security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51, PR #59)
CI / Architecture Guardrails (push) Successful in 3m38s
CI / Assistant Split Regression (push) Successful in 4m40s
CI / Lint (push) Successful in 5m17s
CI / Typecheck (push) Successful in 5m46s
CI / Build (push) Successful in 7m1s
CI / Unit Tests (push) Failing after 9m41s
CI / Release Images (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / E2E Tests (push) Has started running
CI / Architecture Guardrails (push) Successful in 3m38s
CI / Assistant Split Regression (push) Successful in 4m40s
CI / Lint (push) Successful in 5m17s
CI / Typecheck (push) Successful in 5m46s
CI / Build (push) Successful in 7m1s
CI / Unit Tests (push) Failing after 9m41s
CI / Release Images (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / E2E Tests (push) Has started running
Closes #51 (ESLint rule + conventions doc remain as follow-up). Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
This commit was merged in pull request #59.
This commit is contained in:
@@ -6,17 +6,17 @@ export const webhookEventEnum = z.enum(WEBHOOK_EVENTS as unknown as [string, ...
|
||||
|
||||
export const createWebhookInputSchema = z.object({
|
||||
name: z.string().min(1).max(200),
|
||||
url: z.string().url(),
|
||||
secret: z.string().optional(),
|
||||
events: z.array(webhookEventEnum).min(1),
|
||||
url: z.string().url().max(2048),
|
||||
secret: z.string().min(16).max(256).optional(),
|
||||
events: z.array(webhookEventEnum).min(1).max(100),
|
||||
isActive: z.boolean().default(true),
|
||||
});
|
||||
|
||||
export const updateWebhookInputSchema = z.object({
|
||||
name: z.string().min(1).max(200).optional(),
|
||||
url: z.string().url().optional(),
|
||||
secret: z.string().nullish(),
|
||||
events: z.array(webhookEventEnum).min(1).optional(),
|
||||
url: z.string().url().max(2048).optional(),
|
||||
secret: z.string().min(16).max(256).nullish(),
|
||||
events: z.array(webhookEventEnum).min(1).max(100).optional(),
|
||||
isActive: z.boolean().optional(),
|
||||
});
|
||||
|
||||
@@ -35,9 +35,7 @@ type WebhookDb = {
|
||||
};
|
||||
};
|
||||
|
||||
export function buildWebhookCreateData(
|
||||
input: z.infer<typeof createWebhookInputSchema>,
|
||||
) {
|
||||
export function buildWebhookCreateData(input: z.infer<typeof createWebhookInputSchema>) {
|
||||
return {
|
||||
name: input.name,
|
||||
url: input.url,
|
||||
@@ -47,9 +45,7 @@ export function buildWebhookCreateData(
|
||||
};
|
||||
}
|
||||
|
||||
export function buildWebhookUpdateData(
|
||||
input: z.infer<typeof updateWebhookInputSchema>,
|
||||
) {
|
||||
export function buildWebhookUpdateData(input: z.infer<typeof updateWebhookInputSchema>) {
|
||||
return {
|
||||
...(input.name !== undefined ? { name: input.name } : {}),
|
||||
...(input.url !== undefined ? { url: input.url } : {}),
|
||||
@@ -59,10 +55,7 @@ export function buildWebhookUpdateData(
|
||||
};
|
||||
}
|
||||
|
||||
export async function loadWebhookOrThrow(
|
||||
db: WebhookDb,
|
||||
id: string,
|
||||
) {
|
||||
export async function loadWebhookOrThrow(db: WebhookDb, id: string) {
|
||||
const webhook = await db.webhook.findUnique({ where: { id } });
|
||||
if (!webhook) {
|
||||
throw new TRPCError({ code: "NOT_FOUND", message: "Webhook not found" });
|
||||
|
||||
Reference in New Issue
Block a user