From 4bef00e2d812e5ed2d8cc2639b52cc6dfeade4ee Mon Sep 17 00:00:00 2001
From: Chris Chase <chris@accede.com.au>
Date: Thu, 5 Mar 2026 11:24:41 +1030
Subject: [PATCH] Add input validation and HTTP status error handling

---
 odbcwritenow.js | 33 +++++++++++++++++++++++++++++----
 package.json    |  2 +-
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/odbcwritenow.js b/odbcwritenow.js
index e60a507..ee4b53f 100644
--- a/odbcwritenow.js
+++ b/odbcwritenow.js
@@ -15,6 +15,9 @@ async function DoImport(msg, url, node, maxRetries, baseBackoffMs) {
 
         try {
             const response = await fetch(url);
+            if (!response.ok) {
+                throw new Error(`HTTP ${response.status} ${response.statusText}`)
+            }
             datastr = await response.text();
 
             if (datastr.toLowerCase().includes("no data found")) {
@@ -70,15 +73,37 @@ module.exports = function(RED) {
         var node = this;
         node.status({ text: `` })
         node.on('input', async function(msg) {
-            const page = parseInt(encodeURIComponent(msg.page || 0));
-            const apikey = encodeURIComponent(msg.apikey || config.apikey);
-            const what = encodeURIComponent(config.what)
+            const pageRaw = msg.page === undefined || msg.page === null || msg.page === "" ? 0 : msg.page
+            const page = parseInt(pageRaw, 10)
+            const apikeyRaw = msg.apikey || config.apikey
+            const whatRaw = config.what
             const orderby = encodeURIComponent(msg.orderby || config.orderby);
 
+            if (!whatRaw || String(whatRaw).trim().length === 0) {
+                node.status({ fill: "red", shape: "ring", text: "Invalid config: 'what' is required" })
+                node.error("Invalid config: 'what' is required", msg)
+                return
+            }
+
+            if (!apikeyRaw || String(apikeyRaw).trim().length === 0) {
+                node.status({ fill: "red", shape: "ring", text: "Missing API key" })
+                node.error("Missing API key: set config.apikey or msg.apikey", msg)
+                return
+            }
+
+            if (Number.isNaN(page) || page < 0) {
+                node.status({ fill: "red", shape: "ring", text: "Invalid page: must be >= 0" })
+                node.error(`Invalid page '${pageRaw}': must be a non-negative integer`, msg)
+                return
+            }
+
+            const apikey = encodeURIComponent(apikeyRaw);
+            const what = encodeURIComponent(whatRaw)
+
 
 
             msg.page = page
-            msg.what = what
+            msg.what = whatRaw
             const maxRetries = Number.isInteger(parseInt(config.maxRetries, 10))
                 ? Math.max(0, parseInt(config.maxRetries, 10))
                 : 3
diff --git a/package.json b/package.json
index 1d9193a..3ab394f 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "@accede/node-red-contrib-odbcwritenow",
   "version": "1.0.4",
   "description": "",
-  "main": "index.js",
+  "main": "odbcwritenow.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
   },