validate more inputs

src/main/java/com/commafeed/frontend/model/request/AddCategoryRequest.java

@@ -2,6 +2,9 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,9 +15,12 @@ import lombok.Data;
 public class AddCategoryRequest implements Serializable {
 
 	@ApiModelProperty(value = "name", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String name;
 
 	@ApiModelProperty(value = "parent category id, if any")
+	@Size(max = 128)
 	private String parentId;
 
 }

src/main/java/com/commafeed/frontend/model/request/CategoryModificationRequest.java

@@ -2,6 +2,9 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,12 +15,15 @@ import lombok.Data;
 public class CategoryModificationRequest implements Serializable {
 
 	@ApiModelProperty(value = "id", required = true)
+	@NotEmpty
 	private Long id;
 
 	@ApiModelProperty(value = "new name, null if not changed")
+	@Size(max = 128)
 	private String name;
 
 	@ApiModelProperty(value = "new parent category id")
+	@Size(max = 128)
 	private String parentId;
 
 	@ApiModelProperty(value = "new display position, null if not changed")

src/main/java/com/commafeed/frontend/model/request/FeedInfoRequest.java

@@ -2,6 +2,9 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,6 +15,8 @@ import lombok.Data;
 public class FeedInfoRequest implements Serializable {
 
 	@ApiModelProperty(value = "feed url", required = true)
+	@NotEmpty
+	@Size(max = 4096)
 	private String url;
 
 }

src/main/java/com/commafeed/frontend/model/request/FeedMergeRequest.java

@@ -1,21 +0,0 @@
-package com.commafeed.frontend.model.request;
-
-import java.io.Serializable;
-import java.util.List;
-
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
-import lombok.Data;
-
-@SuppressWarnings("serial")
-@ApiModel(description = "Feed merge Request")
-@Data
-public class FeedMergeRequest implements Serializable {
-
-	@ApiModelProperty(value = "merge into this feed", required = true)
-	private Long intoFeedId;
-
-	@ApiModelProperty(value = "id of the feeds to merge", required = true)
-	private List<Long> feedIds;
-
-}

src/main/java/com/commafeed/frontend/model/request/FeedModificationRequest.java

@@ -2,6 +2,8 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -15,15 +17,18 @@ public class FeedModificationRequest implements Serializable {
 	private Long id;
 
 	@ApiModelProperty(value = "new name, null if not changed")
+	@Size(max = 128)
 	private String name;
 
 	@ApiModelProperty(value = "new parent category id")
+	@Size(max = 128)
 	private String categoryId;
 
 	@ApiModelProperty(value = "new display position, null if not changed")
 	private Integer position;
 
 	@ApiModelProperty(value = "JEXL string evaluated on new entries to mark them as read if they do not match")
+	@Size(max = 4096)
 	private String filter;
 
 }

src/main/java/com/commafeed/frontend/model/request/LoginRequest.java

@@ -2,6 +2,9 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,8 +15,11 @@ import lombok.Data;
 public class LoginRequest implements Serializable {
 
 	@ApiModelProperty(value = "username", required = true)
+	@Size(min = 3, max = 32)
 	private String name;
 
 	@ApiModelProperty(value = "password", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String password;
 }

src/main/java/com/commafeed/frontend/model/request/MarkRequest.java

@@ -3,6 +3,9 @@ package com.commafeed.frontend.model.request;
 import java.io.Serializable;
 import java.util.List;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -13,6 +16,8 @@ import lombok.Data;
 public class MarkRequest implements Serializable {
 
 	@ApiModelProperty(value = "entry id, category id, 'all' or 'starred'", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String id;
 
 	@ApiModelProperty(value = "mark as read or unread", required = true)
@@ -24,6 +29,7 @@ public class MarkRequest implements Serializable {
 	private Long olderThan;
 
 	@ApiModelProperty(value = "only mark read if a feed has these keywords in the title or rss content", required = false)
+	@Size(max = 128)
 	private String keywords;
 
 	@ApiModelProperty(value = "if marking a category or 'all', exclude those subscriptions from the marking", required = false)

src/main/java/com/commafeed/frontend/model/request/MultipleMarkRequest.java

@@ -3,6 +3,8 @@ package com.commafeed.frontend.model.request;
 import java.io.Serializable;
 import java.util.List;
 
