From 20bddb43b6c92be17aea792094951d6731ca2f2d Mon Sep 17 00:00:00 2001
From: Dave Richer <dave@imexsystems.ca>
Date: Thu, 5 Dec 2024 12:16:32 -0800
Subject: [PATCH] feature/IO-3052-Skia-Canvas-Handler: Fix missing checks

Signed-off-by: Dave Richer <dave@imexsystems.ca>
---
 server/middleware/validateCanvasInputMiddleware.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/server/middleware/validateCanvasInputMiddleware.js b/server/middleware/validateCanvasInputMiddleware.js
index daf3775ba..a03bb12ec 100644
--- a/server/middleware/validateCanvasInputMiddleware.js
+++ b/server/middleware/validateCanvasInputMiddleware.js
@@ -1,7 +1,7 @@
 const { isObject } = require("lodash");
 
 const validateCanvasInputMiddleware = (req, res, next) => {
-  const { values, keys, override } = req.body;
+  const { values, keys, override, w, h } = req.body;
 
   if (!Array.isArray(values) || !Array.isArray(keys)) {
     return res.status(400).send("Invalid input: 'values' and 'keys' must be arrays.");
@@ -19,6 +19,13 @@ const validateCanvasInputMiddleware = (req, res, next) => {
     return res.status(400).send("Override must be an object");
   }
 
+  if (w && (!Number.isFinite(w) || w <= 0)) {
+    return res.status(400).send("Width must be a positive number");
+  }
+  if (h && (!Number.isFinite(h) || h <= 0)) {
+    return res.status(400).send("Height must be a positive number");
+  }
+
   next(); // Proceed to the next middleware or route handler
 };