mirror of
https://github.com/twentyhq/twenty.git
synced 2024-12-25 13:02:15 +03:00
fix: forbid creation of objects or fields with certain characters or with forbidden keywords that clashes with pg_graphql (#3957)
* fix: forbid creation of objects or fields with certain characters or with forbidden keywords that clashes with pg_graphql * refactor: add a decorator for name validation and use it on fields
This commit is contained in:
parent
b1eb0577bc
commit
0fe838d320
@ -0,0 +1,24 @@
|
||||
import {
|
||||
registerDecorator,
|
||||
ValidationOptions,
|
||||
ValidationArguments,
|
||||
} from 'class-validator';
|
||||
|
||||
export function IsValidName(validationOptions?: ValidationOptions) {
|
||||
return function (object: object, propertyName: string) {
|
||||
registerDecorator({
|
||||
name: 'IsValidName',
|
||||
target: object.constructor,
|
||||
propertyName: propertyName,
|
||||
options: validationOptions,
|
||||
validator: {
|
||||
validate(value: any) {
|
||||
return /^(?!(?:not|or|and)$)[^'\"\\;.=*/]+$/.test(value);
|
||||
},
|
||||
defaultMessage(args: ValidationArguments) {
|
||||
return `${args.property} has failed the name validation check`;
|
||||
},
|
||||
},
|
||||
});
|
||||
};
|
||||
}
|
@ -34,6 +34,7 @@ import { FieldMetadataType } from 'src/metadata/field-metadata/field-metadata.en
|
||||
import { BeforeDeleteOneField } from 'src/metadata/field-metadata/hooks/before-delete-one-field.hook';
|
||||
import { IsFieldMetadataDefaultValue } from 'src/metadata/field-metadata/validators/is-field-metadata-default-value.validator';
|
||||
import { IsFieldMetadataOptions } from 'src/metadata/field-metadata/validators/is-field-metadata-options.validator';
|
||||
import { IsValidName } from 'src/metadata/decorators/is-valid-name.decorator';
|
||||
|
||||
registerEnumType(FieldMetadataType, {
|
||||
name: 'FieldMetadataType',
|
||||
@ -74,6 +75,7 @@ export class FieldMetadataDTO<
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
@Field()
|
||||
@IsValidName()
|
||||
name: string;
|
||||
|
||||
@IsString()
|
||||
|
@ -3,6 +3,7 @@ import { Field, HideField, InputType } from '@nestjs/graphql';
|
||||
import { BeforeCreateOne } from '@ptc-org/nestjs-query-graphql';
|
||||
import { IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
|
||||
|
||||
import { IsValidName } from 'src/metadata/decorators/is-valid-name.decorator';
|
||||
import { BeforeCreateOneObject } from 'src/metadata/object-metadata/hooks/before-create-one-object.hook';
|
||||
|
||||
@InputType()
|
||||
@ -11,11 +12,13 @@ export class CreateObjectInput {
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
@Field()
|
||||
@IsValidName()
|
||||
nameSingular: string;
|
||||
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
@Field()
|
||||
@IsValidName()
|
||||
namePlural: string;
|
||||
|
||||
@IsString()
|
||||
|
@ -3,6 +3,7 @@ import { Field, InputType } from '@nestjs/graphql';
|
||||
import { BeforeUpdateOne } from '@ptc-org/nestjs-query-graphql';
|
||||
import { IsBoolean, IsOptional, IsString, IsUUID } from 'class-validator';
|
||||
|
||||
import { IsValidName } from 'src/metadata/decorators/is-valid-name.decorator';
|
||||
import { BeforeUpdateOneObject } from 'src/metadata/object-metadata/hooks/before-update-one-object.hook';
|
||||
|
||||
@InputType()
|
||||
@ -21,11 +22,13 @@ export class UpdateObjectInput {
|
||||
@IsString()
|
||||
@IsOptional()
|
||||
@Field({ nullable: true })
|
||||
@IsValidName()
|
||||
nameSingular?: string;
|
||||
|
||||
@IsString()
|
||||
@IsOptional()
|
||||
@Field({ nullable: true })
|
||||
@IsValidName()
|
||||
namePlural?: string;
|
||||
|
||||
@IsString()
|
||||
|
Loading…
Reference in New Issue
Block a user