mirror of
https://github.com/vernu/textbee.git
synced 2026-04-24 08:47:22 -04:00
chore(api): validate deviceId string
This commit is contained in:
@@ -69,6 +69,7 @@ export class AuthController {
|
||||
return { data }
|
||||
}
|
||||
|
||||
// TODO: Add a guard to check if the user is the owner of the api key
|
||||
@UseGuards(AuthGuard)
|
||||
@ApiOperation({ summary: 'Generate Api Key' })
|
||||
@ApiBearerAuth()
|
||||
|
||||
@@ -5,6 +5,7 @@ import {
|
||||
HttpStatus,
|
||||
Injectable,
|
||||
} from '@nestjs/common'
|
||||
import mongoose from 'mongoose'
|
||||
import { UserRole } from 'src/users/user-roles.enum'
|
||||
import { GatewayService } from '../gateway.service'
|
||||
|
||||
@@ -18,6 +19,14 @@ export class CanModifyDevice implements CanActivate {
|
||||
const deviceId = request.params.id
|
||||
const userId = request.user?.id
|
||||
|
||||
const isValidId = mongoose.Types.ObjectId.isValid(deviceId)
|
||||
if (!isValidId) {
|
||||
throw new HttpException(
|
||||
{ error: 'Invalid device id' },
|
||||
HttpStatus.BAD_REQUEST,
|
||||
)
|
||||
}
|
||||
|
||||
const device = await this.gatewayService.getDeviceById(deviceId)
|
||||
if (
|
||||
!!userId &&
|
||||
|
||||
Reference in New Issue
Block a user