Circuit API: fix UUID parsing

3 files changed, 10 insertions, 31 deletions

diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/CircuitApi.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/CircuitApi.kt
index 9da9aca0..0c43dd29 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/CircuitApi.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/CircuitApi.kt
@@ -180,12 +180,7 @@ fun circuitApi(circuitRoute: Route) {
         call.request.basicAuth() // both admin and author allowed
         val arg = call.getUriComponent("uuid")
         // Parse and check the UUID.
-        val maybeUuid = try {
-            UUID.fromString(arg)
-        } catch (e: Exception) {
-            logger.error(e.message)
-            throw badRequest("The cash-out UUID is invalid: $arg") // global handler logs this.
-        }
+        val maybeUuid = parseUuid(arg)
         val maybeOperation = transaction {
             CashoutOperationEntity.find { uuid eq maybeUuid }.firstOrNull()
         }
@@ -210,10 +205,10 @@ fun circuitApi(circuitRoute: Route) {
         if (user == "admin" || user == "bank")
             throw conflict("Institutional user '$user' shouldn't confirm any cash-out.")
         // Get the operation identifier.
-        val operationUuid = call.getUriComponent("uuid")
+        val operationUuid = parseUuid(call.getUriComponent("uuid"))
         val op = transaction {
             CashoutOperationEntity.find {
-                uuid eq UUID.fromString(operationUuid)
+                uuid eq operationUuid
             }.firstOrNull()
         }
         // 404 if the operation is not found.
@@ -260,12 +255,7 @@ fun circuitApi(circuitRoute: Route) {
         call.request.basicAuth() // both admin and author
         val operationUuid = call.getUriComponent("uuid")
         // Parse and check the UUID.
-        val maybeUuid = try {
-            UUID.fromString(operationUuid)
-        } catch (e: Exception) {
-            logger.error(e.message)
-            throw badRequest("The cash-out UUID is invalid: $operationUuid")
-        }
+        val maybeUuid = parseUuid(operationUuid)
         // Get the operation from the database.
         val maybeOperation = transaction {
             CashoutOperationEntity.find { uuid eq maybeUuid }.firstOrNull()
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Helpers.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Helpers.kt
index ca0e3a86..693dc885 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Helpers.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Helpers.kt
@@ -278,9 +278,10 @@ fun getDefaultDemobank(): DemobankConfigEntity {
 }
 
 fun getWithdrawalOperation(opId: String): TalerWithdrawalEntity {
+    val uuid = parseUuid(opId)
     return transaction {
         TalerWithdrawalEntity.find {
-            TalerWithdrawalsTable.wopid eq UUID.fromString(opId)
+            TalerWithdrawalsTable.wopid eq uuid
         }.firstOrNull() ?: throw SandboxError(
             HttpStatusCode.NotFound, "Withdrawal operation $opId not found."
         )
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
index 3bfce37a..d0ab1a8b 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
@@ -37,8 +37,6 @@ import execThrowableOrTerminate
 import io.ktor.server.application.*
 import io.ktor.http.*
 import io.ktor.serialization.jackson.*
-import io.ktor.server.engine.*
-import io.ktor.server.netty.*
 import io.ktor.server.plugins.*
 import io.ktor.server.plugins.contentnegotiation.*
 import io.ktor.server.plugins.statuspages.*
@@ -1172,18 +1170,13 @@ val sandboxApp: Application.() -> Unit = {
                 }
                 post("/withdrawal-operation/{wopid}") {
                     val arg = ensureNonNull(call.parameters["wopid"])
-                    val maybeWithdrawalUUid = try {
-                        java.util.UUID.fromString(arg)
-                    } catch (e: Exception) {
-                        logger.debug(e.message)
-                        throw badRequest("Withdrawal operation UUID was invalid: $arg")
-                    }
+                    val withdrawalUuid = parseUuid(arg)
                     val body = call.receive<TalerWithdrawalSelection>()
                     val transferDone = transaction {
                         val wo = TalerWithdrawalEntity.find {
-                            TalerWithdrawalsTable.wopid eq maybeWithdrawalUUid
+                            TalerWithdrawalsTable.wopid eq withdrawalUuid
                         }.firstOrNull() ?: throw SandboxError(
-                            HttpStatusCode.NotFound, "Withdrawal operation $maybeWithdrawalUUid not found."
+                            HttpStatusCode.NotFound, "Withdrawal operation $withdrawalUuid not found."
                         )
                         if (wo.confirmationDone) {
                             return@transaction true
@@ -1216,12 +1209,7 @@ val sandboxApp: Application.() -> Unit = {
                 }
                 get("/withdrawal-operation/{wopid}") {
                     val arg = ensureNonNull(call.parameters["wopid"])
-                    val maybeWithdrawalUuid = try {
-                        java.util.UUID.fromString(arg)
-                    } catch (e: Exception) {
-                        logger.debug(e.message)
-                        throw badRequest("Withdrawal UUID invalid: $arg")
-                    }
+                    val maybeWithdrawalUuid = parseUuid(arg)
                     val maybeWithdrawalOp = transaction {
                         TalerWithdrawalEntity.find {
                             TalerWithdrawalsTable.wopid eq maybeWithdrawalUuid