Skip to content

Harden basenames metadata token validation #2821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Harden basenames metadata token validation #2821

wants to merge 1 commit into from

Conversation

@Rufusemmanuel
Copy link
Contributor

@Rufusemmanuel Rufusemmanuel commented Nov 28, 2025

Summary

  • Validate basenames metadata tokenId to require a positive integer.
  • Return a clear 400 error for malformed tokenIds instead of throwing during BigInt conversion.

Changes

  • Add numeric guard for tokenId in apps/web/app/(basenames)/api/basenames/metadata/[tokenId]/route.ts.

Motivation

Prevent unexpected 500s from invalid tokenIds and give clients actionable errors.

Risk & Impact

  • Risk level: Low
  • Impact: Requests with non-numeric tokenIds now return 400; valid numeric tokenIds behave the same.

Testing

  • Call GET /api/basenames/metadata/foo and expect 400.
  • Call with a numeric tokenId and confirm normal metadata response.

@Rufusemmanuel
Harden basenames metadata token validation
7ac4233 
## Summary

  - Validate basenames metadata tokenId to require a positive integer.
  - Return a clear 400 error for malformed tokenIds instead of throwing during BigInt conversion.

  ## Changes

  - Add numeric guard for tokenId in apps/web/app/(basenames)/api/basenames/metadata/[tokenId]/route.ts.

  ## Motivation

  Prevent unexpected 500s from invalid tokenIds and give clients actionable errors.

  ## Risk & Impact

  - Risk level: Low
  - Impact: Requests with non-numeric tokenIds now return 400; valid numeric tokenIds behave the same.

  ## Testing

  - [ ] Call GET /api/basenames/metadata/foo and expect 400.
  - [ ] Call with a numeric tokenId and confirm normal metadata response.
@cb-heimdall
Copy link
Collaborator

cb-heimdall commented Nov 28, 2025

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 0
Sum 1

@vercel
Copy link

vercel bot commented Nov 28, 2025

@Rufusemmanuel is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Rufusemmanuel @cb-heimdall