From a984bcb06172d0d5d5f0074799145cb77f3bbefb Mon Sep 17 00:00:00 2001
From: walker-16 <agpazos85@gmail.com>
Date: Thu, 8 Feb 2024 10:54:55 -0300
Subject: [PATCH] Add pageSize max value to 1000 in api (#1111)

Co-authored-by: ftocal fert1335@gmail.com
---
 api/routes/wormscan/address/controller.go     |  6 +++
 api/routes/wormscan/governor/controller.go    | 49 +++++++++++++++++++
 .../wormscan/observations/controller.go       | 21 ++++++++
 .../wormscan/transactions/controller.go       |  6 +++
 api/routes/wormscan/vaa/controller.go         | 16 ++++++
 5 files changed, 98 insertions(+)

diff --git a/api/routes/wormscan/address/controller.go b/api/routes/wormscan/address/controller.go
index c341331e..1adff48d 100644
--- a/api/routes/wormscan/address/controller.go
+++ b/api/routes/wormscan/address/controller.go
@@ -5,6 +5,7 @@ import (
 	"github.com/wormhole-foundation/wormhole-explorer/api/handlers/address"
 	"github.com/wormhole-foundation/wormhole-explorer/api/internal/errors"
 	"github.com/wormhole-foundation/wormhole-explorer/api/middleware" // required by swaggo
+	"github.com/wormhole-foundation/wormhole-explorer/api/response"
 	_ "github.com/wormhole-foundation/wormhole-explorer/api/response" // required by swaggo
 	"go.uber.org/zap"
 )
@@ -45,6 +46,11 @@ func (c *Controller) FindById(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if pagination.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	response, err := c.srv.GetAddressOverview(ctx.Context(), address, pagination)
 	if err != nil {
 		return err
diff --git a/api/routes/wormscan/governor/controller.go b/api/routes/wormscan/governor/controller.go
index edea4e79..97484dc4 100644
--- a/api/routes/wormscan/governor/controller.go
+++ b/api/routes/wormscan/governor/controller.go
@@ -40,6 +40,11 @@ func (c *Controller) FindGovernorConfigurations(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	governorConfigs, err := c.srv.FindGovernorConfig(ctx.Context(), p)
 	if err != nil {
 		return err
@@ -97,6 +102,11 @@ func (c *Controller) FindGovernorStatus(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	governorStatus, err := c.srv.FindGovernorStatus(ctx.Context(), p)
 	if err != nil {
 		return err
@@ -122,6 +132,11 @@ func (c *Controller) FindGovernorStatusByGuardianAddress(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	guardianAddress, err := middleware.ExtractGuardianAddress(ctx, c.logger)
 	if err != nil {
 		return err
@@ -152,6 +167,11 @@ func (c *Controller) GetGovernorLimit(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	governorLimit, err := c.srv.GetGovernorLimit(ctx.Context(), p)
 	if err != nil {
 		return err
@@ -177,6 +197,11 @@ func (c *Controller) FindNotionalLimit(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	notionalLimit, err := c.srv.FindNotionalLimit(ctx.Context(), p)
 	if err != nil {
 		return err
@@ -202,6 +227,11 @@ func (c *Controller) GetNotionalLimitByChainID(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	chainID, err := middleware.ExtractChainID(ctx, c.logger)
 	if err != nil {
 		return err
@@ -233,6 +263,11 @@ func (c *Controller) GetAvailableNotional(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	notionalAvaialabilies, err := c.srv.GetAvailableNotional(ctx.Context(), p)
 	if err != nil {
 		return err
@@ -258,6 +293,11 @@ func (c *Controller) GetAvailableNotionalByChainID(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	chainID, err := middleware.ExtractChainID(ctx, c.logger)
 	if err != nil {
 		return err
@@ -312,6 +352,11 @@ func (c *Controller) GetEnqueuedVaas(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	enqueuedVaas, err := c.srv.GetEnqueueVass(ctx.Context(), p)
 	if err != nil {
 		return err
@@ -338,6 +383,10 @@ func (c *Controller) GetEnqueuedVaasByChainID(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
 	chainID, err := middleware.ExtractChainID(ctx, c.logger)
 	if err != nil {
 		return err
diff --git a/api/routes/wormscan/observations/controller.go b/api/routes/wormscan/observations/controller.go
index 56c72857..0bdb7b3c 100644
--- a/api/routes/wormscan/observations/controller.go
+++ b/api/routes/wormscan/observations/controller.go
@@ -7,6 +7,7 @@ import (
 	"github.com/gofiber/fiber/v2"
 	"github.com/wormhole-foundation/wormhole-explorer/api/handlers/observations"
 	"github.com/wormhole-foundation/wormhole-explorer/api/middleware"
+	"github.com/wormhole-foundation/wormhole-explorer/api/response"
 	"go.uber.org/zap"
 )
 
