From 9db69514347d6cb24d82b4a0196a8f166a2c74fc Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Thu, 17 Feb 2022 22:51:18 -0800
Subject: [PATCH] fix: Server side validation for #3112

---
 server/routes/api/documents.test.ts | 11 +++++++++++
 server/routes/api/documents.ts      |  3 ++-
 server/validation.ts                |  6 ++++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/server/routes/api/documents.test.ts b/server/routes/api/documents.test.ts
index 48ae1aa1e..f6edc5d99 100644
--- a/server/routes/api/documents.test.ts
+++ b/server/routes/api/documents.test.ts
@@ -1263,6 +1263,17 @@ describe("#documents.search", () => {
     expect(body.data.length).toEqual(0);
   });
 
+  it("should expect a query", async () => {
+    const { user } = await seed();
+    const res = await server.post("/api/documents.search", {
+      body: {
+        token: user.getJwtToken(),
+        query: "   ",
+      },
+    });
+    expect(res.status).toEqual(400);
+  });
+
   it("should not allow unknown dateFilter values", async () => {
     const { user } = await seed();
     const res = await server.post("/api/documents.search", {
diff --git a/server/routes/api/documents.ts b/server/routes/api/documents.ts
index 103a892dc..64d50bf45 100644
--- a/server/routes/api/documents.ts
+++ b/server/routes/api/documents.ts
@@ -37,6 +37,7 @@ import {
   assertIn,
   assertPresent,
   assertPositiveInteger,
+  assertNotEmpty,
 } from "@server/validation";
 import env from "../../env";
 import pagination from "./middlewares/pagination";
@@ -812,7 +813,7 @@ router.post("documents.search", auth(), pagination(), async (ctx) => {
   const { offset, limit } = ctx.state.pagination;
   const { user } = ctx.state;
 
-  assertPresent(query, "query is required");
+  assertNotEmpty(query, "query is required");
 
   if (collectionId) {
     assertUuid(collectionId, "collectionId must be a UUID");
diff --git a/server/validation.ts b/server/validation.ts
index bb93a696c..211cb960b 100644
--- a/server/validation.ts
+++ b/server/validation.ts
@@ -36,8 +36,10 @@ export const assertSort = (
   }
 };
 
-export const assertNotEmpty = (value: unknown, message?: string) => {
-  if (value === "") {
+export const assertNotEmpty = (value: unknown, message: string) => {
+  assertPresent(value, message);
+
+  if (typeof value === "string" && value.trim() === "") {
     throw ValidationError(message);
   }
 };