[Bug]: Missing Type Validation for page, page_size, orderby, desc in HTTP API list datasets

[asiroliu]

Is there an existing issue for the same bug?

• I have checked the existing issues.

RAGFlow workspace code commit ID

x

RAGFlow image version

aa1afbd1fee6 (infiniflow/ragflow:nightly)

Other environment information

Actual behavior

When sending requests with ​non-integer values for page, page_size, orderby, or desc parameters to the GET /api/v1/datasets endpoint, the API returns unclear error messages and exposes internal exceptions in logs.

Expected behavior

1. Return a ​Request with clear error messages (e.g., "Invalid type for 'page': expected integer").
2. Avoid exposing internal exceptions (e.g., ValueError, AttributeError) in API responses.

Steps to reproduce

1. Send a request with invalid parameter types:

params = {"page": "a"}  # or {"page_size": "a"}, {"orderby": "a"}, {"desc": "a"}  
response = requests.get('http://127.0.0.1:9380/api/v1/datasets', params=params)

2. Observed Behavior
2.1 For page and page_size with string values (e.g., "a"):

{  
  "code": 100,  
  "data": null,  
  "message": "ValueError(\"invalid literal for int() with base 10: 'a'\")"  
}  

​Logs:

2025-03-10 17:38:28,871 ERROR    20 invalid literal for int() with base 10: 'a'  
Traceback (most recent call last):  
  ...  
  File "/ragflow/api/apps/sdk/dataset.py", line 504, in list_datasets  
    items_per_page = int(request.args.get("page_size", 30))  
ValueError: invalid literal for int() with base 10: 'a'  

2.2 ​For orderby and desc with invalid values (e.g., "a"):

{  
  "code": 100,  
  "data": null,  
  "message": "AttributeError(\"type object 'Knowledgebase' has no attribute 'a'\")"  
}  

​Logs:

2025-03-10 17:40:33,545 ERROR    20 type object 'Knowledgebase' has no attribute 'a'  
Traceback (most recent call last):  
  ...  
  File "/ragflow/api/db/db_models.py", line 189, in getter_by  
    return operator.attrgetter(attr)(cls)  
AttributeError: type object 'Knowledgebase' has no attribute 'a'

Additional information

No response

[asiroliu]

@KevinHuSh This problem has not been completely fixed, and list document and list dataset have the same problem.

response = requests.get('http://127.0.0.1:9380/api/v1/datasets/{dataset_id}/documents', params=params)

1. parameter: page

• params = {"page": -1} response:

{'code': 100, 'data': "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-2' at line 1", 'message': '1064'}

• params = {"page": "a"} response:

{'code': 100, 'data': None, 'message': 'ValueError("invalid literal for int() with base 10: \'a\'")'}

2. parameter: page_size

• same as page

3. parameter: orderby

• params = {"orderby": "unknown"} response:

{'code': 100, 'data': None, 'message': 'AttributeError("type object \'Document\' has no attribute \'unknown\'")'}

suggestion：
{'code': 102, 'message': 'orderby should be create_time or update_time'}

• params = {"orderby": "name"} response:

{'code': 0, ...}

suggestion： API Documentation: Only create_time or update_time are supported

{'code': 102,  'message': 'orderby should be create_time or update_time'}

4. [desc](parameter: desc)

• params = {"desc": "false"} response:
  Does not take effect， pr Fix: check desc parameter value. #5884 only fixes the list dataset api

• params = {"desc": "unknown"} response:

{'code': 100, 'data': None, 'message': 'AttributeError("type object \'Document\' has no attribute \'unknown\'")'}

suggestion：

{'code': 102,  'message': 'desc should be true or false'}