defensive code

changelog/unreleased/spaces-post.md

@@ -0,0 +1,10 @@
+Enhancement: Create a Space using the Graph API
+
+Spaces can now be created on `POST /drive/{drive-name}`. Only users with the `create-space` permissions can perform this operation.
+
+Allowed body form values are:
+
+- `quota` (bytes) maximum amount of bytes stored in the space.
+- `maxQuotaFiles` (integer) maximum amount of files supported by the space.
+
+https://github.com/owncloud/ocis/pull/2471

graph/pkg/service/v0/drives.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/url"
 	"path"
+	"strconv"
 	"time"
 
 	cs3rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
@@ -144,6 +145,8 @@ func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	r.ParseForm()
+
 	s := sproto.NewPermissionService("com.owncloud.api.settings", grpc.DefaultClient)
 
 	_, err := s.GetPermissionByID(r.Context(), &sproto.GetPermissionByIDRequest{
@@ -162,14 +165,28 @@ func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
 	}
 
 	spaceName := chi.URLParam(r, "drive-name")
+	if spaceName == "" {
+		errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, fmt.Errorf("invalid name").Error())
+		return
+	}
+
+	quota, _ := strconv.ParseUint(r.Form.Get("quota"), 10, 64)
+	if quota == 0 {
+		quota = 65536 // set default quota if no form value was sent.
+	}
+
+	quotaMaxFiles, _ := strconv.ParseUint(r.Form.Get("quotaMaxFiles"), 10, 64)
+	if quotaMaxFiles == 0 {
+		quotaMaxFiles = 20 // set default quotaMaxFiles if no form value was sent.
+	}
 
 	csr := provider.CreateStorageSpaceRequest{
 		Owner: us,
 		Type:  "share",
 		Name:  spaceName,
 		Quota: &provider.Quota{
-			QuotaMaxBytes: 65536,
-			QuotaMaxFiles: 20,
+			QuotaMaxBytes: quota,
+			QuotaMaxFiles: quotaMaxFiles,
 		},
 	}