internal/api/harden.go

// Package api provides HTTP handlers for camera operations.
package api

import (
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"strings"
)

// maxRequestBody is the maximum accepted JSON body size (64KB).
const maxRequestBody = 64 * 1024

// APIError represents a structured API error response.
type APIError struct {
	Error   string `json:"error"`
	Code    int    `json:"code"`
	Details string `json:"details,omitempty"`
}

// validationConstraints defines field-level validation limits.
const (
	maxCameraIDLen     = 64
	maxFriendlyNameLen = 128
	maxModeLen         = 32
	maxResolutionLen   = 32
	minFPS             = 0
	maxFPS             = 240
)

// respondError writes a structured JSON error response.
func respondError(w http.ResponseWriter, status int, msg string, details ...string) {
	w.Header().Set("Content-Type", "application/json")
	w.WriteHeader(status)
	e := APIError{
		Error: msg,
		Code:  status,
	}
	if len(details) > 0 {
		e.Details = details[0]
	}
	json.NewEncoder(w).Encode(e)
}

// decodeJSONBody reads, limits, and decodes a JSON request body.
// Returns false if validation fails (response already written).
func decodeJSONBody(w http.ResponseWriter, r *http.Request, v interface{}) bool {
	// Validate Content-Type
	ct := r.Header.Get("Content-Type")
	if ct != "" && !strings.HasPrefix(ct, "application/json") {
		respondError(w, http.StatusUnsupportedMediaType, "content-type must be application/json")
		return false
	}

	// Limit body size
	r.Body = http.MaxBytesReader(w, r.Body, maxRequestBody)

	body, err := io.ReadAll(r.Body)
	if err != nil {
		respondError(w, http.StatusBadRequest, "request body too large or unreadable", err.Error())
		return false
	}

	if err := json.Unmarshal(body, v); err != nil {
		respondError(w, http.StatusBadRequest, "invalid request body", err.Error())
		return false
	}
	return true
}

// validateCameraID checks that cameraID is present and within max length.
func validateCameraID(w http.ResponseWriter, cameraID string) bool {
	if cameraID == "" {
		respondError(w, http.StatusBadRequest, "camera_id is required")
		return false
	}
	if len(cameraID) > maxCameraIDLen {
		respondError(w, http.StatusBadRequest, fmt.Sprintf("camera_id must be at most %d characters", maxCameraIDLen))
		return false
	}
	return true
}

// validateCameraRegistration validates fields for POST /cameras.
func validateCameraRegistration(w http.ResponseWriter, cameraID, friendlyName string) bool {
	if !validateCameraID(w, cameraID) {
		return false
	}
	if friendlyName == "" {
		respondError(w, http.StatusBadRequest, "friendly_name is required")
		return false
	}
	if len(friendlyName) > maxFriendlyNameLen {
		respondError(w, http.StatusBadRequest, fmt.Sprintf("friendly_name must be at most %d characters", maxFriendlyNameLen))
		return false
	}
	return true
}

// validateStatusFields validates optional fields on the PushStatus payload.
func validateStatusFields(w http.ResponseWriter, mode, resolution string, fps int) bool {
	if mode != "" && len(mode) > maxModeLen {
		respondError(w, http.StatusBadRequest, fmt.Sprintf("mode must be at most %d characters", maxModeLen))
		return false
	}
	if resolution != "" && len(resolution) > maxResolutionLen {
		respondError(w, http.StatusBadRequest, fmt.Sprintf("resolution must be at most %d characters", maxResolutionLen))
		return false
	}
	if fps < minFPS || fps > maxFPS {
		respondError(w, http.StatusBadRequest, fmt.Sprintf("fps must be between %d and %d", minFPS, maxFPS))
		return false
	}
	return true
}
fix: harden camera API endpoints (CUB-234) 2026-05-23 08:50:21 -04:00			`// Package api provides HTTP handlers for camera operations.`
			`package api`

			`import (`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"net/http"`
			`"strings"`
			`)`

			`// maxRequestBody is the maximum accepted JSON body size (64KB).`
			`const maxRequestBody = 64 * 1024`

