From 18d0009d890331116df29b95cc67189a82f18530 Mon Sep 17 00:00:00 2001 From: Dylan Depass Date: Tue, 22 Oct 2024 14:39:20 -0400 Subject: [PATCH] fix: use sku from path and sanitize --- src/catalog/handler.js | 5 +++++ src/utils/product.js | 2 ++ src/utils/r2.js | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/catalog/handler.js b/src/catalog/handler.js index c67176e..e9b533e 100644 --- a/src/catalog/handler.js +++ b/src/catalog/handler.js @@ -10,6 +10,7 @@ * governing permissions and limitations under the License. */ +import { hasUppercase } from '../utils/product.js'; import { errorResponse } from '../utils/http.js'; import { handleProductLookupRequest } from './lookup.js'; import { handleProductFetchRequest } from './fetch.js'; @@ -45,6 +46,10 @@ export default async function catalogHandler(ctx, config, request) { const [storeCode, storeViewCode, subRoute, sku] = pathSegments.slice(catalogIndex + 1); + if (hasUppercase(sku)) { + return errorResponse(400, 'Invalid SKU: SKU cannot contain uppercase letters'); + } + Object.assign(config, { storeCode, storeViewCode, subRoute, sku, }); diff --git a/src/utils/product.js b/src/utils/product.js index b61796f..c3d73bc 100644 --- a/src/utils/product.js +++ b/src/utils/product.js @@ -10,6 +10,8 @@ * governing permissions and limitations under the License. */ +export const hasUppercase = (str) => /[A-Z]/.test(str); + /** * This function combines an array of strings with interpolated * parameters to create a GraphQL query string. diff --git a/src/utils/r2.js b/src/utils/r2.js index 8995ecd..b68a460 100644 --- a/src/utils/r2.js +++ b/src/utils/r2.js @@ -51,7 +51,8 @@ export async function saveProducts(ctx, config, products) { const storeProductsBatch = async (batch) => { const storePromises = batch.map(async (product) => { try { - const { sku, name, urlKey } = product; + const { name, urlKey } = product; + const { sku } = config; const key = `${config.org}/${config.site}/${config.env}/${config.storeCode}/${config.storeViewCode}/products/${sku}.json`; const body = JSON.stringify(product); const customMetadata = { sku, name, urlKey };