Restriction of form param count

Hello,

How to control number of form parameters from the request in edge.

We have 5 form parameters for our API. If end user sending more than 5 or less than 5 then we need to send an error message.

Thanks

Solved Solved
1 5 244
2 ACCEPTED SOLUTIONS

Not applicable

The variable below holds the count.

request.formparams.count

You can set one raise fault with request.formparams.count != 5 as the condition.

View solution in original post

Hmm

You could do that with a JS policy. The form string is available in the context variable request.formstring. There are two approaches. Option 1: Just check "good or no good". That's pretty simple.

var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; });
var requiredParams = ['m', 'q', 'b', 'p', 'exp'];


// throw fault if the received params do not equal the required params
if (receivedParams.sort().join(',') !== requiredParams.sort().join(',')) {
  throw new Error('invalid parameters');
}

If you want to be more transparent about which parameters are missing or extra, then you need to do something a little different.

var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; });
var requiredParams = ['m', 'q', 'b', 'p', 'exp'];


// throw fault if the received params do not equal the required params
// This is a more intelligent check: it can tell whether there are missing or extra parameters.


var missing = requiredParams.filter(function(p) { return p && receivedParams.indexOf(p) == -1;});
var extra = receivedParams.filter(function(p) { return p && requiredParams.indexOf(p) == -1;});


var message = '';
if (missing && missing.length > 0) {
  message += 'missing[' + missing.join(',') + '] ';
}
if (extra && extra.length>0) {
  message += 'extra[' + extra.join(',') + ']';
}
if (message != '') {
  throw new Error('invalid parameters. ' + message);
}

Throwing an error from within a JS callout will cause a fault in the proxy. Eventually that propagates back to the caller, but you could "catch" it and rewrite the fault using a FaultRule.

View solution in original post

5 REPLIES 5

Not applicable

The variable below holds the count.

request.formparams.count

You can set one raise fault with request.formparams.count != 5 as the condition.

Hmm

You could do that with a JS policy. The form string is available in the context variable request.formstring. There are two approaches. Option 1: Just check "good or no good". That's pretty simple.

var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; });
var requiredParams = ['m', 'q', 'b', 'p', 'exp'];


// throw fault if the received params do not equal the required params
if (receivedParams.sort().join(',') !== requiredParams.sort().join(',')) {
  throw new Error('invalid parameters');
}

If you want to be more transparent about which parameters are missing or extra, then you need to do something a little different.

var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; });
var requiredParams = ['m', 'q', 'b', 'p', 'exp'];


// throw fault if the received params do not equal the required params
// This is a more intelligent check: it can tell whether there are missing or extra parameters.


var missing = requiredParams.filter(function(p) { return p && receivedParams.indexOf(p) == -1;});
var extra = receivedParams.filter(function(p) { return p && requiredParams.indexOf(p) == -1;});


var message = '';
if (missing && missing.length > 0) {
  message += 'missing[' + missing.join(',') + '] ';
}
if (extra && extra.length>0) {
  message += 'extra[' + extra.join(',') + ']';
}
if (message != '') {
  throw new Error('invalid parameters. ' + message);
}

Throwing an error from within a JS callout will cause a fault in the proxy. Eventually that propagates back to the caller, but you could "catch" it and rewrite the fault using a FaultRule.

Hi @Dino-at-Google , We can use JsonThreadProtection Policy as well right ? By blocking the request body with n number of fields or allowing n number of fields.

No. JsonThreatProtection works on inbound JSON payloads. Not Form payloads.

Thanks Dino