chore: Assert integers validation for most numeric input values (#741)

Author: arcoraven

src/server/routes/admin/nonces.ts

@@ -27,7 +27,7 @@ export const responseBodySchema = Type.Object({
         ...AddressSchema,
         description: "Backend wallet address",
       },
-      chainId: Type.Number({
+      chainId: Type.Integer({
         description: "Chain ID",
         examples: [80002],
       }),

src/server/routes/backend-wallet/getAll.ts

@@ -1,5 +1,5 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { getAllWallets } from "../../../db/wallets/getAllWallets";
 import {
@@ -8,15 +8,17 @@ import {
 } from "../../schemas/sharedApiSchemas";
 
 const QuerySchema = Type.Object({
-  page: Type.Number({
+  page: Type.Integer({
     description: "The page of wallets to get.",
     examples: ["1"],
     default: "1",
+    minimum: 1,
   }),
-  limit: Type.Number({
+  limit: Type.Integer({
     description: "The number of wallets to get per page.",
     examples: ["10"],
     default: "10",
+    minimum: 1,
   }),
 });
 

src/server/routes/backend-wallet/getNonce.ts

@@ -1,7 +1,7 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
-import { Address } from "thirdweb";
+import type { Address } from "thirdweb";
 import { inspectNonce } from "../../../db/wallets/walletNonce";
 import { standardResponseSchema } from "../../schemas/sharedApiSchemas";
 import { walletWithAddressParamSchema } from "../../schemas/wallet";
@@ -11,7 +11,7 @@ const requestSchema = walletWithAddressParamSchema;
 
 const responseSchema = Type.Object({
   result: Type.Object({
-    nonce: Type.Number(),
+    nonce: Type.Integer(),
   }),
 });
 

src/server/routes/backend-wallet/getTransactionsByNonce.ts

@@ -1,10 +1,10 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { TransactionDB } from "../../../db/transactions/db";
 import { getNonceMap } from "../../../db/wallets/nonceMap";
 import { normalizeAddress } from "../../../utils/primitiveTypes";
-import { AnyTransaction } from "../../../utils/transaction/types";
+import type { AnyTransaction } from "../../../utils/transaction/types";
 import { standardResponseSchema } from "../../schemas/sharedApiSchemas";
 import {
   TransactionSchema,
@@ -34,7 +34,7 @@ const requestQuerySchema = Type.Object({
 const responseBodySchema = Type.Object({
   result: Type.Array(
     Type.Object({
-      nonce: Type.Number(),
+      nonce: Type.Integer(),
       // Returns the transaction details by default.
       // Falls back to the queueId if the transaction details have been pruned.
       transaction: Type.Union([TransactionSchema, Type.String()]),

src/server/routes/backend-wallet/signTransaction.ts

@@ -21,8 +21,8 @@ const requestBodySchema = Type.Object({
     gasPrice: Type.Optional(Type.String()),
     data: Type.Optional(Type.String()),
     value: Type.Optional(Type.String()),
-    chainId: Type.Optional(Type.Number()),
-    type: Type.Optional(Type.Number()),
+    chainId: Type.Optional(Type.Integer()),
+    type: Type.Optional(Type.Integer()),
     accessList: Type.Optional(Type.Any()),
     maxFeePerGas: Type.Optional(Type.String()),
     maxPriorityFeePerGas: Type.Optional(Type.String()),

src/server/routes/configuration/backend-wallet-balance/update.ts

@@ -1,16 +1,18 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { updateConfiguration } from "../../../../db/configuration/updateConfiguration";
 import { getConfig } from "../../../../utils/cache/getConfig";
+import { WeiAmountStringSchema } from "../../../schemas/number";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 import { responseBodySchema } from "./get";
 
 const requestBodySchema = Type.Partial(
   Type.Object({
-    minWalletBalance: Type.String({
+    minWalletBalance: {
+      ...WeiAmountStringSchema,
       description: "Minimum wallet balance in wei",
-    }),
+    },
   }),
 );
 

