Add validation to batch secret endpoint

2025-03-29 22:02:57 +00:00 · 2023-02-17 01:12:13 +07:00
parent 65bec23292
commit 625c0785b5
2 changed files with 29 additions and 16 deletions
--- a/backend/src/controllers/v2/secretsController.ts
+++ b/backend/src/controllers/v2/secretsController.ts
@ -44,23 +44,15 @@ export const batchSecrets = async (req: Request, res: Response) => {
    }= req.body;
    
    // construct object containing all secrets
-    // listed across requests
    const listedSecretsObj: {
        [key: string]: { 
            version: number;
            type: string;
        }
-    } = (await Secret.find({
-        _id: {
-            $in: requests
-                .map((request) => request.secret._id)
-                .filter((secretId) => secretId !== undefined)
-        }
-    }).select('version type')).reduce((obj: any, secret: ISecret) => ({
+    } = req.secrets.reduce((obj: any, secret: ISecret) => ({
        ...obj,
        [secret._id.toString()]: secret
    }), {});
-    

    const createSecrets: BatchSecret[] = [];
    const updateSecrets: BatchSecret[] = [];
--- a/backend/src/routes/v2/secrets.ts
+++ b/backend/src/routes/v2/secrets.ts
@ -6,8 +6,9 @@ import {
    requireSecretsAuth,
    validateRequest
 } from '../../middleware';
-import { query, check, body } from 'express-validator';
+import { query, body } from 'express-validator';
 import { secretsController } from '../../controllers/v2';
+import { validateSecrets } from '../../helpers/secret';
 import {
    ADMIN,
    MEMBER,
@ -15,14 +16,12 @@ import {
    SECRET_SHARED
 } from '../../variables';

-// TODO: create batch update endpoint
+import {
+    BatchSecretRequest
+} from '../../types/secret';

 router.post(
    '/batch',
-    body('workspaceId').exists().isString().trim(),
-    body('environment').exists().isString().trim(),
-    body('requests').exists(), // perform validation for batch requests
-    validateRequest,
    requireAuth({
        acceptedAuthModes: ['jwt', 'apiKey']
    }),
@ -30,8 +29,30 @@ router.post(
        acceptedRoles: [ADMIN, MEMBER],
        location: 'body'
    }),
+    body('workspaceId').exists().isString().trim(),
+    body('environment').exists().isString().trim(),
+    body('requests')
+        .exists()
+        .custom(async (requests: BatchSecretRequest[], { req }) => {
+            if (Array.isArray(requests)) {
+                const secretIds = requests
+                    .map((request) => request.secret._id)
+                    .filter((secretId) => secretId !== undefined)
+                
+                if (secretIds.length > 0) {
+                    const relevantSecrets = await validateSecrets({
+                        userId: req.user._id.toString(),
+                        secretIds
+                    });
+                    
+                    req.secrets = relevantSecrets;
+                }
+            }
+        return true;
+    }),
+    validateRequest,
    secretsController.batchSecrets
-)
+);

 router.post(
    '/',