From 5fb3ad4f20a2b686f072f736d51a25b80c0b52c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mirko=20M=C3=A4licke?= <mirko@hydrocode.de>
Date: Sun, 10 Nov 2024 07:08:58 +0100
Subject: [PATCH] improve location

---
 metacatalog_api/utils.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/metacatalog_api/utils.py b/metacatalog_api/utils.py
index 3d5d3a7..b42391c 100644
--- a/metacatalog_api/utils.py
+++ b/metacatalog_api/utils.py
@@ -115,10 +115,24 @@ def metadata_payload_to_model(payload: dict) -> MetadataPayload:
     authors = [Author(**a) for a in payload['authors'][1:]]
 
     # extract the location
+         # extract the location
     if 'location' in payload:
-        location = f"POINT ({payload['location']['lon']} {payload['location']['lat']})"
+        # Validate coordinates exist and are numeric
+        loc = payload['location']
+        if not all(k in loc for k in ('lon', 'lat')):
+            raise ValueError("Location must contain 'lon' and 'lat' coordinates")
+        try:
+            lon = float(loc['lon'])
+            lat = float(loc['lat'])
+            # Basic coordinate validation
+            if not (-180 <= lon <= 180 and -90 <= lat <= 90):
+                raise ValueError("Invalid coordinate values")
+        except (ValueError, TypeError):
+            raise ValueError("Coordinates must be valid numbers")
+        # Use parameterized format to prevent SQL injection
+        location = f"POINT ({lon:f} {lat:f})"
     else:
-        location = 'NULL'
+        location = 'NULL'   
 
     meta = MetadataPayload(
         title=payload['title'],