Add controller parameters violation

Author: satiracode

build.gradle

@@ -22,6 +22,7 @@ repositories {
 dependencies {
     implementation 'io.quarkiverse.loggingsentry:quarkus-logging-sentry:2.1.3'
     implementation enforcedPlatform("${quarkusPlatformGroupId}:${quarkusPlatformArtifactId}:${quarkusPlatformVersion}")
+    implementation("io.quarkus:quarkus-hibernate-validator")
     implementation 'io.quarkus:quarkus-rest'
     implementation 'io.quarkus:quarkus-rest-jackson'
     implementation 'io.quarkus:quarkus-config-yaml'

src/main/kotlin/org/exploit/keeper/component/JacksonCustomizer.kt

@@ -42,6 +42,7 @@ class JacksonCustomizer: ObjectMapperCustomizer {
             if (value.signum() < 0) {
                 hex = "-$hex"
             }
+
             gen.writeString(hex)
         }
 

src/main/kotlin/org/exploit/keeper/component/exception/ConstrainValidationException.kt

@@ -0,0 +1,14 @@
+package org.exploit.keeper.component.exception
+
+import jakarta.validation.ConstraintViolationException
+import jakarta.ws.rs.core.Response
+import jakarta.ws.rs.ext.ExceptionMapper
+import jakarta.ws.rs.ext.Provider
+
+@Provider
+class ConstrainValidationException: ExceptionMapper<ConstraintViolationException> {
+    override fun toResponse(p0: ConstraintViolationException): Response {
+        return Response.status(Response.Status.BAD_REQUEST)
+            .build()
+    }
+}

src/main/kotlin/org/exploit/keeper/controller/keeper/CentralController.kt

@@ -1,7 +1,7 @@
 package org.exploit.keeper.controller.keeper
 
-import io.smallrye.common.constraint.NotNull
 import io.smallrye.mutiny.Uni
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.GET
 import jakarta.ws.rs.Path
 import jakarta.ws.rs.QueryParam

src/main/kotlin/org/exploit/keeper/controller/keeper/KeyGenController.kt

@@ -1,6 +1,7 @@
 package org.exploit.keeper.controller.keeper
 
 import io.smallrye.mutiny.Uni
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.POST
 import jakarta.ws.rs.Path
 import jakarta.ws.rs.container.ContainerRequestContext
@@ -18,7 +19,7 @@ class KeyGenController(
 ) {
     @POST
     @Path("/generate")
-    fun generate(body: Generate): Uni<Void> {
+    fun generate(@NotNull body: Generate): Uni<Void> {
         policyChecker.ensureHasPermission(ctx, Permission.generateKey())
 
         return dkg.generateKey(

src/main/kotlin/org/exploit/keeper/controller/keeper/SignatureController.kt

@@ -2,6 +2,7 @@ package org.exploit.keeper.controller.keeper
 
 import io.quarkus.arc.All
 import io.smallrye.mutiny.Uni
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.BadRequestException
 import jakarta.ws.rs.POST
 import jakarta.ws.rs.Path
@@ -31,7 +32,7 @@ class SignatureController(
 ) {
     @POST
     @Path("/sign")
-    fun sign(body: Sign): Uni<TSSResult> {
+    fun sign(@NotNull body: Sign): Uni<TSSResult> {
         policyChecker.ensureHasPermission(ctx, Permission.keySign(body.keyId))
 
         if (!keeper.initialized() || keeper.sealed())
@@ -45,7 +46,7 @@ class SignatureController(
 
     @POST
     @Path("/sign/verify")
-    fun verify(body: Verify): Uni<VerifyResult> {
+    fun verify(@NotNull body: Verify): Uni<VerifyResult> {
         policyChecker.ensureHasPermission(ctx, Permission.keyVerify(body.keyId))
 
         if (!keeper.initialized() || keeper.sealed())

src/main/kotlin/org/exploit/keeper/controller/keeper/StorageController.kt

@@ -1,5 +1,6 @@
 package org.exploit.keeper.controller.keeper
 
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.Path
 import jakarta.ws.rs.container.ContainerRequestContext
 import org.exploit.keeper.constant.Permission
@@ -16,7 +17,7 @@ class StorageController(
 ) {
     @Path("/store")
     @ResponseStatus(204)
-    fun store(body: Store) {
+    fun store(@NotNull body: Store) {
         policyChecker.ensureHasPermission(ctx, Permission.storageWrite())
         storage.store(body)
     }

src/main/kotlin/org/exploit/keeper/controller/keeper/SystemController.kt

@@ -1,5 +1,6 @@
 package org.exploit.keeper.controller.keeper
 
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.*
 import jakarta.ws.rs.container.ContainerRequestContext
 import org.exploit.keeper.constant.Permission
@@ -32,7 +33,7 @@ class SystemController(
 