+import javax.validation.Valid;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -13,6 +15,6 @@ import lombok.Data;
 public class MultipleMarkRequest implements Serializable {
 
 	@ApiModelProperty(value = "list of mark requests", required = true)
-	private List<MarkRequest> requests;
+	private List<@Valid MarkRequest> requests;
 
 }

src/main/java/com/commafeed/frontend/model/request/PasswordResetRequest.java

@@ -4,6 +4,7 @@ import java.io.Serializable;
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
 
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
@@ -17,5 +18,6 @@ public class PasswordResetRequest implements Serializable {
 	@ApiModelProperty(value = "email address for password recovery", required = true)
 	@Email
 	@NotEmpty
+	@Size(max = 255)
 	private String email;
 }

src/main/java/com/commafeed/frontend/model/request/ProfileModificationRequest.java

@@ -2,6 +2,9 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import com.commafeed.frontend.auth.ValidPassword;
 
 import io.swagger.annotations.ApiModel;
@@ -13,9 +16,12 @@ import lombok.Data;
 @Data
 public class ProfileModificationRequest implements Serializable {
 	@ApiModelProperty(value = "current user password, required to change profile data", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String currentPassword;
 
 	@ApiModelProperty(value = "changes email of the user, if specified")
+	@Size(max = 255)
 	private String email;
 
 	@ApiModelProperty(value = "changes password of the user, if specified")

src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java

@@ -4,8 +4,7 @@ import java.io.Serializable;
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
-
-import org.hibernate.validator.constraints.Length;
+import javax.validation.constraints.Size;
 
 import com.commafeed.frontend.auth.ValidPassword;
 
@@ -19,18 +18,19 @@ import lombok.Data;
 public class RegistrationRequest implements Serializable {
 
 	@ApiModelProperty(value = "username, between 3 and 32 characters", required = true)
-	@Length(min = 3, max = 32)
 	@NotEmpty
+	@Size(min = 3, max = 32)
 	private String name;
 
 	@ApiModelProperty(value = "password, minimum 6 characters", required = true)
-	@ValidPassword
 	@NotEmpty
+	@ValidPassword
 	private String password;
 
 	@ApiModelProperty(value = "email address for password recovery", required = true)
 	@Email
 	@NotEmpty
+	@Size(max = 255)
 	private String email;
 
 }

src/main/java/com/commafeed/frontend/model/request/StarRequest.java

@@ -2,6 +2,9 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,6 +15,8 @@ import lombok.Data;
 public class StarRequest implements Serializable {
 
 	@ApiModelProperty(value = "id", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String id;
 
 	@ApiModelProperty(value = "feed id", required = true)

src/main/java/com/commafeed/frontend/model/request/SubscribeRequest.java

@@ -2,6 +2,9 @@ package com.commafeed.frontend.model.request;
 
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@@ -12,12 +15,17 @@ import lombok.Data;
 public class SubscribeRequest implements Serializable {
 
 	@ApiModelProperty(value = "url of the feed", required = true)
+	@NotEmpty
+	@Size(max = 4096)
 	private String url;
 
 	@ApiModelProperty(value = "name of the feed for the user", required = true)
+	@NotEmpty
+	@Size(max = 128)
 	private String title;
 
 	@ApiModelProperty(value = "id of the user category to place the feed in")
+	@Size(max = 128)
 	private String categoryId;
 
 }

src/main/java/com/commafeed/frontend/resource/CategoryREST.java

@@ -14,6 +14,7 @@ import java.util.stream.Collectors;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
@@ -244,7 +245,7 @@ public class CategoryREST {
 	@ApiOperation(value = "Mark category entries", notes = "Mark feed entries of this category as read")
 	@Timed
 	public Response markCategoryEntries(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "category id, or 'all'", required = true) MarkRequest req) {
+			@Valid @ApiParam(value = "category id, or 'all'", required = true) MarkRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 
@@ -285,7 +286,8 @@ public class CategoryREST {
 	@UnitOfWork
 	@ApiOperation(value = "Add a category", notes = "Add a new feed category", response = Long.class)
 	@Timed
-	public Response addCategory(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) AddCategoryRequest req) {
+	public Response addCategory(@ApiParam(hidden = true) @SecurityCheck User user,
+			@Valid @ApiParam(required = true) AddCategoryRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getName());
 
