From cf9784b770b7972c6b4275d644608330129ace06 Mon Sep 17 00:00:00 2001
From: april <aprl.petersen@gmail.com>
Date: Thu, 11 Jan 2024 12:31:51 -0600
Subject: [PATCH] Validate custom filters

---
 api/database/flights.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/database/flights.py b/api/database/flights.py
index 7a104f5..f2e27b9 100644
--- a/api/database/flights.py
+++ b/api/database/flights.py
@@ -27,6 +27,9 @@ async def retrieve_flights(user: str = "", sort: str = "date", order: int = -1,
     :param filter_val: Value to filter field by
     :return: List of flights
     """
+    if filter not in FlightDisplaySchema.__annotations__.keys():
+        raise HTTPException(400, f"Invalid filter field: {filter}")
+
     filter_options = {}
     if user != "":
         filter_options["user"] = ObjectId(user)