From c9fb313cb954e938ad335a4d842762eb9f3c60e7 Mon Sep 17 00:00:00 2001 From: kaditya97 Date: Thu, 28 Dec 2023 13:17:06 +0545 Subject: [PATCH] Fix: restrict user to extract more than 24 hour active projects --- backend/api/projects/resources.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/backend/api/projects/resources.py b/backend/api/projects/resources.py index 8f519c20cf..d2799d355b 100644 --- a/backend/api/projects/resources.py +++ b/backend/api/projects/resources.py @@ -1199,7 +1199,13 @@ def get(self): """ interval = request.args.get("interval", "24") if not interval.isdigit(): - return {"Error": "Interval must be a number greater than 0"}, 400 + return { + "Error": "Interval must be a number greater than 0 and less than or equal to 24" + }, 400 interval = int(interval) + if interval <= 0 or interval > 24: + return { + "Error": "Interval must be a number greater than 0 and less than or equal to 24" + }, 400 projects_dto = ProjectService.get_active_projects(interval) return projects_dto, 200