From ddd8192f30adad7c1c079e1d5c56d6645aabfd44 Mon Sep 17 00:00:00 2001
From: Maciej Zieniuk <mzieniuk@bitwarden.com>
Date: Tue, 8 Oct 2024 16:21:06 +0100
Subject: [PATCH] PM-10563: Request validation

---
 .../Controllers/NotificationsController.cs    |  4 +---
 .../Request/NotificationFilterRequestModel.cs | 23 ++++++++++++++++++-
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/src/Api/NotificationCenter/Controllers/NotificationsController.cs b/src/Api/NotificationCenter/Controllers/NotificationsController.cs
index a7becd5e26..0414474987 100644
--- a/src/Api/NotificationCenter/Controllers/NotificationsController.cs
+++ b/src/Api/NotificationCenter/Controllers/NotificationsController.cs
@@ -19,8 +19,6 @@ public class NotificationsController : Controller
     private readonly IMarkNotificationDeletedCommand _markNotificationDeletedCommand;
     private readonly IMarkNotificationReadCommand _markNotificationReadCommand;
 
-    private const int DefaultPageSize = 10;
-
     public NotificationsController(
         IGetNotificationStatusDetailsForUserQuery getNotificationStatusDetailsForUserQuery,
         IMarkNotificationDeletedCommand markNotificationDeletedCommand,
@@ -38,7 +36,7 @@ public class NotificationsController : Controller
         var pageOptions = new PageOptions
         {
             ContinuationToken = filter.ContinuationToken,
-            PageSize = DefaultPageSize
+            PageSize = filter.PageSize
         };
 
         var notificationStatusFilter = new NotificationStatusFilter
diff --git a/src/Api/NotificationCenter/Models/Request/NotificationFilterRequestModel.cs b/src/Api/NotificationCenter/Models/Request/NotificationFilterRequestModel.cs
index 16cda0998b..b23e13831a 100644
--- a/src/Api/NotificationCenter/Models/Request/NotificationFilterRequestModel.cs
+++ b/src/Api/NotificationCenter/Models/Request/NotificationFilterRequestModel.cs
@@ -1,7 +1,9 @@
 #nullable enable
+using System.ComponentModel.DataAnnotations;
+
 namespace Bit.Api.NotificationCenter.Models.Request;
 
-public class NotificationFilterRequestModel
+public class NotificationFilterRequestModel : IValidatableObject
 {
     /// <summary>
     /// Filters notifications by read status. When not set, includes notifications without a status.
@@ -16,5 +18,24 @@ public class NotificationFilterRequestModel
     /// <summary>
     /// A cursor for use in pagination.
     /// </summary>
+    [StringLength(10)]
     public string? ContinuationToken { get; set; }
+
+    /// <summary>
+    /// The number of items to return in a single page.
+    /// Default 10. Minimum 10, maximum 1000.
+    /// </summary>
+    [Range(10, 1000)]
+    public int PageSize { get; set; } = 10;
+
+    public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+    {
+        if (!string.IsNullOrWhiteSpace(ContinuationToken) &&
+            (!int.TryParse(ContinuationToken, out var pageNumber) || pageNumber <= 0))
+        {
+            yield return new ValidationResult(
+                "Continuation token must be a positive, non zero integer.",
+                [nameof(ContinuationToken)]);
+        }
+    }
 }