chore: validate form_id on files endpoint

app/api/v1/endpoints/file.py

@@ -1,3 +1,5 @@
+import logging
+
 from typing import List, Optional
 from urllib.parse import urljoin
 
@@ -16,6 +18,7 @@
 from app.models.hyperfile import HyperFile
 from app.models.user import User
 
+logger = logging.getLogger(__file__)
 router = APIRouter()
 
 
@@ -54,7 +57,16 @@ def list_files(
         raise HTTPException(status_code=403, detail="Not authenticated")
 
     if form_id:
-        files = crud.hyperfile.get_using_form(db=db, form_id=form_id, user_id=user.id)
+        try:
+            files = crud.hyperfile.get_using_form(
+                db=db, form_id=int(form_id), user_id=user.id
+            )
+        except ValueError as e:
+            logger.error("Invalid form_id provided: %s - %s", form_id, e)
+            raise HTTPException(
+                status_code=400, detail=f"Invalid form_id provided: {form_id}"
+            )
+
     else:
         files = user.hyper_files
 

app/tests/api/v1/endpoints/test_file.py

@@ -269,11 +269,17 @@ def test_file_list(self, create_user_and_login):
             "/api/v1/files/?form_id=000", headers=auth_credentials
         )
         assert response.status_code == 200
-        assert len(response.json()) == 0
+        assert response.json() == []
 
         response = self.client.get("/api/v1/files/?form_id=1", headers=auth_credentials)
         assert response.status_code == 200
-        assert len(response.json()) == len(user.hyper_files)
+        assert response.json()[0] == expected_data
+
+        response = self.client.get(
+            "/api/v1/files/?form_id=1:", headers=auth_credentials
+        )
+        assert response.status_code == 400
+        assert response.json() == {"detail": "Invalid form_id provided: 1:"}
 
     def test_trigger_hyper_file_sync(self, create_user_and_login):
         _, jwt = create_user_and_login