From 201297f4c1470f3437b8e15bba2c4ec6222b4508 Mon Sep 17 00:00:00 2001
From: shockrah <alejandros714@protonmail.com>
Date: Sat, 12 Dec 2020 13:51:43 -0800
Subject: [PATCH] Checking for valid `channel.kind` on /channels/create

---
 server-api/src/channels.rs | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/server-api/src/channels.rs b/server-api/src/channels.rs
index d27ed2a..08efe93 100644
--- a/server-api/src/channels.rs
+++ b/server-api/src/channels.rs
@@ -49,21 +49,27 @@ pub async fn create_channel(pool: &Pool, response: &mut Response<Body>, params:
 
     match req_params {
         (Some(name), Some(desc), Some(kind)) => {
-            // Send the data up to the db, then return the new channel back to the user(?)
-            match db::channels::Channel::add(pool, name, desc, kind.try_into().unwrap()).await {
-                db::Response::Row(row) => {
-                    response.headers_mut().insert("Content-Type",
-                        HeaderValue::from_static("application/json"));
-                    
-                    *response.body_mut() = Body::from(to_string(&row).unwrap_or("{}".into()));
-                },
-                db::Response::Empty => *response.status_mut() = StatusCode::NOT_FOUND,
-                // TODO: loggin
-                db::Response::Other(msg) => {
-                    *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
-                    eprintln!("\t{}", msg);
+            use db::channels::{TEXT_CHANNEL, VOICE_CHANNEL};
+            if kind < VOICE_CHANNEL as i64 || kind > TEXT_CHANNEL as i64 {
+                *response.status_mut() = StatusCode::BAD_REQUEST; // restriciting to 1|2 for valid channel kinds
+            }
+            else {
+                // Send the data up to the db, then return the new channel back to the user(?)
+                match db::channels::Channel::add(pool, name, desc, kind.try_into().unwrap()).await {
+                    db::Response::Row(row) => {
+                        response.headers_mut().insert("Content-Type",
+                            HeaderValue::from_static("application/json"));
+                        
+                        *response.body_mut() = Body::from(to_string(&row).unwrap_or("{}".into()));
+                    },
+                    db::Response::Empty => *response.status_mut() = StatusCode::NOT_FOUND,
+                    // TODO: loggin
+                    db::Response::Other(msg) => {
+                        *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
+                        eprintln!("\t{}", msg);
+                    }
+                    _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR
                 }
-                _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR
             }
         },
         // basically one of the parameter gets failed so we bail on all of this