Skip to content

Commit

Permalink
fix(projects-service): Validate project IDs in container endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
Clashsoft committed Oct 13, 2023
1 parent b417e8f commit 11af60c
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions services/apps/projects/src/container/container.controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -65,28 +65,31 @@ export class ContainerController {
@NotFound()
@ApiOkResponse({type: ContainerDto})
async findOne(
@Param('id') id: string,
@Param('id', ObjectIdPipe) id: Types.ObjectId,
@AuthUser() user: UserToken,
): Promise<ContainerDto | null> {
return this.containerService.findOne(id, user.sub);
return this.containerService.findOne(id.toString(), user.sub);
}

@Delete('projects/:id/container')
@MemberAuth({forbiddenResponse})
@NotFound()
@ApiOkResponse({type: ContainerDto})
async remove(
@Param('id') id: string,
@Param('id', ObjectIdPipe) id: Types.ObjectId,
@AuthUser() user: UserToken,
): Promise<ContainerDto | null> {
return this.containerService.remove(id, user.sub);
return this.containerService.remove(id.toString(), user.sub);
}

@Post('projects/:id/zip')
@ApiOperation({summary: 'Upload a zip file to add files to a project'})
@ProjectAuth({forbiddenResponse: 'Not owner of project.'})
@UseInterceptors(FileInterceptor('file'))
async unzip(@Param('id') id: string, @UploadedFile() file: Express.Multer.File): Promise<any | null> {
return this.containerService.unzip(id, file);
async unzip(
@Param('id', ObjectIdPipe) id: Types.ObjectId,
@UploadedFile() file: Express.Multer.File,
): Promise<any | null> {
return this.containerService.unzip(id.toString(), file);
}
}

0 comments on commit 11af60c

Please sign in to comment.