fix: validate max_items and offset query params in GET /history

Passing a non-integer value for max_items or offset caused an unhandled ValueError, resulting in a 500 instead of a 400. This brings /history in line with the existing validation pattern used by /api/jobs. Tests added for both max_items and offset with multiple invalid string values.
2026-05-15 19:47:24 +08:00 · 2026-05-12 23:59:23 +08:00 · 2026-05-12 23:59:23 +08:00 · 87e332ff6a
commit 87e332ff6a
parent c9589f29b2
2 changed files with 42 additions and 2 deletions
--- a/server.py
+++ b/server.py
@ -890,11 +890,23 @@ class PromptServer():
        async def get_history(request):
            max_items = request.rel_url.query.get("max_items", None)
            if max_items is not None:
-                max_items = int(max_items)
+                try:
+                    max_items = int(max_items)
+                except (ValueError, TypeError):
+                    return web.json_response(
+                        {"error": "max_items must be an integer"},
+                        status=400
+                    )

            offset = request.rel_url.query.get("offset", None)
            if offset is not None:
-                offset = int(offset)
+                try:
+                    offset = int(offset)
+                except (ValueError, TypeError):
+                    return web.json_response(
+                        {"error": "offset must be an integer"},
+                        status=400
+                    )
            else:
                offset = -1

--- a/tests/execution/test_execution.py
+++ b/tests/execution/test_execution.py
@ -909,6 +909,34 @@ class TestExecution:

        assert len(result) <= 1, "Should return at most 1 item when offset is near end"

+    @pytest.mark.parametrize("invalid_value", ["foo", "abc", "notanint"])
+    def test_history_max_items_invalid_returns_400(
+        self, client: ComfyClient, builder: GraphBuilder, invalid_value
+    ):
+        """Test that non-integer max_items returns 400 error"""
+        url = "http://{}/history?max_items={}".format(
+            client.server_address, invalid_value
+        )
+        with pytest.raises(urllib.error.HTTPError) as exc_info:
+            urllib.request.urlopen(url)
+        assert exc_info.value.code == 400
+        body = json.loads(exc_info.value.read())
+        assert "max_items must be an integer" in body.get("error", "")
+
+    @pytest.mark.parametrize("invalid_value", ["foo", "abc", "notanint"])
+    def test_history_offset_invalid_returns_400(
+        self, client: ComfyClient, builder: GraphBuilder, invalid_value
+    ):
+        """Test that non-integer offset returns 400 error"""
+        url = "http://{}/history?offset={}".format(
+            client.server_address, invalid_value
+        )
+        with pytest.raises(urllib.error.HTTPError) as exc_info:
+            urllib.request.urlopen(url)
+        assert exc_info.value.code == 400
+        body = json.loads(exc_info.value.read())
+        assert "offset must be an integer" in body.get("error", "")
+
    # Jobs API tests
    def test_jobs_api_job_structure(
        self, client: ComfyClient, builder: GraphBuilder