     @PUT
     @Path("/unseal")
-    fun unseal(req: Unseal): Progress {
+    fun unseal(@NotNull req: Unseal): Progress {
         policyChecker.ensureHasPermission(ctx, Permission.systemUnseal())
 
         val payloads = buildList {

src/main/kotlin/org/exploit/keeper/controller/key/PublicKeyController.kt

@@ -1,5 +1,6 @@
 package org.exploit.keeper.controller.key
 
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.GET
 import jakarta.ws.rs.Path
 import org.exploit.keeper.extension.toBase64
@@ -10,6 +11,6 @@ import org.exploit.keeper.service.pub.share.PublicKeyShareCalculator
 class PublicKeyController(private val pubShare: PublicKeyShareCalculator) {
     @GET
     @Path("/{keyId}")
-    fun getPublicKey(keyId: String): PublicKeyDto =
+    fun getPublicKey(@NotNull keyId: String): PublicKeyDto =
         PublicKeyDto(pubShare.pubKeyShare(keyId).share.encode(true).toBase64())
 }

src/main/kotlin/org/exploit/keeper/controller/keygen/SystemKeyGenController.kt

@@ -1,6 +1,7 @@
 package org.exploit.keeper.controller.keygen
 
 import io.smallrye.mutiny.Uni
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.*
 import org.exploit.keeper.api.auth.KeeperAuthenticator
 import org.exploit.keeper.constant.CurveName
@@ -18,27 +19,27 @@ class SystemKeyGenController(
     @POST
     @Path("/init")
     fun init(
-        @QueryParam("keyId") keyId: String,
-        @QueryParam("curve") curve: CurveName,
-        @QueryParam("overwrite") overwrite: Boolean
+        @NotNull @QueryParam("keyId") keyId: String,
+        @NotNull @QueryParam("curve") curve: CurveName,
+        @QueryParam("overwrite") overwrite: Boolean?
     ) {
-        generator.init(keyId, KeeperCurve.fromName(curve), overwrite)
+        generator.init(keyId, KeeperCurve.fromName(curve), overwrite ?: false)
     }
 
     @POST
     @Path("/collect")
-    fun collect(@QueryParam("keyId") keyId: String): Uni<Void> =
+    fun collect(@NotNull @QueryParam("keyId") keyId: String): Uni<Void> =
         collector.collect(keyId).toUni()
 
     @POST
     @Path("/compute")
-    fun compute(@QueryParam("keyId") keyId: String) {
+    fun compute(@NotNull @QueryParam("keyId") keyId: String) {
         generator.compute(keyId)
     }
 
     @POST
     @Path("/abort")
-    fun abort(@QueryParam("keyId") sessionId: String) {
+    fun abort(@NotNull @QueryParam("keyId") sessionId: String) {
         generator.abort(sessionId)
     }
 

src/main/kotlin/org/exploit/keeper/controller/signature/FrostController.kt

@@ -2,6 +2,7 @@ package org.exploit.keeper.controller.signature
 
 import io.smallrye.mutiny.Uni
 import jakarta.inject.Singleton
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.*
 import org.exploit.keeper.api.auth.KeeperAuthenticator
 import org.exploit.keeper.constant.CurveName
@@ -21,7 +22,7 @@ class FrostController(
 ) {
     @POST
     @Path("/init")
-    fun init(body: InitSession) {
+    fun init(@NotNull body: InitSession) {
         manager(body.curve).createSession(
             body.sessionId,
             body.keyId,
@@ -34,8 +35,8 @@ class FrostController(
     @POST
     @Path("/commitment")
     fun storeCommitment(
-        @QueryParam("sessionId") sessionId: String,
-        @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) peerId: Int,
+        @NotNull @QueryParam("sessionId") sessionId: String,
+        @NotNull @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) peerId: Int,
         body: FrostOperationCommitment
     ) {
         manager(sessionId).respondent
@@ -45,22 +46,22 @@ class FrostController(
 
     @POST
     @Path("/commitment/broadcast")
-    fun broadcast(@QueryParam("sessionId") sessionId: String): Uni<Void> =
+    fun broadcast(@NotNull @QueryParam("sessionId") sessionId: String): Uni<Void> =
         manager(sessionId).respondent
             .commitment
             .broadcast(sessionId)
             .toUni()
 