@@ -42,6 +43,11 @@ func (c *Controller) FindAll(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	obs, err := c.srv.FindAll(ctx.Context(), p)
 	if err != nil {
 		return err
@@ -68,6 +74,11 @@ func (c *Controller) FindAllByChain(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	chainID, err := middleware.ExtractChainID(ctx, c.logger)
 	if err != nil {
 		return err
@@ -99,6 +110,11 @@ func (c *Controller) FindAllByEmitter(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	chainID, addr, err := middleware.ExtractVAAChainIDEmitter(ctx, c.logger)
 	if err != nil {
 		return err
@@ -130,6 +146,11 @@ func (c *Controller) FindAllByVAA(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	chainID, addr, seq, err := middleware.ExtractVAAParams(ctx, c.logger)
 	if err != nil {
 		return err
diff --git a/api/routes/wormscan/transactions/controller.go b/api/routes/wormscan/transactions/controller.go
index b541c38e..06390eba 100644
--- a/api/routes/wormscan/transactions/controller.go
+++ b/api/routes/wormscan/transactions/controller.go
@@ -8,6 +8,7 @@ import (
 	"github.com/wormhole-foundation/wormhole-explorer/api/handlers/transactions"
 	"github.com/wormhole-foundation/wormhole-explorer/api/internal/errors"
 	"github.com/wormhole-foundation/wormhole-explorer/api/middleware"
+	"github.com/wormhole-foundation/wormhole-explorer/api/response"
 	"github.com/wormhole-foundation/wormhole-explorer/common/domain"
 	sdk "github.com/wormhole-foundation/wormhole/sdk/vaa"
 	"go.uber.org/zap"
@@ -370,6 +371,11 @@ func (c *Controller) ListTransactions(ctx *fiber.Ctx) error {
 	}
 	address := middleware.ExtractAddressFromQueryParams(ctx, c.logger)
 
+	// Check pagination max limit
+	if pagination.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	// Query transactions from the database
 	var dtos []transactions.TransactionDto
 	if address != "" {
diff --git a/api/routes/wormscan/vaa/controller.go b/api/routes/wormscan/vaa/controller.go
index 89bb9e87..4ddd7104 100644
--- a/api/routes/wormscan/vaa/controller.go
+++ b/api/routes/wormscan/vaa/controller.go
@@ -46,6 +46,11 @@ func (c *Controller) FindAll(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if pagination.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	txHash, err := middleware.GetTxHash(ctx, c.logger)
 	if err != nil {
 		return err
@@ -93,6 +98,11 @@ func (c *Controller) FindByChain(ctx *fiber.Ctx) error {
 		return err
 	}
 
+	// Check pagination max limit
+	if p.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	chainID, err := middleware.ExtractChainID(ctx, c.logger)
 	if err != nil {
 		return err
@@ -127,6 +137,12 @@ func (c *Controller) FindByEmitter(ctx *fiber.Ctx) error {
 	if err != nil {
 		return err
 	}
+
+	// Check pagination max limit
+	if pagination.Limit > 1000 {
+		return response.NewInvalidParamError(ctx, "pageSize cannot be greater than 1000", nil)
+	}
+
 	chainID, emitter, err := middleware.ExtractVAAChainIDEmitter(ctx, c.logger)
 	if err != nil {
 		return err