added validation for gameId

784e92e3 · L4168 · 6b3c9b4d · 784e92e3 · 784e92e3
Commit 784e92e3 authored 5 years ago by L4168
--- a/src/shared/roles.guard.ts
+++ b/src/shared/roles.guard.ts
@@ -9,6 +9,7 @@ import { Reflector } from '@nestjs/core';
 import * as jwt from 'jsonwebtoken';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
+import { Validator } from 'class-validator';
 import { Game_PersonEntity } from '../game/game.entity';
@@ -32,6 +33,12 @@ export class RolesGuard implements CanActivate {
      return false;
    }
    const gameId = request.params.id;
+    // create a valifator
+    const validator = new Validator();
+    // verify UUID
+    if (!validator.isUUID(gameId)) {
+      throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
+    }
    request.user = await this.getUserObject(request.headers.authorization);
    const role = await this.game_PersonRepository.findOne({
      where: { person: request.user['id'], game: gameId },

--- a/src/shared/states.guard.ts
+++ b/src/shared/states.guard.ts
@@ -8,6 +8,7 @@ import {
 import { Reflector } from '@nestjs/core';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
+import { Validator } from 'class-validator';
 import { GameEntity } from '../game/game.entity';
@@ -29,6 +30,12 @@ export class StatesGuard implements CanActivate {
    }
    const request = context.switchToHttp().getRequest();
    const gameId = request.params.id;
+    // create a valifator
+    const validator = new Validator();
+    // verify UUID
+    if (!validator.isUUID(gameId)) {
+      throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
+    }
    const gameRef = await this.gameRepository.findOne({
      id: gameId,
    });