From 4e99a98c2337b86b8d7900fa6b1165a7841f5666 Mon Sep 17 00:00:00 2001 From: Yufeng He <40085740+he-yufeng@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:12:53 +0800 Subject: [PATCH] fix(datasets): validate console dataset list pagination as >= 1 ConsoleDatasetListQuery accepted any integer page/limit, so a negative or zero value passed straight through to DatasetService.get_datasets and on to the DB pagination. The annotation list queries already guard this with Field(ge=1) (both console and service_api); apply the same bound to the console dataset list query for consistency. Add unit tests covering the defaults, a valid page/limit, and rejection of non-positive page and limit. From Claude Code. Signed-off-by: Yufeng He <40085740+he-yufeng@users.noreply.github.com> --- api/controllers/console/datasets/datasets.py | 4 +-- .../datasets/test_dataset_list_query.py | 32 +++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 api/tests/unit_tests/controllers/console/datasets/test_dataset_list_query.py diff --git a/api/controllers/console/datasets/datasets.py b/api/controllers/console/datasets/datasets.py index 623c02631c0..6543969343c 100644 --- a/api/controllers/console/datasets/datasets.py +++ b/api/controllers/console/datasets/datasets.py @@ -136,8 +136,8 @@ class IndexingEstimatePayload(BaseModel): class ConsoleDatasetListQuery(BaseModel): - page: int = Field(default=1, description="Page number") - limit: int = Field(default=20, description="Number of items per page") + page: int = Field(default=1, ge=1, description="Page number") + limit: int = Field(default=20, ge=1, description="Number of items per page") keyword: str | None = Field(default=None, description="Search keyword") include_all: bool = Field(default=False, description="Include all datasets") ids: list[str] = Field(default_factory=list, description="Filter by dataset IDs") diff --git a/api/tests/unit_tests/controllers/console/datasets/test_dataset_list_query.py b/api/tests/unit_tests/controllers/console/datasets/test_dataset_list_query.py new file mode 100644 index 00000000000..0830fec9f72 --- /dev/null +++ b/api/tests/unit_tests/controllers/console/datasets/test_dataset_list_query.py @@ -0,0 +1,32 @@ +from __future__ import annotations + +import pytest +from pydantic import ValidationError + +from controllers.console.datasets.datasets import ConsoleDatasetListQuery + + +def test_dataset_list_query_defaults() -> None: + query = ConsoleDatasetListQuery() + assert query.page == 1 + assert query.limit == 20 + + +def test_dataset_list_query_accepts_valid_pagination() -> None: + query = ConsoleDatasetListQuery(page=3, limit=50) + assert query.page == 3 + assert query.limit == 50 + + +def test_dataset_list_query_rejects_non_positive_page() -> None: + with pytest.raises(ValidationError): + ConsoleDatasetListQuery(page=0) + with pytest.raises(ValidationError): + ConsoleDatasetListQuery(page=-1) + + +def test_dataset_list_query_rejects_non_positive_limit() -> None: + with pytest.raises(ValidationError): + ConsoleDatasetListQuery(limit=0) + with pytest.raises(ValidationError): + ConsoleDatasetListQuery(limit=-5)