src/server/routes/configuration/cache/update.ts

@@ -5,12 +5,12 @@ import { updateConfiguration } from "../../../../db/configuration/updateConfigur
 import { getConfig } from "../../../../utils/cache/getConfig";
 import { clearCacheCron } from "../../../../utils/cron/clearCacheCron";
 import { isValidCron } from "../../../../utils/cron/isValidCron";
+import { createCustomError } from "../../../middleware/error";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 import { responseBodySchema } from "./get";
 
 const requestBodySchema = Type.Object({
   clearCacheCronSchedule: Type.String({
-    minLength: 11,
     description:
       "Cron expression for clearing cache. It should be in the format of 'ss mm hh * * *' where ss is seconds, mm is minutes and hh is hours. Seconds should not be '*' or less than 10",
     default: "*/30 * * * * *",
@@ -37,12 +37,11 @@ export async function updateCacheConfiguration(fastify: FastifyInstance) {
     handler: async (req, res) => {
       const { clearCacheCronSchedule } = req.body;
       if (isValidCron(clearCacheCronSchedule) === false) {
-        return res.status(400).send({
-          error: {
-            code: 400,
-            message: "Invalid cron expression",
-          },
-        });
+        throw createCustomError(
+          "Invalid cron expression.",
+          StatusCodes.BAD_REQUEST,
+          "INVALID_CRON",
+        );
       }
 
       await updateConfiguration({ ...req.body });

src/server/routes/configuration/contract-subscriptions/update.ts

@@ -1,5 +1,5 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { updateConfiguration } from "../../../../db/configuration/updateConfiguration";
 import { getConfig } from "../../../../utils/cache/getConfig";
@@ -10,8 +10,12 @@ import {
 } from "../../../schemas/sharedApiSchemas";
 
 const requestBodySchema = Type.Object({
-  maxBlocksToIndex: Type.Optional(Type.Number({ minimum: 1, maximum: 25 })),
-  contractSubscriptionsRequeryDelaySeconds: Type.Optional(Type.String()),
+  maxBlocksToIndex: Type.Optional(Type.Integer({ minimum: 1, maximum: 100 })),
+  contractSubscriptionsRequeryDelaySeconds: Type.Optional(
+    Type.String({
+      description: `Requery after one or more delays. Use comma-separated positive integers. Example: "2,10" means requery after 2s and 10s.`,
+    }),
+  ),
 });
 
 const responseSchema = Type.Object({
@@ -51,11 +55,14 @@ export async function updateContractSubscriptionsConfiguration(
 
       if (contractSubscriptionsRequeryDelaySeconds) {
         try {
-          contractSubscriptionsRequeryDelaySeconds.split(",").forEach((d) => {
-            if (Number.isNaN(parseInt(d))) {
-              throw "Invalid number";
+          for (const delayStr of contractSubscriptionsRequeryDelaySeconds.split(
+            ",",
+          )) {
+            const delayInt = Number.parseInt(delayStr);
+            if (Number.isNaN(delayInt) || delayInt <= 0) {
+              throw `Invalid delay value. Use comma-separated positive integers: "2,10"`;
             }
-          });
+          }
         } catch {
           throw createCustomError(
             'At least one integer "contractSubscriptionsRequeryDelaySeconds" is required',

src/server/routes/configuration/transactions/get.ts

@@ -1,20 +1,20 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { getConfig } from "../../../../utils/cache/getConfig";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 
 const responseBodySchema = Type.Object({
   result: Type.Object({
-    minTxsToProcess: Type.Number(),
-    maxTxsToProcess: Type.Number(),
+    minTxsToProcess: Type.Integer(),
+    maxTxsToProcess: Type.Integer(),
     minedTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    maxTxsToUpdate: Type.Number(),
+    maxTxsToUpdate: Type.Integer(),
     retryTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    minEllapsedBlocksBeforeRetry: Type.Number(),
+    minEllapsedBlocksBeforeRetry: Type.Integer(),
     maxFeePerGasForRetries: Type.String(),
     maxPriorityFeePerGasForRetries: Type.String(),
-    maxRetriesPerTx: Type.Number(),
+    maxRetriesPerTx: Type.Integer(),
     clearCacheCronSchedule: Type.Union([Type.String(), Type.Null()]),
   }),
 });

