Prevent invalid database names

Close #843

api/http/api.go

@@ -433,6 +433,11 @@ func (self *HttpServer) createDatabase(w libhttp.ResponseWriter, r *libhttp.Requ
 		if err != nil {
 			return libhttp.StatusBadRequest, err.Error()
 		}
+		if !isValidDbName(createRequest.Name) {
+			m := "Unable to create database without name"
+			log.Error(m)
+			return libhttp.StatusBadRequest, m
+		}
 		err = self.coordinator.CreateDatabase(user, createRequest.Name)
 		if err != nil {
 			log.Error("Cannot create database %s. Error: %s", createRequest.Name, err)
@@ -443,6 +448,10 @@ func (self *HttpServer) createDatabase(w libhttp.ResponseWriter, r *libhttp.Requ
 	})
 }
 
+func isValidDbName(name string) bool {
+	return strings.TrimSpace(name) != ""
+}
+
 func (self *HttpServer) dropDatabase(w libhttp.ResponseWriter, r *libhttp.Request) {
 	self.tryAsClusterAdmin(w, r, func(user User) (int, interface{}) {
 		name := r.URL.Query().Get(":name")

api/http/api_test.go

@@ -639,6 +639,23 @@ func (self *ApiSuite) TestCreateDatabase(c *C) {
 	c.Assert(self.coordinator.db, Equals, "foo")
 }
 
+func (self *ApiSuite) TestCreateDatabaseNameFailures(c *C) {
+	data := map[string]string{
+		`{"name": ""}`: "Unable to create database without name",
+		`{}`:           "Unable to create database without name",
+		`{"not_name": "bar"}`: "Unable to create database without name",
+		`{"name": "    "}`:    "Unable to create database without name"}
+	for k, v := range data {
+		addr := self.formatUrl("/db?u=root&p=root")
+		resp, err := libhttp.Post(addr, "application/json", bytes.NewBufferString(k))
+		c.Assert(err, IsNil)
+		m, err := ioutil.ReadAll(resp.Body)
+		c.Assert(err, IsNil)
+		c.Assert(v, Equals, string(m))
+		c.Assert(resp.StatusCode, Equals, libhttp.StatusBadRequest)
+	}
+}
+
 func (self *ApiSuite) TestDropDatabase(c *C) {
 	addr := self.formatUrl("/db/foo?u=root&p=root")
 	req, err := libhttp.NewRequest("DELETE", addr, nil)