From a95d9809a998b9475537c5013d96640adc70ac13 Mon Sep 17 00:00:00 2001 From: Morgan Ludtke Date: Tue, 30 Jul 2024 15:34:17 -0500 Subject: [PATCH] fix: add uuid validation at controller level --- backend/core/src/applications/applications.controller.ts | 5 ++++- backend/core/src/auth/controllers/user.controller.ts | 5 ++++- backend/core/src/listings/listings.controller.ts | 5 +++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/backend/core/src/applications/applications.controller.ts b/backend/core/src/applications/applications.controller.ts index 8788c86ac7..22a152de4c 100644 --- a/backend/core/src/applications/applications.controller.ts +++ b/backend/core/src/applications/applications.controller.ts @@ -5,6 +5,7 @@ import { Get, Header, Param, + ParseUUIDPipe, Post, Put, Query, @@ -82,7 +83,9 @@ export class ApplicationsController { @Get(`:id`) @ApiOperation({ summary: "Get application by id", operationId: "retrieve" }) - async retrieve(@Param("id") applicationId: string): Promise { + async retrieve( + @Param("id", new ParseUUIDPipe({ version: "4" })) applicationId: string + ): Promise { const app = await this.applicationsService.findOne(applicationId) return mapTo(ApplicationDto, app) } diff --git a/backend/core/src/auth/controllers/user.controller.ts b/backend/core/src/auth/controllers/user.controller.ts index 2b11c51fd1..b3f981fde5 100644 --- a/backend/core/src/auth/controllers/user.controller.ts +++ b/backend/core/src/auth/controllers/user.controller.ts @@ -5,6 +5,7 @@ import { Get, Header, Param, + ParseUUIDPipe, Post, Put, Query, @@ -205,7 +206,9 @@ export class UserController { @Get(`:id`) @ApiOperation({ summary: "Get user by id", operationId: "retrieve" }) @UseGuards(DefaultAuthGuard, AuthzGuard) - async retrieve(@Param("id") userId: string): Promise { + async retrieve( + @Param("id", new ParseUUIDPipe({ version: "4" })) userId: string + ): Promise { return mapTo(UserDto, await this.userService.findOneOrFail({ id: userId })) } diff --git a/backend/core/src/listings/listings.controller.ts b/backend/core/src/listings/listings.controller.ts index 4b5a6a28b4..dac4e18bb5 100644 --- a/backend/core/src/listings/listings.controller.ts +++ b/backend/core/src/listings/listings.controller.ts @@ -14,6 +14,7 @@ import { ClassSerializerInterceptor, Headers, Header, + ParseUUIDPipe, } from "@nestjs/common" import { ListingsService } from "./listings.service" import { ApiBearerAuth, ApiExtraModels, ApiOperation, ApiTags } from "@nestjs/swagger" @@ -101,7 +102,7 @@ export class ListingsController { @UsePipes(new ValidationPipe(defaultValidationPipeOptions)) async retrieve( @Headers("language") language: Language, - @Param("id") listingId: string, + @Param("id", new ParseUUIDPipe({ version: "4" })) listingId: string, @Query() queryParams: ListingsRetrieveQueryParams ): Promise { if (listingId === undefined || listingId === "undefined") { @@ -127,7 +128,7 @@ export class ListingsController { @Delete(`:id`) @ApiOperation({ summary: "Delete listing by id", operationId: "delete" }) @UsePipes(new ValidationPipe(defaultValidationPipeOptions)) - async delete(@Param("id") listingId: string) { + async delete(@Param("id", new ParseUUIDPipe({ version: "4" })) listingId: string) { await this.listingsService.delete(listingId) } }