Bug: Server Crash in Views Analytics Endpoint due to Unvalidated Pagination Parameters

[anshul23102]

Description

In the /api/analytics/views endpoint, the page query parameter is parsed into an integer and used to calculate skip for pagination. However, the value is not validated. If a client sends a negative number or a non-numeric string (which parses to NaN), the calculated skip value will be negative or NaN. Passing these values to the Prisma query causes a validation error and crashes the request.

Source Code Location

File: apps/backend/src/routes/analytics.ts

Proposed Fix

Sanitize and validate the page parameter to ensure it is a positive integer before performing database queries.

[anshul23102]

I'd like to work on this - contributing under GSSoC'26

[Harxhit]

@anshul23102 I have assigned this issue to you.

[anshul23102]

Hi @asyncasanas, I was assigned this issue and the fix is ready for review in PR #295.

The PR adds validation for the page and limit pagination parameters in the views analytics endpoint, returning a 400 with a clear error message for out-of-range or non-numeric values before they can reach the database query. Happy to make any adjustments based on your feedback.