@@ -343,7 +345,7 @@ public class CategoryREST {
 	@ApiOperation(value = "Rename a category", notes = "Rename an existing feed category")
 	@Timed
 	public Response modifyCategory(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(required = true) CategoryModificationRequest req) {
+			@Valid @ApiParam(required = true) CategoryModificationRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 

src/main/java/com/commafeed/frontend/resource/EntryREST.java

@@ -4,6 +4,7 @@ import java.util.List;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -48,7 +49,7 @@ public class EntryREST {
 	@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
 	@Timed
 	public Response markEntry(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Mark Request", required = true) MarkRequest req) {
+			@Valid @ApiParam(value = "Mark Request", required = true) MarkRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 
@@ -62,7 +63,7 @@ public class EntryREST {
 	@ApiOperation(value = "Mark multiple feed entries", notes = "Mark feed entries as read/unread")
 	@Timed
 	public Response markEntries(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Multiple Mark Request", required = true) MultipleMarkRequest req) {
+			@Valid @ApiParam(value = "Multiple Mark Request", required = true) MultipleMarkRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getRequests());
 
@@ -79,7 +80,7 @@ public class EntryREST {
 	@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
 	@Timed
 	public Response starEntry(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Star Request", required = true) StarRequest req) {
+			@Valid @ApiParam(value = "Star Request", required = true) StarRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 		Preconditions.checkNotNull(req.getFeedId());
@@ -105,7 +106,7 @@ public class EntryREST {
 	@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
 	@Timed
 	public Response tagEntry(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Tag Request", required = true) TagRequest req) {
+			@Valid @ApiParam(value = "Tag Request", required = true) TagRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getEntryId());
 

src/main/java/com/commafeed/frontend/resource/FeedREST.java

@@ -14,6 +14,7 @@ import java.util.stream.Collectors;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
@@ -263,7 +264,7 @@ public class FeedREST {
 	@ApiOperation(value = "Fetch a feed", notes = "Fetch a feed by its url", response = FeedInfo.class)
 	@Timed
 	public Response fetchFeed(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "feed url", required = true) FeedInfoRequest req) {
+			@Valid @ApiParam(value = "feed url", required = true) FeedInfoRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getUrl());
 
@@ -315,7 +316,7 @@ public class FeedREST {
 	@ApiOperation(value = "Mark feed entries", notes = "Mark feed entries as read (unread is not supported)")
 	@Timed
 	public Response markFeedEntries(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "Mark request", required = true) MarkRequest req) {
+			@Valid @ApiParam(value = "Mark request", required = true) MarkRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 
@@ -384,7 +385,7 @@ public class FeedREST {
 	@ApiOperation(value = "Subscribe to a feed", notes = "Subscribe to a feed")
 	@Timed
 	public Response subscribe(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "subscription request", required = true) SubscribeRequest req) {
+			@Valid @ApiParam(value = "subscription request", required = true) SubscribeRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getTitle());
 		Preconditions.checkNotNull(req.getUrl());
@@ -458,7 +459,7 @@ public class FeedREST {
 	@ApiOperation(value = "Modify a subscription", notes = "Modify a feed subscription")
 	@Timed
 	public Response modifyFeed(@ApiParam(hidden = true) @SecurityCheck User user,
-			@ApiParam(value = "subscription id", required = true) FeedModificationRequest req) {
+			@Valid @ApiParam(value = "subscription id", required = true) FeedModificationRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getId());
 

src/main/java/com/commafeed/frontend/resource/UserREST.java

@@ -251,7 +251,8 @@ public class UserREST {
 	@UnitOfWork
 	@ApiOperation(value = "Login and create a session")
 	@Timed
-	public Response login(@ApiParam(required = true) LoginRequest req, @ApiParam(hidden = true) @Context SessionHelper sessionHelper) {
+	public Response login(@Valid @ApiParam(required = true) LoginRequest req,
+			@ApiParam(hidden = true) @Context SessionHelper sessionHelper) {
 		Optional<User> user = userService.login(req.getName(), req.getPassword());
 		if (user.isPresent()) {
 			sessionHelper.setLoggedInUser(user.get());