Skip to content

fix(feed_routes): add input validation, config logging, and exception handling (M7)#6309

Open
waefrebeorn wants to merge 36 commits into
Scottcjn:mainfrom
waefrebeorn:fix-m7-feed-error-handling
Open

fix(feed_routes): add input validation, config logging, and exception handling (M7)#6309
waefrebeorn wants to merge 36 commits into
Scottcjn:mainfrom
waefrebeorn:fix-m7-feed-error-handling

Conversation

@waefrebeorn
Copy link
Copy Markdown

@waefrebeorn waefrebeorn commented May 25, 2026

Summary

M7 — MED: bottube_feed_routes.py has 3 error handling gaps

Fix 1: _parse_feed_limit crashes on non-integer input

int(raw_limit) raised ValueError on ?limit=abc, crashing the endpoint with 500. Wrapped in try/except — returns default on invalid input.

  • Before: /api/feed?limit=abc → HTTP 500
  • After: /api/feed?limit=abc → uses default limit=20

Fix 2: _get_db_connection silent misconfiguration

Returns None when DB_PATH is not configured, causing silent fallback to mock data. Added logger.warning so operators can detect the issue.

Fix 3: feed_index route missing exception handling

rss_feed() and atom_feed() had outer try/except blocks, but the auto-detect feed_index() route only wrapped _parse_feed_limit_fetch_videos() could crash unhandled. Added proper try/except with logging and 500 response.

Testing

  • Syntax verified (Python AST parse)
  • All 3 fixes are defense-in-depth patterns already used elsewhere in the codebase
  • No behavioral change on valid input

RTC Wallet for bounty: RTC17c0d21f04f6f65c1a85c0aeb5d4a305d57531096

waefrebeorn added 30 commits May 25, 2026 01:16
@waefrebeorn
update battleship: add A18 + exhausted cells + PR tracking
05b4762
@waefrebeorn
battleship: add A19 (beacon_api field lengths -> PR Scottcjn#6262)
5160879
@waefrebeorn
battleship: add A20 (bridge address lengths -> PR Scottcjn#6263)
0e12446
@waefrebeorn
battleship: add A21 (airdrop field lengths -> PR Scottcjn#6264)
4b9683c
@waefrebeorn
battleship: add A22 (lock_ledger -> PR Scottcjn#6265)
f9ce59b
@waefrebeorn
battleship: add A23 (sync endpoints -> PR Scottcjn#6266)
c02eefa
@waefrebeorn
fix: cap unbounded string fields in bridge/bridge_api.py (A24)
b9388aa 
Adds max_length parameter to _clean_string_field and caps all user input
fields in POST route handlers:

- /lock: sender_wallet(128), target_wallet(128), tx_hash(128), receipt_signature(256)
- /confirm: proof_ref(256), notes(1024)
- /release: release_tx(128), notes(1024)

Prevents storage of arbitrarily large strings in bridge_ledger DB.
@waefrebeorn
docs: add A24 to BATTLESHIP_PROGRESS
2832c96
@waefrebeorn
fix: cap wallet address in faucet.py (A25)
1c9b2dc
@waefrebeorn
docs: add A25 to BATTLESHIP_PROGRESS
e8300bd
@waefrebeorn
fix: cap miner_id in sophia_api.py (A26)
914245d
@waefrebeorn
docs: add A26 to BATTLESHIP_PROGRESS
b78ae6a
@waefrebeorn
fix: cap unbounded path params in explorer (A27/A29) and p2p (A28)
7af5c79
@waefrebeorn
docs: add A27-A29 to BATTLESHIP_PROGRESS
36d0d6a
@waefrebeorn
fix: cap string fields in testnet faucet and rent-a-relic (A30-A31)
70d458d
@waefrebeorn
docs: add A30-A31 to BATTLESHIP_PROGRESS
d6060c8
@waefrebeorn
fix: cap address/search in explorer-api (A32-A33)
48ff7ce
@waefrebeorn
docs: add A32-A33 to BATTLESHIP_PROGRESS
ace2a62
@waefrebeorn
fix: cap unbounded path params in 4 route files (A34-A37)
29e80ee
@waefrebeorn
docs: add A34-A37 to BATTLESHIP_PROGRESS
fdefdd7
@waefrebeorn
fix: cap unbounded fields in contributor_registry and hall_of_rust (A…
3702de5 
…38-A39)
@waefrebeorn
docs: add A38-A39 to BATTLESHIP_PROGRESS
f182f1e
@waefrebeorn
fix: cap string fields in machine_passport_api.py (A40)
c8e41f4
@waefrebeorn
docs: add A40 to BATTLESHIP_PROGRESS
f5c9173
@waefrebeorn
fix: cap agent_name in bottube_mood_engine.py (A41)
b2a729d
@waefrebeorn
docs: add A41 to BATTLESHIP_PROGRESS
45597b8
@waefrebeorn
docs: expand grid to 400 cells, vault 56 accomplished, add Row S stub…
c6180af 
…s + Row M error handling + Row T test gaps + Row E infrastructure
@waefrebeorn
docs: S1 completed (PR Scottcjn#6286), next S2
c44b7ea
@waefrebeorn
docs: S3 done (PR Scottcjn#6287), S2 removed (false positive-tests only)
1bf19c1
@waefrebeorn
docs: mark S4-S7, S13, S17-S20 done on battleship board
f277aa2
@waefrebeorn
docs: mark S8-S12 done on battleship board
6a56b42
@waefrebeorn
docs: mark S26 done on board
208ba1e
@waefrebeorn
docs: mark S15 done
d1d68d9
@waefrebeorn
docs: mark M5 done on battleship board
e509c37
@waefrebeorn
fix(payout): fix archive path and error handling in cleanup_old_withd…
d3db86a 
…rawals (M6)

M6 - MED: payout_worker.py: cleanup_old_withdrawals file descriptor leak on archive

- Archive file now uses proper path (archives/ dir next to DB) instead of CWD-relative
- Uses .jsonl extension for append-log format
- f.flush() after each row ensures data is persisted before DB deletion
- OSError catch on file write prevents data loss: aborts without deleting DB
- Separate error handling for DB prune so inconsistency is logged but graceful
- Explicit column selection instead of SELECT * for maintainability
@waefrebeorn
fix(feed_routes): add input validation, config logging, and exception…
52cc7a6 
… handling (M7)

Three error handling gaps in bottube_feed_routes.py:

1. _parse_feed_limit: int(raw_limit) crashes with 500 on non-integer
   input like ?limit=abc. Wrapped in try/except ValueError/TypeError —
   returns default on invalid input.

2. _get_db_connection: returns None silently when DB_PATH is missing.
   Added logger.warning to make misconfiguration discoverable.

3. feed_index route: missing try/except around _fetch_videos() call.
   rss_feed and atom_feed endpoints were protected by their outer
   try/except blocks, but feed_index only wrapped _parse_feed_limit.
@github-actions github-actions Bot added documentation Improvements or additions to documentation BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related api API endpoint related size/L PR: 201-500 lines labels May 25, 2026
jaxint
jaxint approved these changes May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaxint jaxint left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Great work on this PR. 🚀

@jaxint jaxint mentioned this pull request May 25, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jaxint jaxint jaxint approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

api API endpoint related BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) documentation Improvements or additions to documentation node Node server related size/L PR: 201-500 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waefrebeorn @jaxint