			`// APIError represents a structured API error response.`
			`type APIError struct {`
			Error string `json:"error"`
			Code int `json:"code"`
			Details string `json:"details,omitempty"`
			`}`

			`// validationConstraints defines field-level validation limits.`
			`const (`
			`maxCameraIDLen = 64`
			`maxFriendlyNameLen = 128`
			`maxModeLen = 32`
			`maxResolutionLen = 32`
			`minFPS = 0`
			`maxFPS = 240`
			`)`

			`// respondError writes a structured JSON error response.`
			`func respondError(w http.ResponseWriter, status int, msg string, details ...string) {`
			`w.Header().Set("Content-Type", "application/json")`
			`w.WriteHeader(status)`
			`e := APIError{`
			`Error: msg,`
			`Code: status,`
			`}`
			`if len(details) > 0 {`
			`e.Details = details[0]`
			`}`
			`json.NewEncoder(w).Encode(e)`
			`}`

			`// decodeJSONBody reads, limits, and decodes a JSON request body.`
			`// Returns false if validation fails (response already written).`
			`func decodeJSONBody(w http.ResponseWriter, r *http.Request, v interface{}) bool {`
			`// Validate Content-Type`
			`ct := r.Header.Get("Content-Type")`
			`if ct != "" && !strings.HasPrefix(ct, "application/json") {`
			`respondError(w, http.StatusUnsupportedMediaType, "content-type must be application/json")`
			`return false`
			`}`

			`// Limit body size`
			`r.Body = http.MaxBytesReader(w, r.Body, maxRequestBody)`

			`body, err := io.ReadAll(r.Body)`
			`if err != nil {`
			`respondError(w, http.StatusBadRequest, "request body too large or unreadable", err.Error())`
			`return false`
			`}`

			`if err := json.Unmarshal(body, v); err != nil {`
			`respondError(w, http.StatusBadRequest, "invalid request body", err.Error())`
			`return false`
			`}`
			`return true`
			`}`

			`// validateCameraID checks that cameraID is present and within max length.`
			`func validateCameraID(w http.ResponseWriter, cameraID string) bool {`
			`if cameraID == "" {`
			`respondError(w, http.StatusBadRequest, "camera_id is required")`
			`return false`
			`}`
			`if len(cameraID) > maxCameraIDLen {`
			`respondError(w, http.StatusBadRequest, fmt.Sprintf("camera_id must be at most %d characters", maxCameraIDLen))`
			`return false`
			`}`
			`return true`
			`}`

			`// validateCameraRegistration validates fields for POST /cameras.`
			`func validateCameraRegistration(w http.ResponseWriter, cameraID, friendlyName string) bool {`
			`if !validateCameraID(w, cameraID) {`
			`return false`
			`}`
			`if friendlyName == "" {`
			`respondError(w, http.StatusBadRequest, "friendly_name is required")`
			`return false`
			`}`
			`if len(friendlyName) > maxFriendlyNameLen {`
			`respondError(w, http.StatusBadRequest, fmt.Sprintf("friendly_name must be at most %d characters", maxFriendlyNameLen))`
			`return false`
			`}`
			`return true`
			`}`

			`// validateStatusFields validates optional fields on the PushStatus payload.`
			`func validateStatusFields(w http.ResponseWriter, mode, resolution string, fps int) bool {`
			`if mode != "" && len(mode) > maxModeLen {`
			`respondError(w, http.StatusBadRequest, fmt.Sprintf("mode must be at most %d characters", maxModeLen))`
			`return false`
			`}`
			`if resolution != "" && len(resolution) > maxResolutionLen {`
			`respondError(w, http.StatusBadRequest, fmt.Sprintf("resolution must be at most %d characters", maxResolutionLen))`
			`return false`
			`}`
			`if fps < minFPS \|\| fps > maxFPS {`
			`respondError(w, http.StatusBadRequest, fmt.Sprintf("fps must be between %d and %d", minFPS, maxFPS))`
			`return false`
			`}`
			`return true`
			`}`