src/server/routes/configuration/transactions/update.ts

@@ -1,35 +1,33 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { updateConfiguration } from "../../../../db/configuration/updateConfiguration";
 import { getConfig } from "../../../../utils/cache/getConfig";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 
 const requestBodySchema = Type.Partial(
   Type.Object({
-    minTxsToProcess: Type.Number(),
-    maxTxsToProcess: Type.Number(),
+    maxTxsToProcess: Type.Integer({ minimum: 1, maximum: 10_000 }),
+    maxTxsToUpdate: Type.Integer({ minimum: 1, maximum: 10_000 }),
     minedTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    maxTxsToUpdate: Type.Number(),
     retryTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    minEllapsedBlocksBeforeRetry: Type.Number(),
+    minEllapsedBlocksBeforeRetry: Type.Integer({ minimum: 1, maximum: 10_000 }),
     maxFeePerGasForRetries: Type.String(),
-    maxPriorityFeePerGasForRetries: Type.String(),
-    maxRetriesPerTx: Type.Number(),
+    maxRetriesPerTx: Type.Integer({ minimum: 0, maximum: 10_000 }),
   }),
 );
 
 const responseBodySchema = Type.Object({
   result: Type.Object({
-    minTxsToProcess: Type.Number(),
-    maxTxsToProcess: Type.Number(),
+    minTxsToProcess: Type.Integer(),
+    maxTxsToProcess: Type.Integer(),
     minedTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    maxTxsToUpdate: Type.Number(),
+    maxTxsToUpdate: Type.Integer(),
     retryTxListenerCronSchedule: Type.Union([Type.String(), Type.Null()]),
-    minEllapsedBlocksBeforeRetry: Type.Number(),
+    minEllapsedBlocksBeforeRetry: Type.Integer(),
     maxFeePerGasForRetries: Type.String(),
     maxPriorityFeePerGasForRetries: Type.String(),
-    maxRetriesPerTx: Type.Number(),
+    maxRetriesPerTx: Type.Integer(),
   }),
 });
 

src/server/routes/contract/events/getContractEventLogs.ts

@@ -12,26 +12,26 @@ import {
 import { getChainIdFromChain } from "../../../utils/chain";
 
 const requestQuerySchema = Type.Object({
-  fromBlock: Type.Number(),
-  toBlock: Type.Optional(Type.Number()),
+  fromBlock: Type.Integer({ minimum: 0 }),
+  toBlock: Type.Optional(Type.Integer({ minimum: 0 })),
   topics: Type.Optional(Type.Array(Type.String())),
 });
 
 const responseSchema = Type.Object({
   result: Type.Object({
     logs: Type.Array(
       Type.Object({
-        chainId: Type.Number(),
+        chainId: Type.Integer(),
         contractAddress: AddressSchema,
-        blockNumber: Type.Number(),
+        blockNumber: Type.Integer(),
         transactionHash: TransactionHashSchema,
         topics: Type.Array(Type.String()),
         data: Type.String(),
         eventName: Type.Optional(Type.String()),
         decodedLog: Type.Any(),
-        timestamp: Type.Number(),
-        transactionIndex: Type.Number(),
-        logIndex: Type.Number(),
+        timestamp: Type.Integer(),
+        transactionIndex: Type.Integer(),
+        logIndex: Type.Integer(),
       }),
     ),
     status: Type.String(),

src/server/routes/contract/events/getEventLogsByTimestamp.ts

@@ -9,8 +9,8 @@ import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 const requestQuerySchema = Type.Object({
   contractAddresses: Type.Optional(Type.Array(AddressSchema)),
   topics: Type.Optional(Type.Array(Type.String())),
-  fromBlockTimestamp: Type.Number(),
-  toBlockTimestamp: Type.Optional(Type.Number()),
+  fromBlockTimestamp: Type.Integer({ minimum: 0 }),
+  toBlockTimestamp: Type.Optional(Type.Integer({ minimum: 0 })),
 });
 
