bug: fix bson doc filter

Author: pauldotyu

src/makeline-service/mongodb.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"log"
+	"strconv"
 
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/mongo"
@@ -86,9 +87,21 @@ func (r *MongoDBOrderRepo) GetPendingOrders() ([]Order, error) {
 func (r *MongoDBOrderRepo) GetOrder(id string) (Order, error) {
 	var ctx = context.TODO()
 
-	singleResult := r.db.FindOne(ctx, bson.M{"orderid": id})
+	var sanitizedId string
+	// ensure id is a valid orderId that can be converted to int
+	_, err := strconv.Atoi(id)
+	if err != nil {
+		log.Printf("Invalid order id: %s", err)
+		return Order{}, err
+	} else {
+		sanitizedId = id
+	}
+
+	filter := bson.M{"orderid": bson.M{"$eq": sanitizedId}}
+	singleResult := r.db.FindOne(ctx, filter)
+
 	var order Order
-	err := singleResult.Decode(&order)
+	err = singleResult.Decode(&order)
 	if err != nil {
 		log.Printf("Failed to decode order: %s", err)
 		return order, err
@@ -123,12 +136,23 @@ func (r *MongoDBOrderRepo) InsertOrders(orders []Order) error {
 func (r *MongoDBOrderRepo) UpdateOrder(order Order) error {
 	var ctx = context.TODO()
 
-	log.Printf("Updating order: %v", order)
+	var sanitizedId string
+	// ensure id can be converted to int
+	_, err := strconv.Atoi(order.OrderID)
+	if err != nil {
+		log.Printf("Invalid order id: %s", err)
+		return err
+	} else {
+		sanitizedId = order.OrderID
+	}
+
+	filter := bson.M{"orderid": bson.M{"$eq": sanitizedId}}
 
 	// Update the order
+	log.Printf("Updating order: %v", order)
 	updateResult, err := r.db.UpdateMany(
 		ctx,
-		bson.M{"orderid": order.OrderID},
+		filter,
 		bson.D{
 			{Key: "$set", Value: bson.D{{Key: "status", Value: order.Status}}},
 		},