Added request/response validation
diff --git a/tools/metadata.go b/tools/metadata.go
index 6fd84b1..c3da813 100644
--- a/tools/metadata.go
+++ b/tools/metadata.go
@@ -6,19 +6,22 @@
"strings"
"github.com/korap/korap-mcp/service"
+ "github.com/korap/korap-mcp/validation"
"github.com/mark3labs/mcp-go/mcp"
"github.com/rs/zerolog/log"
)
// MetadataTool implements the Tool interface for KorAP corpus metadata retrieval
type MetadataTool struct {
- client *service.Client
+ client *service.Client
+ validator *validation.Validator
}
// NewMetadataTool creates a new metadata tool instance
func NewMetadataTool(client *service.Client) *MetadataTool {
return &MetadataTool{
- client: client,
+ client: client,
+ validator: validation.New(log.Logger),
}
}
@@ -67,20 +70,29 @@
// Extract optional corpus parameter
corpus := request.GetString("corpus", "")
+ // Validate the metadata request using the validation package
+ metadataReq := validation.MetadataRequest{
+ Action: action,
+ Corpus: corpus,
+ }
+
+ if err := m.validator.ValidateMetadataRequest(metadataReq); err != nil {
+ log.Warn().
+ Err(err).
+ Interface("request", metadataReq).
+ Msg("Metadata request validation failed")
+ return nil, fmt.Errorf("invalid metadata request: %w", err)
+ }
+
+ // Sanitize inputs
+ if corpus != "" {
+ corpus = m.validator.SanitizeCorpusID(corpus)
+ }
+
log.Debug().
Str("action", action).
Str("corpus", corpus).
- Msg("Parsed metadata parameters")
-
- // Validate parameters before authentication
- switch action {
- case "list":
- // No additional validation needed for list
- case "statistics":
- // No additional validation needed for statistics - corpus is optional
- default:
- return nil, fmt.Errorf("unknown action: %s", action)
- }
+ Msg("Parsed and validated metadata parameters")
// Check if client is available and authenticated
if m.client == nil {
@@ -119,6 +131,14 @@
return nil, fmt.Errorf("failed to retrieve corpus list: %w", err)
}
+ // Validate the response
+ if err := m.validator.ValidateCorpusListResponse(&corpusListResp); err != nil {
+ log.Warn().
+ Err(err).
+ Msg("Corpus list response validation failed, but continuing with potentially invalid data")
+ // Continue processing despite validation errors to be resilient
+ }
+
log.Info().
Int("corpus_count", len(corpusListResp.Corpora)).
Msg("Corpus list retrieved successfully")
@@ -150,6 +170,14 @@
return nil, fmt.Errorf("failed to retrieve corpus statistics: %w", err)
}
+ // Validate the response
+ if err := m.validator.ValidateStatisticsResponse(&statsResp); err != nil {
+ log.Warn().
+ Err(err).
+ Msg("Statistics response validation failed, but continuing with potentially invalid data")
+ // Continue processing despite validation errors to be resilient
+ }
+
log.Info().
Str("corpus", corpus).
Int("documents", statsResp.Documents).