fix: added query validation

fstagni · aldbr · commit 67b145b33162 · 2026-04-22T10:56:37.000+02:00
diff --git a/diracx-routers/src/diracx/routers/pilots/query.py b/diracx-routers/src/diracx/routers/pilots/query.py
@@ -3,10 +3,11 @@
 from http import HTTPStatus
 from typing import Annotated, Any
 
-from fastapi import Body, Depends, Response
+from fastapi import Body, Depends, Query, Response
 
 from diracx.core.models.search import SearchParams, SummaryParams
 from diracx.db.sql import PilotAgentsDB
+from diracx.logic.pilots.query import MAX_PER_PAGE
 from diracx.logic.pilots.query import search as search_bl
 from diracx.logic.pilots.query import summary as summary_bl
 
@@ -111,8 +112,8 @@ async def search(
     check_permissions: CheckPilotManagementPolicyCallable,
     response: Response,
     user_info: Annotated[AuthorizedUserInfo, Depends(verify_dirac_access_token)],
-    page: int = 1,
-    per_page: int = 100,
+    page: Annotated[int, Query(ge=1)] = 1,
+    per_page: Annotated[int, Query(ge=1, le=MAX_PER_PAGE)] = 100,
     body: Annotated[
         SearchParams | None, Body(openapi_examples=EXAMPLE_SEARCHES)  # type: ignore
     ] = None,
diff --git a/diracx-routers/tests/pilots/test_query.py b/diracx-routers/tests/pilots/test_query.py
@@ -133,8 +133,8 @@ async def _search(
 
         r = populated_pilot_client.post("/api/pilots/search", json=body, params=params)
 
-        if r.status_code == 400:
-            # If we have a status_code 400, that means that the query failed
+        if r.status_code in (400, 422):
+            # If we have a status_code 400/422, that means that the query failed
             raise InvalidQueryError()
 
         return r.json(), r.headers
