fix: add uuid validation at controller level (#1660)

CityOfDetroit · Jul 31, 2024 · a3f8884 · a3f8884
1 parent 249bc3a
commit a3f8884
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/backend/core/src/applications/applications.controller.ts b/backend/core/src/applications/applications.controller.ts
@@ -5,6 +5,7 @@ import {
   Get,
   Header,
   Param,
+  ParseUUIDPipe,
   Post,
   Put,
   Query,
@@ -82,7 +83,9 @@ export class ApplicationsController {
 
   @Get(`:id`)
   @ApiOperation({ summary: "Get application by id", operationId: "retrieve" })
-  async retrieve(@Param("id") applicationId: string): Promise<ApplicationDto> {
+  async retrieve(
+    @Param("id", new ParseUUIDPipe({ version: "4" })) applicationId: string
+  ): Promise<ApplicationDto> {
     const app = await this.applicationsService.findOne(applicationId)
     return mapTo(ApplicationDto, app)
   }

diff --git a/backend/core/src/auth/controllers/user.controller.ts b/backend/core/src/auth/controllers/user.controller.ts
@@ -5,6 +5,7 @@ import {
   Get,
   Header,
   Param,
+  ParseUUIDPipe,
   Post,
   Put,
   Query,
@@ -205,7 +206,9 @@ export class UserController {
   @Get(`:id`)
   @ApiOperation({ summary: "Get user by id", operationId: "retrieve" })
   @UseGuards(DefaultAuthGuard, AuthzGuard)
-  async retrieve(@Param("id") userId: string): Promise<UserDto> {
+  async retrieve(
+    @Param("id", new ParseUUIDPipe({ version: "4" })) userId: string
+  ): Promise<UserDto> {
     return mapTo(UserDto, await this.userService.findOneOrFail({ id: userId }))
   }
 

diff --git a/backend/core/src/listings/listings.controller.ts b/backend/core/src/listings/listings.controller.ts
@@ -14,6 +14,7 @@ import {
   ClassSerializerInterceptor,
   Headers,
   Header,
+  ParseUUIDPipe,
 } from "@nestjs/common"
 import { ListingsService } from "./listings.service"
 import { ApiBearerAuth, ApiExtraModels, ApiOperation, ApiTags } from "@nestjs/swagger"
@@ -101,7 +102,7 @@ export class ListingsController {
   @UsePipes(new ValidationPipe(defaultValidationPipeOptions))
   async retrieve(
     @Headers("language") language: Language,
-    @Param("id") listingId: string,
+    @Param("id", new ParseUUIDPipe({ version: "4" })) listingId: string,
     @Query() queryParams: ListingsRetrieveQueryParams
   ): Promise<ListingDto> {
     if (listingId === undefined || listingId === "undefined") {
@@ -127,7 +128,7 @@ export class ListingsController {
   @Delete(`:id`)
   @ApiOperation({ summary: "Delete listing by id", operationId: "delete" })
   @UsePipes(new ValidationPipe(defaultValidationPipeOptions))
-  async delete(@Param("id") listingId: string) {
+  async delete(@Param("id", new ParseUUIDPipe({ version: "4" })) listingId: string) {
     await this.listingsService.delete(listingId)
   }
 }