diff --git a/server/routes/detections.js b/server/routes/detections.js index a925a76..4cae094 100644 --- a/server/routes/detections.js +++ b/server/routes/detections.js @@ -52,6 +52,10 @@ router.get('/', authenticateToken, async (req, res) => { order = 'desc' } = req.query; + // Validate and sanitize pagination parameters + const validatedPage = Math.max(1, parseInt(page) || 1); + const validatedLimit = Math.min(100, Math.max(1, parseInt(limit) || 50)); + // Build where clause for filtering const whereClause = {}; @@ -81,7 +85,7 @@ router.get('/', authenticateToken, async (req, res) => { } // Calculate offset for pagination - const offset = (parseInt(page) - 1) * parseInt(limit); + const offset = (validatedPage - 1) * validatedLimit; // Query detections with device information (filtered by tenant) const detections = await DroneDetection.findAll({ @@ -93,7 +97,7 @@ router.get('/', authenticateToken, async (req, res) => { attributes: ['id', 'name', 'geo_lat', 'geo_lon', 'location_description', 'is_approved'] }], order: [[sort, order.toUpperCase()]], - limit: parseInt(limit), + limit: validatedLimit, offset: offset }); @@ -108,9 +112,9 @@ router.get('/', authenticateToken, async (req, res) => { }); // Calculate pagination info - const totalPages = Math.ceil(totalCount / parseInt(limit)); - const hasNextPage = parseInt(page) < totalPages; - const hasPrevPage = parseInt(page) > 1; + const totalPages = Math.ceil(totalCount / validatedLimit); + const hasNextPage = validatedPage < totalPages; + const hasPrevPage = validatedPage > 1; // Enhance detections with drone type information const enhancedDetections = detections.map(detection => { @@ -126,10 +130,10 @@ router.get('/', authenticateToken, async (req, res) => { data: { detections: enhancedDetections, pagination: { - currentPage: parseInt(page), + currentPage: validatedPage, totalPages, totalCount, - limit: parseInt(limit), + limit: validatedLimit, hasNextPage, hasPrevPage }