From 7e3e78cfe7550c261767dee5eae519675f9916b4 Mon Sep 17 00:00:00 2001
From: Ant Zucaro <azucaro@gmail.com>
Date: Sun, 18 Mar 2018 10:48:40 -0400
Subject: [PATCH] Sanitize the scope at the endpoint level.

---
 xonstat/views/main.py | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/xonstat/views/main.py b/xonstat/views/main.py
index 9f3f11d..3f76f1e 100644
--- a/xonstat/views/main.py
+++ b/xonstat/views/main.py
@@ -18,9 +18,6 @@ def summary_stats_data(scope="all"):
     :param scope: The scope to fetch from the table. May be "all" or "day".
     :return: list[tuple]
     """
-    if scope not in ["all", "day"]:
-        scope = "all"
-
     sql = text("SELECT num_players, game_type_cd, num_games, create_dt refresh_dt "
                "FROM summary_stats_mv "
                "WHERE scope = :scope "
@@ -37,15 +34,28 @@ def summary_stats_data(scope="all"):
 
 
 def summary_stats_json(request):
-    ss = summary_stats_data(request.params.get("scope", "all"))
-    return [
-        {
-            "players": r.num_players,
-            "game_type_cd": r.game_type_cd,
-            "games": r.num_games,
-            "refresh_dt": r.refresh_dt.isoformat(),
-        }
-        for r in ss]
+    scope = request.params.get("scope", "all")
+    if scope not in ["all", "day"]:
+        scope = "all"
+
+    ss = summary_stats_data(scope)
+
+    # default values
+    players = 0
+    last_refreshed = "unknown"
+    games = []
+
+    if len(ss) > 0:
+        players = ss[0].num_players
+        last_refreshed = ss[0].refresh_dt.isoformat()
+        games = [{"game_type_cd": r.game_type_cd, "num_games": r.num_games} for r in ss]
+
+    return {
+        "players": players,
+        "scope": scope,
+        "last_refreshed": last_refreshed,
+        "games": games,
+    }
 
 
 @cache_region('hourly_term')
-- 
2.39.2