feat(api): Added validation for reason field (#190)

keyshade-xyz · May 5, 2024 · b227d88 · b227d88
1 parent 92ceb75
commit b227d88
Show file tree

Hide file tree

Showing 10 changed files with 133 additions and 21 deletions.
diff --git a/apps/api/src/approval/controller/approval.controller.ts b/apps/api/src/approval/controller/approval.controller.ts
@@ -10,6 +10,7 @@ import {
 } from '@prisma/client'
 import { CurrentUser } from '../../decorators/user.decorator'
 import { RequiredApiKeyAuthorities } from '../../decorators/required-api-key-authorities.decorator'
+import { AlphanumericReasonValidationPipe } from '../../common/alphanumeric-reason-pipe'
 
 @Controller('approval')
 export class ApprovalController {
@@ -20,7 +21,7 @@ export class ApprovalController {
   async updateApproval(
     @CurrentUser() user: User,
     @Param('approvalId') approvalId: Approval['id'],
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return this.approvalService.updateApproval(user, reason, approvalId)
   }

diff --git a/apps/api/src/common/alphanumeric-reason-pipe.spec.ts b/apps/api/src/common/alphanumeric-reason-pipe.spec.ts
@@ -0,0 +1,29 @@
+import { AlphanumericReasonValidationPipe } from './alphanumeric-reason-pipe';
+import { BadRequestException } from '@nestjs/common';
+
+describe('AlphanumericReasonValidationPipe', () => {
+  let pipe: AlphanumericReasonValidationPipe;
+
+  beforeEach(() => {
+    pipe = new AlphanumericReasonValidationPipe();
+  });
+
+  it('should allow alphanumeric string', () => {
+    const validInput = 'Test123';
+    expect(pipe.transform(validInput)).toBe(validInput);
+  });
+
+  it('should not allow strings with only spaces', () => {
+    expect(() => pipe.transform('   ')).toThrow(BadRequestException);
+  });
+
+  it('should throw BadRequestException for non-alphanumeric string', () => {
+    const invalidInput = 'Test123$%^';
+    try {
+      pipe.transform(invalidInput);
+    } catch (e) {
+      expect(e).toBeInstanceOf(BadRequestException);
+      expect(e.message).toBe('Reason must contain only alphanumeric characters and no leading or trailing spaces.');
+    }
+  });
+});
diff --git a/apps/api/src/common/alphanumeric-reason-pipe.ts b/apps/api/src/common/alphanumeric-reason-pipe.ts
@@ -0,0 +1,12 @@
+import { PipeTransform, Injectable, BadRequestException } from '@nestjs/common';
+
+@Injectable()
+export class AlphanumericReasonValidationPipe implements PipeTransform {
+  transform(value: string) {
+  if (/^[a-zA-Z0-9]+(?: [a-zA-Z0-9]+)*$/.test(value)) {
+    return value;
+  } else {
+    throw new BadRequestException('Reason must contain only alphanumeric characters and no leading or trailing spaces.');
+  }
+}
+}
diff --git a/apps/api/src/environment/controller/environment.controller.ts b/apps/api/src/environment/controller/environment.controller.ts
@@ -15,6 +15,7 @@ import { Authority, User } from '@prisma/client'
 import { UpdateEnvironment } from '../dto/update.environment/update.environment'
 import { ApiTags } from '@nestjs/swagger'
 import { RequiredApiKeyAuthorities } from '../../decorators/required-api-key-authorities.decorator'
+import { AlphanumericReasonValidationPipe } from '../../common/alphanumeric-reason-pipe'
 
 @ApiTags('Environment Controller')
 @Controller('environment')
@@ -27,7 +28,7 @@ export class EnvironmentController {
     @CurrentUser() user: User,
     @Body() dto: CreateEnvironment,
     @Param('projectId') projectId: string,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.environmentService.createEnvironment(
       user,
@@ -43,7 +44,7 @@ export class EnvironmentController {
     @CurrentUser() user: User,
     @Body() dto: UpdateEnvironment,
     @Param('environmentId') environmentId: string,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.environmentService.updateEnvironment(
       user,
@@ -89,7 +90,7 @@ export class EnvironmentController {
   async deleteEnvironment(
     @CurrentUser() user: User,
     @Param('environmentId') environmentId: string,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.environmentService.deleteEnvironment(
       user,

diff --git a/apps/api/src/project/controller/project.controller.ts b/apps/api/src/project/controller/project.controller.ts
@@ -15,6 +15,7 @@ import { CreateProject } from '../dto/create.project/create.project'
 import { UpdateProject } from '../dto/update.project/update.project'
 import { ApiTags } from '@nestjs/swagger'
 import { RequiredApiKeyAuthorities } from '../../decorators/required-api-key-authorities.decorator'
+import { AlphanumericReasonValidationPipe } from '../../common/alphanumeric-reason-pipe'
 
 @ApiTags('Project Controller')
 @Controller('project')
@@ -27,7 +28,7 @@ export class ProjectController {
     @CurrentUser() user: User,
     @Param('workspaceId') workspaceId: Workspace['id'],
     @Body() dto: CreateProject,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.service.createProject(user, workspaceId, dto, reason)
   }
@@ -38,7 +39,7 @@ export class ProjectController {
     @CurrentUser() user: User,
     @Param('projectId') projectId: Project['id'],
     @Body() dto: UpdateProject,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.service.updateProject(user, projectId, dto, reason)
   }
@@ -48,7 +49,7 @@ export class ProjectController {
   async deleteProject(
     @CurrentUser() user: User,
     @Param('projectId') projectId: Project['id'],
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.service.deleteProject(user, projectId, reason)
   }

diff --git a/apps/api/src/secret/controller/secret.controller.ts b/apps/api/src/secret/controller/secret.controller.ts
@@ -15,6 +15,7 @@ import { CreateSecret } from '../dto/create.secret/create.secret'
 import { UpdateSecret } from '../dto/update.secret/update.secret'
 import { ApiTags } from '@nestjs/swagger'
 import { RequiredApiKeyAuthorities } from '../../decorators/required-api-key-authorities.decorator'
+import { AlphanumericReasonValidationPipe } from '../../common/alphanumeric-reason-pipe'
 