 const responseSchema = Type.Object({

src/server/routes/contract/events/paginateEventLogs.ts

@@ -9,7 +9,7 @@ import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 
 const requestQuerySchema = Type.Object({
   cursor: Type.Optional(Type.String()),
-  pageSize: Type.Optional(Type.Number()),
+  pageSize: Type.Optional(Type.Integer({ minimum: 1 })),
   topics: Type.Optional(Type.Array(Type.String())),
   contractAddresses: Type.Optional(Type.Array(AddressSchema)),
 });

src/server/routes/contract/extensions/erc1155/read/getActiveClaimConditions.ts

@@ -12,7 +12,7 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUT
 const requestSchema = contractParamSchema;
 const requestQueryString = Type.Object({
-  tokenId: Type.Union([Type.String(), Type.Number()], {
+  tokenId: Type.Union([Type.String(), Type.Integer()], {
     description: "The token ID of the NFT you want to claim.",
   }),
   withAllowList: Type.Optional(

src/server/routes/contract/extensions/erc1155/read/getAll.ts

@@ -13,15 +13,15 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 const requestSchema = erc1155ContractParamSchema;
 const querystringSchema = Type.Object({
   start: Type.Optional(
-    Type.Number({
+    Type.Integer({
       description: "The start token ID for paginated results. Defaults to 0.",
-      examples: ["0"],
+      minimum: 0,
     }),
   ),
   count: Type.Optional(
-    Type.Number({
+    Type.Integer({
       description: "The page count for paginated results. Defaults to 100.",
-      examples: ["20"],
+      minimum: 1,
     }),
   ),
 });

src/server/routes/contract/extensions/erc1155/read/getAllClaimConditions.ts

@@ -12,7 +12,7 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUT
 const requestSchema = contractParamSchema;
 const requestQueryString = Type.Object({
-  tokenId: Type.Union([Type.String(), Type.Number()], {
+  tokenId: Type.Union([Type.String(), Type.Integer()], {
     description:
       "The token ID of the NFT you want to get the claim conditions for.",
   }),

src/server/routes/contract/extensions/erc1155/read/getClaimIneligibilityReasons.ts

@@ -3,6 +3,8 @@ import { ClaimEligibility } from "@thirdweb-dev/sdk";
 import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { getContract } from "../../../../../../utils/cache/getContract";
+import { AddressSchema } from "../../../../../schemas/address";
+import { NumberStringSchema } from "../../../../../schemas/number";
 import {
   contractParamSchema,
   standardResponseSchema,
@@ -12,19 +14,18 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUT
 const requestSchema = contractParamSchema;
 const requestQueryString = Type.Object({
-  tokenId: Type.Union([Type.String(), Type.Number()], {
+  tokenId: Type.Union([Type.String(), Type.Integer()], {
     description:
       "The token ID of the NFT you want to check if the wallet address can claim.",
   }),
-  quantity: Type.String({
+  quantity: {
+    ...NumberStringSchema,
     description: "The amount of tokens to claim.",
+  },
+  addressToCheck: Type.Optional({
+    ...AddressSchema,
+    description: "The wallet address to check if it can claim tokens.",
   }),
-  addressToCheck: Type.Optional(
-    Type.String({
-      description: "The wallet address to check if it can claim tokens.",
-      examples: ["0x1946267d81Fb8aDeeEa28e6B98bcD446c8248473"],
-    }),
-  ),
 });
 
 // OUTPUT

src/server/routes/contract/extensions/erc1155/read/getClaimerProofs.ts

@@ -13,7 +13,7 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUT
 const requestSchema = contractParamSchema;
 const requestQueryString = Type.Object({
-  tokenId: Type.Union([Type.String(), Type.Number()], {
+  tokenId: Type.Union([Type.String(), Type.Integer()], {
     description:
       "The token ID of the NFT you want to get the claimer proofs for.",
   }),