From 7ad74a3c10a8c1c10270321eb649d97dc3082595 Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 16 May 2024 13:19:04 +0000 Subject: [PATCH 1/2] chore: clean zod validation in database api endpoints --- .../api/_hub/database/[command].post.ts | 29 +++++++------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/src/runtime/server/api/_hub/database/[command].post.ts b/src/runtime/server/api/_hub/database/[command].post.ts index 9d30711e..88eb9189 100644 --- a/src/runtime/server/api/_hub/database/[command].post.ts +++ b/src/runtime/server/api/_hub/database/[command].post.ts @@ -6,7 +6,7 @@ import { requireNuxtHubFeature } from '../../../utils/features' const statementValidation = z.object({ query: z.string().min(1).max(1e6).trim(), - params: z.any().array() + params: z.any().array().default([]), }) export default eventHandler(async (event) => { @@ -20,20 +20,17 @@ export default eventHandler(async (event) => { const db = hubDatabase() if (command === 'exec') { - const { query } = await readValidatedBody(event, z.object({ - query: z.string().min(1).max(1e6).trim() - }).parse) + const { query } = await readValidatedBody(event, statementValidation.pick({ query: true }).parse) return db.exec(query) } if (command === 'dump') { return db.dump() } if (command === 'first') { - const { query, params, colName } = await readValidatedBody(event, z.object({ - query: z.string().min(1).max(1e6).trim(), - params: z.any().array(), - colName: z.string().optional() - }).parse) + const { query, params, colName } = await readValidatedBody(event, z.intersection( + statementValidation, + z.object({ colName: z.string().optional() }) + ).parse) if (colName) { return db.prepare(query).bind(...params).first(colName) } @@ -41,21 +38,17 @@ export default eventHandler(async (event) => { } if (command === 'batch') { - const statements = await readValidatedBody(event, z.array(z.object({ - query: z.string().min(1).max(1e6).trim(), - params: z.any().array() - })).parse) + const statements = await readValidatedBody(event, z.array(statementValidation).parse) return db.batch( statements.map(stmt => db.prepare(stmt.query).bind(...stmt.params)) ) } if (command === 'raw') { - const { query, params, columnNames } = await readValidatedBody(event, z.object({ - query: z.string().min(1).max(1e6).trim(), - params: z.any().array(), - columnNames: z.boolean().default(false) - }).parse) + const { query, params, columnNames } = await readValidatedBody(event, z.intersection( + statementValidation, + z.object({ columnNames: z.boolean().default(false) }) + ).parse) // @ts-expect-error overload on columnNames return db.prepare(query).bind(...params).raw({ columnNames }) } From 1900b9d88a06b1bdc3ce9cc42aa8628312feb444 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 13:19:45 +0000 Subject: [PATCH 2/2] [autofix.ci] apply automated fixes --- src/runtime/server/api/_hub/database/[command].post.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/server/api/_hub/database/[command].post.ts b/src/runtime/server/api/_hub/database/[command].post.ts index 88eb9189..b29d843d 100644 --- a/src/runtime/server/api/_hub/database/[command].post.ts +++ b/src/runtime/server/api/_hub/database/[command].post.ts @@ -6,7 +6,7 @@ import { requireNuxtHubFeature } from '../../../utils/features' const statementValidation = z.object({ query: z.string().min(1).max(1e6).trim(), - params: z.any().array().default([]), + params: z.any().array().default([]) }) export default eventHandler(async (event) => {