Re: [PR] feat(server): adapt Hubble 2.0 frontend APIs and implement default graph/role management [hugegraph]

[via GitHub]

imbajin commented on code in PR #3008:
URL: https://github.com/apache/hugegraph/pull/3008#discussion_r3187079328


##########
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/GraphsAPI.java:
##########
@@ -155,6 +329,61 @@ public void drop(@Context GraphManager manager,
         manager.dropGraph(graphSpace, name, true);
     }
 
+    @PUT
+    @Timed
+    @Path("{name}")
+    @Consumes(APPLICATION_JSON)
+    @Produces(APPLICATION_JSON_WITH_CHARSET)
+    @RolesAllowed({"space"})
+    public Map<String, String> manage(@Context GraphManager manager,
+                                      @Parameter(description = "The graph 
space name")
+                                      @PathParam("graphspace") String 
graphSpace,
+                                      @Parameter(description = "The graph 
name")
+                                      @PathParam("name") String name,
+                                      @Parameter(description = "Action map: 
{'action':'update','update':{...}}")
+                                      Map<String, Object> actionMap) {
+        LOG.debug("Manage graph '{}' with action '{}'", name, actionMap);
+        E.checkArgument(actionMap != null && 
actionMap.containsKey(GRAPH_ACTION),
+                        "Invalid request body '%s'", actionMap);
+        Object value = actionMap.get(GRAPH_ACTION);
+        E.checkArgument(value instanceof String,
+                        "Invalid action type '%s', must be string",
+                        value == null ? "null" : 
value.getClass().getSimpleName());
+        String action = (String) value;
+        switch (action) {
+            case UPDATE:
+                E.checkArgument(actionMap.containsKey(UPDATE),
+                                "Please pass '%s' for graph update",
+                                UPDATE);
+                value = actionMap.get(UPDATE);
+                E.checkArgument(value instanceof Map,
+                                "The '%s' must be map, but got %s",
+                                UPDATE, value.getClass());

Review Comment:
   ⚠️ **Bug: null `update` body still turns validation into NPE**
   
   If the request body is `{"action":"update","update":null}`, `value 
instanceof Map` is false, but the error message still evaluates 
`value.getClass()`, causing a 500 instead of a clear 4xx validation error. 
Please make this message null-safe, similar to the `action` validation above.
   
   ```suggestion
                   E.checkArgument(value instanceof Map,
                                   "The %s must be map, but got %s",
                                   UPDATE,
                                   value == null ? "null" : 
value.getClass().getSimpleName());
   ```
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@hugegraph.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@hugegraph.apache.org
For additional commands, e-mail: issues-h...@hugegraph.apache.org