mirror of
https://github.com/HeyPuter/puter.git
synced 2025-12-29 17:20:01 -06:00
fix: update validation for permission endpoints
Permission endpoints would trigger 500 errors in cases where the request did not have correct types for values in the request body. This migrates all of these endpoints to use the new `validate_fields` function, which is intended to make validation of fields clearer and more consistent.
This commit is contained in:
KernelDeimos
@@ -20,6 +20,7 @@ const APIError = require('../../api/APIError');
|
||||
const eggspress = require('../../api/eggspress');
|
||||
const { UserActorType } = require('../../services/auth/Actor');
|
||||
const { Context } = require('../../util/context');
|
||||
const { validate_fields } = require('../../util/validutil');
|
||||
|
||||
module.exports = eggspress('/auth/grant-dev-app', {
|
||||
subdomain: 'api',
|
||||
@@ -40,15 +41,12 @@ module.exports = eggspress('/auth/grant-dev-app', {
|
||||
req.body.app_uid = await svc_auth.app_uid_from_origin(req.body.origin);
|
||||
}
|
||||
|
||||
if ( ! req.body.app_uid ) {
|
||||
throw APIError.create('field_missing', null, { key: 'app_uid' });
|
||||
}
|
||||
|
||||
if ( ! req.body.permission ) {
|
||||
throw APIError.create('field_missing', null, {
|
||||
key: 'permission',
|
||||
});
|
||||
}
|
||||
validate_fields({
|
||||
app_uid: { type: 'string', optional: false },
|
||||
permission: { type: 'string', optional: false },
|
||||
extra: { type: 'object', optional: true },
|
||||
meta: { type: 'object', optional: true },
|
||||
}, req.body);
|
||||
|
||||
await svc_permission.grant_dev_app_permission(actor, req.body.app_uid, req.body.permission, req.body.extra || {}, req.body.meta || {});
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ const APIError = require('../../api/APIError');
|
||||
const eggspress = require('../../api/eggspress');
|
||||
const { UserActorType } = require('../../services/auth/Actor');
|
||||
const { Context } = require('../../util/context');
|
||||
const { validate_fields } = require('../../util/validutil');
|
||||
|
||||
module.exports = eggspress('/auth/grant-user-app', {
|
||||
subdomain: 'api',
|
||||
@@ -40,15 +41,12 @@ module.exports = eggspress('/auth/grant-user-app', {
|
||||
req.body.app_uid = await svc_auth.app_uid_from_origin(req.body.origin);
|
||||
}
|
||||
|
||||
if ( ! req.body.app_uid ) {
|
||||
throw APIError.create('field_missing', null, { key: 'app_uid' });
|
||||
}
|
||||
|
||||
if ( ! req.body.permission ) {
|
||||
throw APIError.create('field_missing', null, {
|
||||
key: 'permission',
|
||||
});
|
||||
}
|
||||
validate_fields({
|
||||
app_uid: { type: 'string', optional: false },
|
||||
permission: { type: 'string', optional: false },
|
||||
extra: { type: 'object', optional: true },
|
||||
meta: { type: 'object', optional: true },
|
||||
}, req.body);
|
||||
|
||||
await svc_permission.grant_user_app_permission(actor, req.body.app_uid, req.body.permission, req.body.extra || {}, req.body.meta || {});
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ const APIError = require('../../api/APIError');
|
||||
const eggspress = require('../../api/eggspress');
|
||||
const { UserActorType } = require('../../services/auth/Actor');
|
||||
const { Context } = require('../../util/context');
|
||||
const { validate_fields } = require('../../util/validutil');
|
||||
|
||||
module.exports = eggspress('/auth/grant-user-group', {
|
||||
subdomain: 'api',
|
||||
@@ -35,17 +36,12 @@ module.exports = eggspress('/auth/grant-user-group', {
|
||||
throw APIError.create('forbidden');
|
||||
}
|
||||
|
||||
if ( ! req.body.group_uid ) {
|
||||
throw APIError.create('field_missing', null, {
|
||||
key: 'group_uid',
|
||||
});
|
||||
}
|
||||
|
||||
if ( ! req.body.permission ) {
|
||||
throw APIError.create('field_missing', null, {
|
||||
key: 'permission',
|
||||
});
|
||||
}
|
||||
validate_fields({
|
||||
group_uid: { type: 'string', optional: false },
|
||||
permission: { type: 'string', optional: false },
|
||||
extra: { type: 'object', optional: true },
|
||||
meta: { type: 'object', optional: true },
|
||||
}, req.body);
|
||||
|
||||
await svc_permission.grant_user_group_permission(actor, req.body.group_uid, req.body.permission, req.body.extra || {}, req.body.meta || {});
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ const APIError = require('../../api/APIError');
|
||||
const eggspress = require('../../api/eggspress');
|
||||
const { UserActorType } = require('../../services/auth/Actor');
|
||||
const { Context } = require('../../util/context');
|
||||
const { validate_fields } = require('../../util/validutil');
|
||||
|
||||
module.exports = eggspress('/auth/grant-user-user', {
|
||||
subdomain: 'api',
|
||||
@@ -35,15 +36,12 @@ module.exports = eggspress('/auth/grant-user-user', {
|
||||
throw APIError.create('forbidden');
|
||||
}
|
||||
|
||||
if ( ! req.body.target_username ) {
|
||||
throw APIError.create('field_missing', null, { key: 'target_username' });
|
||||
}
|
||||
|
||||
if ( ! req.body.permission ) {
|
||||
throw APIError.create('field_missing', null, {
|
||||
key: 'permission',
|
||||
});
|
||||
}
|
||||
validate_fields({
|
||||
target_username: { type: 'string', optional: false },
|
||||
permission: { type: 'string', optional: false },
|
||||
extra: { type: 'object', optional: true },
|
||||
meta: { type: 'object', optional: true },
|
||||
}, req.body);
|
||||
|
||||
await svc_permission.grant_user_user_permission(actor, req.body.target_username, req.body.permission, req.body.extra || {}, req.body.meta || {});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user