From 784e92e32e9ae39cf8e4ad4fb869e549bef21d68 Mon Sep 17 00:00:00 2001
From: L4168 <L4168@student.jamk.fi>
Date: Fri, 12 Jul 2019 10:13:59 +0300
Subject: [PATCH] added validation for gameId

---
 src/shared/roles.guard.ts  | 7 +++++++
 src/shared/states.guard.ts | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/src/shared/roles.guard.ts b/src/shared/roles.guard.ts
index ae5c05f..359a42d 100644
--- a/src/shared/roles.guard.ts
+++ b/src/shared/roles.guard.ts
@@ -9,6 +9,7 @@ import { Reflector } from '@nestjs/core';
 import * as jwt from 'jsonwebtoken';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
+import { Validator } from 'class-validator';
 
 import { Game_PersonEntity } from '../game/game.entity';
 
@@ -32,6 +33,12 @@ export class RolesGuard implements CanActivate {
       return false;
     }
     const gameId = request.params.id;
+    // create a valifator
+    const validator = new Validator();
+    // verify UUID
+    if (!validator.isUUID(gameId)) {
+      throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
+    }
     request.user = await this.getUserObject(request.headers.authorization);
     const role = await this.game_PersonRepository.findOne({
       where: { person: request.user['id'], game: gameId },
diff --git a/src/shared/states.guard.ts b/src/shared/states.guard.ts
index 9e85e94..961b936 100644
--- a/src/shared/states.guard.ts
+++ b/src/shared/states.guard.ts
@@ -8,6 +8,7 @@ import {
 import { Reflector } from '@nestjs/core';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
+import { Validator } from 'class-validator';
 
 import { GameEntity } from '../game/game.entity';
 
@@ -29,6 +30,12 @@ export class StatesGuard implements CanActivate {
     }
     const request = context.switchToHttp().getRequest();
     const gameId = request.params.id;
+    // create a valifator
+    const validator = new Validator();
+    // verify UUID
+    if (!validator.isUUID(gameId)) {
+      throw new HttpException('Game not found', HttpStatus.BAD_REQUEST);
+    }
     const gameRef = await this.gameRepository.findOne({
       id: gameId,
     });
-- 
GitLab