Skip to content

fix(#810): validate ratePerSecond/depositedAmount before BigInt coercion#983

Open
BernardOnuh wants to merge 1 commit into
LabsCrypt:mainfrom
BernardOnuh:fix/810-createstream-validation
Open

fix(#810): validate ratePerSecond/depositedAmount before BigInt coercion#983
BernardOnuh wants to merge 1 commit into
LabsCrypt:mainfrom
BernardOnuh:fix/810-createstream-validation

Conversation

@BernardOnuh

@BernardOnuh BernardOnuh commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Description

Fixes a validation bug in createStream: BigInt(ratePerSecond) and BigInt(depositedAmount) were called before any presence/format validation. A non-numeric value throws SyntaxError and a missing value throws TypeError, but the surrounding catch block only mapped RangeError to 400 — every other conversion failure fell through to the generic 500 handler.

Type of Change

  • 🐛 Bug fix (non-breaking change which fixes an issue)
  • 🧪 Test addition or update

Related Issues

Closes #810

Changes Made

  • Added parseRequiredBigIntField() in stream.controller.ts: validates a field is present (not undefined/null/'') before attempting BigInt() coercion, and wraps the coercion itself in try/catch so any conversion failure (SyntaxError, TypeError, etc.) is normalized into a StreamValidationError.
  • createStream now validates ratePerSecond and depositedAmount presence/format before the <= 0n checks, and maps any StreamValidationError to a 400 response with a descriptive message instead of letting it fall through to 500.
  • Added 4 new tests to stream.controller.test.ts:
    • non-numeric ratePerSecond → 400 with a validation error (not 500)
    • non-numeric depositedAmount → 400 with a validation error (not 500)
    • missing ratePerSecond → 400, not 500
    • missing depositedAmount → 400, not 500

Testing

Test Coverage

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing performed

Test Steps

  1. cd backend && npx prisma generate && npx vitest run tests/stream.controller.test.ts
  2. All 13 tests in stream.controller.test.ts pass (7 in the createStream block)
  3. Verified regression coverage by temporarily reverting the source fix and confirming all 4 new tests fail with 500 against the old (buggy) code, then re-confirming they pass with the fix applied

Breaking Changes

None. Response bodies for already-valid requests are unchanged; only previously-500 responses for malformed/missing numeric fields now correctly return 400.

Checklist

  • My code follows the project's style guidelines
  • I have performed a self-review of my own code
  • I have added tests that prove my fix is effective
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published (N/A)

Additional Notes

Scope limited to backend/src/controllers/stream.controller.ts per the issue's "Files to touch." Stellar address format validation (sender/recipient/tokenAddress) is explicitly out of scope per the issue and tracked separately.

…Int coercion

createStream called BigInt() on ratePerSecond/depositedAmount before validation. Non-numeric input threw SyntaxError and missing input threw TypeError, but only RangeError was mapped to 400 — everything else fell through to 500. Adds presence + format validation before coercion. Closes LabsCrypt#810
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Backend] createStream returns 500 instead of 400 for non-numeric/missing ratePerSecond, depositedAmount or startTime

1 participant