     @GET
     @Path("/signature/z")
-    fun computeZ(@QueryParam("sessionId") sessionId: String): ComputedZ =
+    fun computeZ(@NotNull @QueryParam("sessionId") sessionId: String): ComputedZ =
         manager(sessionId).respondent
             .sigPart
             .computeZ(sessionId)
 
     @GET
     @Path("/abort")
-    fun abort(@QueryParam("sessionId") sessionId: String) {
+    fun abort(@NotNull @QueryParam("sessionId") sessionId: String) {
         manager(sessionId).clear(sessionId)
     }
 

src/main/kotlin/org/exploit/keeper/controller/signature/GG20Controller.kt

@@ -2,6 +2,7 @@ package org.exploit.keeper.controller.signature
 
 import io.smallrye.mutiny.Uni
 import jakarta.inject.Singleton
+import jakarta.validation.constraints.NotNull
 import jakarta.ws.rs.*
 import org.exploit.gmp.BigInt
 import org.exploit.keeper.api.auth.KeeperAuthenticator
@@ -26,7 +27,7 @@ class GG20Controller(
 ) {
     @POST
     @Path("/init")
-    fun init(session: InitSession) {
+    fun init(@NotNull session: InitSession) {
         manager(session.curve).createSession(
             sessionId = session.sessionId,
             keyId = session.keyId,
@@ -39,9 +40,9 @@ class GG20Controller(
     @POST
     @Path("/commitment")
     fun storeCommitment(
-        @QueryParam("sessionId") sessionId: String,
-        @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) peerId: Int,
-        body: GG20GammaCommitmentDto
+        @NotNull @QueryParam("sessionId") sessionId: String,
+        @NotNull @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) peerId: Int,
+        @NotNull body: GG20GammaCommitmentDto
     ) {
         manager(sessionId).respondent.commitment
             .storeCommitment(sessionId, peerId, body)
@@ -50,7 +51,7 @@ class GG20Controller(
     @POST
     @Path("/commitment/broadcast")
     fun broadcast(
-        @QueryParam("sessionId") sessionId: String
+        @NotNull @QueryParam("sessionId") sessionId: String
     ): Uni<Void> =
         manager(sessionId).respondent
             .commitment
@@ -59,16 +60,16 @@ class GG20Controller(
 
     @POST
     @Path("/mta/exchange")
-    fun exchange(@QueryParam("sessionId") sessionId: String): Uni<Void> =
+    fun exchange(@NotNull @QueryParam("sessionId") sessionId: String): Uni<Void> =
         manager(sessionId).respondent.mta
             .exchange(sessionId)
             .toUni()
 
     @POST
     @Path("/mta/compute")
     fun compute(
-        @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) idx: Int,
-        body: GG20MtAComputeRequest
+        @NotNull @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) idx: Int,
+        @NotNull body: GG20MtAComputeRequest
     ): GG20MtAResult =
         manager(body.sessionId)
             .respondent.mta
@@ -77,31 +78,31 @@ class GG20Controller(
     @POST
     @Path("/prephase")
     fun storeOfflinePhase(
-        @QueryParam("sessionId") sessionId: String,
-        @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) idx: Int,
-        body: GG20OfflinePhaseData
+        @NotNull @QueryParam("sessionId") sessionId: String,
+        @NotNull @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) idx: Int,
+        @NotNull body: GG20OfflinePhaseData
     ) {
         manager(sessionId).respondent.offlinePhase
             .store(sessionId, idx, body)
     }
 
     @POST
     @Path("/prephase/broadcast")
-    fun broadcastOfflinePhase(@QueryParam("sessionId") sessionId: String): Uni<Void> =
+    fun broadcastOfflinePhase(@NotNull @QueryParam("sessionId") sessionId: String): Uni<Void> =
         manager(sessionId).respondent
             .offlinePhase
             .broadcast(sessionId)
             .toUni()
 
     @GET
     @Path("/signature/s")
-    fun computeS(@QueryParam("sessionId") sessionId: String): Value<BigInt> =
+    fun computeS(@NotNull @QueryParam("sessionId") sessionId: String): Value<BigInt> =
         manager(sessionId).respondent.sigPart
             .computePartialS(sessionId, finalize = true)
 
     @POST
     @Path("/abort")
-    fun abort(@QueryParam("sessionId") sessionId: String) {
+    fun abort(@NotNull @QueryParam("sessionId") sessionId: String) {
         manager(sessionId).clear(sessionId)
     }