Skip to content
Snippets Groups Projects
Commit 784e92e3 authored by L4168's avatar L4168
Browse files

added validation for gameId

parent 6b3c9b4d
No related branches found
No related tags found
3 merge requests!59Development to master,!48Development,!46Small fixes to Development
...@@ -9,6 +9,7 @@ import { Reflector } from '@nestjs/core'; ...@@ -9,6 +9,7 @@ import { Reflector } from '@nestjs/core';
import * as jwt from 'jsonwebtoken'; import * as jwt from 'jsonwebtoken';
import { InjectRepository } from '@nestjs/typeorm'; import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm'; import { Repository } from 'typeorm';
import { Validator } from 'class-validator';
import { Game_PersonEntity } from '../game/game.entity'; import { Game_PersonEntity } from '../game/game.entity';
...@@ -32,6 +33,12 @@ export class RolesGuard implements CanActivate { ...@@ -32,6 +33,12 @@ export class RolesGuard implements CanActivate {
return false; return false;
} }
const gameId = request.params.id; const gameId = request.params.id;
// create a valifator
const validator = new Validator();
// verify UUID
if (!validator.isUUID(gameId)) {
throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
}
request.user = await this.getUserObject(request.headers.authorization); request.user = await this.getUserObject(request.headers.authorization);
const role = await this.game_PersonRepository.findOne({ const role = await this.game_PersonRepository.findOne({
where: { person: request.user['id'], game: gameId }, where: { person: request.user['id'], game: gameId },
......
...@@ -8,6 +8,7 @@ import { ...@@ -8,6 +8,7 @@ import {
import { Reflector } from '@nestjs/core'; import { Reflector } from '@nestjs/core';
import { InjectRepository } from '@nestjs/typeorm'; import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm'; import { Repository } from 'typeorm';
import { Validator } from 'class-validator';
import { GameEntity } from '../game/game.entity'; import { GameEntity } from '../game/game.entity';
...@@ -29,6 +30,12 @@ export class StatesGuard implements CanActivate { ...@@ -29,6 +30,12 @@ export class StatesGuard implements CanActivate {
} }
const request = context.switchToHttp().getRequest(); const request = context.switchToHttp().getRequest();
const gameId = request.params.id; const gameId = request.params.id;
// create a valifator
const validator = new Validator();
// verify UUID
if (!validator.isUUID(gameId)) {
throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
}
const gameRef = await this.gameRepository.findOne({ const gameRef = await this.gameRepository.findOne({
id: gameId, id: gameId,
}); });
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment