Skip to content

Volunteer API Hardening #20

Description

@IMisbahk

Summary

The volunteer API could be made more robust by validating input earlier and handling failures explicitly.

Current behavior

  • User input is interpolated directly into Airtable's filterByFormula.
  • Request bodies are parsed without handling malformed JSON.
  • The endpoint accepts any HTTP method.
  • Email addresses are not validated before use.
  • Airtable lookup/create failures are logged but do not affect the response, so the endpoint may still return success even when persistence fails.

Proposed improvements

  • Restrict the endpoint to POST requests.
  • Gracefully handle malformed request bodies.
  • Validate email addresses before processing.
  • Escape user input before constructing Airtable formulas.
  • Return appropriate HTTP status codes when Airtable operations fail instead of silently continuing.

I'd be happy to work on this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions