Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(api): validate rolePresets with RolePresetsSchema before DB cast

Browse Source 
Replace z.array(z.unknown()) with RolePresetsSchema for blueprint
role presets mutation input, ensuring structural validation before
Prisma JSON cast. Also adds SECURITY.md for vulnerability disclosure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hartmut Nörenberg
2026-04-11 08:35:02 +02:00
parent 9c537b027b
commit e3551fb78f
3 changed files with 41 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/router/blueprint-support.ts
+7 -7
View File
@@ -30,23 +30,23 @@ export async function findBlueprintByIdentifier<TBlueprint>(
): Promise<TBlueprint> {
const normalizedIdentifier = identifier.trim();
let blueprint = await db.blueprint.findUnique({
let blueprint = (await db.blueprint.findUnique({
where: { id: normalizedIdentifier },
...extraArgs,
}) as TBlueprint | null;
})) as TBlueprint | null;
if (!blueprint) {
blueprint = await db.blueprint.findFirst({
blueprint = (await db.blueprint.findFirst({
where: { name: { equals: normalizedIdentifier, mode: "insensitive" } },
...extraArgs,
}) as TBlueprint | null;
})) as TBlueprint | null;
}
if (!blueprint) {
blueprint = await db.blueprint.findFirst({
blueprint = (await db.blueprint.findFirst({
where: { name: { contains: normalizedIdentifier, mode: "insensitive" } },
...extraArgs,
}) as TBlueprint | null;
})) as TBlueprint | null;
}
if (!blueprint) {
@@ -91,7 +91,7 @@ export function buildBlueprintUpdateData(
}
export function buildBlueprintRolePresetsUpdateData(
rolePresets: unknown[],
rolePresets: readonly Record<string, unknown>[],
): Prisma.BlueprintUncheckedUpdateInput {
return {
rolePresets: rolePresets as unknown as Prisma.InputJsonValue,