
-	err := c.Bind(req)
+	err := c.BindAndValidate(req)
 	if err != nil {
 		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": string(c.Request.RequestURI())})
 		return
@@ -97,7 +97,7 @@ func GetAllSupportTimezoneNamesPage(ctx context.Context, c *app.RequestContext)
 // Render GeoJSON on web
 func GetGeoJSONViewerForTimezone(ctx context.Context, c *app.RequestContext) {
 	req := &GetTimezoneInfoRequest{}
-	if err := c.Bind(req); err != nil {
+	if err := c.BindAndValidate(req); err != nil {
 		c.JSON(http.StatusUnprocessableEntity, utils.H{"err": err.Error(), "uri": string(c.Request.RequestURI())})
 		return
 	}