From 5a883826ae492769297bd0bcdf2aabdc446a0bc9 Mon Sep 17 00:00:00 2001
From: Era Dorta <era.dorta@proton.me>
Date: Mon, 6 Apr 2026 17:08:57 +0200
Subject: [PATCH] refactor: add missing checks on required fields

---
 src/api/api.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/api/api.go b/src/api/api.go
index a0304fc..c19f4f4 100644
--- a/src/api/api.go
+++ b/src/api/api.go
@@ -873,6 +873,11 @@ func (a *Api) AddMembersToGroup(c *gin.Context) {
 		return
 	}
 
+	if len(req.Members) == 0 {
+		c.JSON(400, Error{Msg: "Couldn't process request - group members missing"})
+		return
+	}
+
 	err = a.signalClient.AddMembersToGroup(number, groupId, req.Members)
 	if err != nil {
 		switch err.(type) {
@@ -1279,6 +1284,16 @@ func (a *Api) UnpinMessageInGroup(c *gin.Context) {
 		return
 	}
 
+	if req.TargetAuthor == "" {
+		c.JSON(400, Error{Msg: "Couldn't process request - target author missing"})
+		return
+	}
+
+	if req.Timestamp == 0 {
+		c.JSON(400, Error{Msg: "Couldn't process request - timestamp missing"})
+		return
+	}
+
 	err = a.signalClient.UnpinMessageInGroup(number, groupId, req.TargetAuthor, req.Timestamp)
 	if err != nil {
 		c.JSON(400, Error{Msg: err.Error()})
@@ -2385,6 +2400,16 @@ func (a *Api) SubmitRateLimitChallenge(c *gin.Context) {
 		return
 	}
 
+	if req.ChallengeToken == "" {
+		c.JSON(400, Error{Msg: "Couldn't process request - challenge token missing"})
+		return
+	}
+
+	if req.Captcha == "" {
+		c.JSON(400, Error{Msg: "Couldn't process request - captcha missing"})
+		return
+	}
+
 	err = a.signalClient.SubmitRateLimitChallenge(number, req.ChallengeToken, req.Captcha)
 	if err != nil {
 		c.JSON(400, Error{Msg: err.Error()})