 @ApiTags('Secret Controller')
 @Controller('secret')
@@ -27,7 +28,7 @@ export class SecretController {
     @CurrentUser() user: User,
     @Param('projectId') projectId: string,
     @Body() dto: CreateSecret,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.secretService.createSecret(user, dto, projectId, reason)
   }
@@ -38,7 +39,7 @@ export class SecretController {
     @CurrentUser() user: User,
     @Param('secretId') secretId: string,
     @Body() dto: UpdateSecret,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.secretService.updateSecret(user, secretId, dto, reason)
   }
@@ -52,7 +53,7 @@ export class SecretController {
     @CurrentUser() user: User,
     @Param('secretId') secretId: string,
     @Param('environmentId') environmentId: string,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.secretService.updateSecretEnvironment(
       user,
@@ -68,7 +69,7 @@ export class SecretController {
     @CurrentUser() user: User,
     @Param('secretId') secretId: string,
     @Param('rollbackVersion') rollbackVersion: number,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.secretService.rollbackSecret(
       user,
@@ -83,7 +84,7 @@ export class SecretController {
   async deleteSecret(
     @CurrentUser() user: User,
     @Param('secretId') secretId: string,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.secretService.deleteSecret(user, secretId, reason)
   }

diff --git a/apps/api/src/variable/controller/variable.controller.ts b/apps/api/src/variable/controller/variable.controller.ts
@@ -12,9 +12,9 @@ import { ApiTags } from '@nestjs/swagger'
 import { VariableService } from '../service/variable.service'
 import { RequiredApiKeyAuthorities } from '../../decorators/required-api-key-authorities.decorator'
 import { Authority, User } from '@prisma/client'
+import { AlphanumericReasonValidationPipe } from '../../common/alphanumeric-reason-pipe'
 import { CurrentUser } from '../../decorators/user.decorator'
 import { CreateVariable } from '../dto/create.variable/create.variable'
-import { UpdateVariable } from '../dto/update.variable/update.variable'
 
 @ApiTags('Variable Controller')
 @Controller('variable')
@@ -27,7 +27,7 @@ export class VariableController {
     @CurrentUser() user: User,
     @Param('projectId') projectId: string,
     @Body() dto: CreateVariable,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe ) reason: string
   ) {
     return await this.variableService.createVariable(
       user,
@@ -42,8 +42,8 @@ export class VariableController {
   async updateVariable(
     @CurrentUser() user: User,
     @Param('variableId') variableId: string,
-    @Body() dto: UpdateVariable,
-    @Query('reason') reason: string
+    @Body() dto: CreateVariable,
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.variableService.updateVariable(
       user,
@@ -62,7 +62,7 @@ export class VariableController {
     @CurrentUser() user: User,
     @Param('variableId') variableId: string,
     @Param('environmentId') environmentId: string,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.variableService.updateVariableEnvironment(
       user,
@@ -78,7 +78,7 @@ export class VariableController {
     @CurrentUser() user: User,
     @Param('variableId') variableId: string,
     @Param('rollbackVersion') rollbackVersion: number,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.variableService.rollbackVariable(
       user,
@@ -93,7 +93,7 @@ export class VariableController {
   async deleteVariable(
     @CurrentUser() user: User,
     @Param('variableId') variableId: string,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return await this.variableService.deleteVariable(user, variableId, reason)
   }

diff --git a/apps/api/src/workspace/controller/workspace.controller.ts b/apps/api/src/workspace/controller/workspace.controller.ts
@@ -11,7 +11,8 @@ import {
 import { WorkspaceService } from '../service/workspace.service'
 import { CurrentUser } from '../../decorators/user.decorator'
 import { Authority, User, Workspace, WorkspaceRole } from '@prisma/client'
-import {
+import { AlphanumericReasonValidationPipe } from '../../common/alphanumeric-reason-pipe'
+import{
   CreateWorkspace,
   WorkspaceMemberDTO
 } from '../dto/create.workspace/create.workspace'
@@ -34,7 +35,7 @@ export class WorkspaceController {
     @CurrentUser() user: User,
     @Param('workspaceId') workspaceId: Workspace['id'],
     @Body() dto: UpdateWorkspace,
-    @Query('reason') reason: string
+    @Query('reason', AlphanumericReasonValidationPipe) reason: string
   ) {
     return this.workspaceService.updateWorkspace(user, workspaceId, dto, reason)
   }

diff --git a/package.json b/package.json
@@ -127,11 +127,13 @@
     "husky": "^9.0.11",
     "prettier": "^3.0.0",
     "prettier-plugin-tailwindcss": "^0.5.11",
+    "prisma": "5.12.1",
     "tsconfig": "workspace:*",
     "turbo": "^1.12.4"
   },
   "dependencies": {
     "@million/lint": "^0.0.73",
+    "@prisma/client": "5.12.1",
     "@sentry/node": "^7.102.0",
     "@sentry/profiling-node": "^7.102.0",
     "million": "^3.0.5",