sij/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2025-04-23 13:08:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions1

[FEAT] Prisma injection validation ()

Browse source 
check all prisma models/model usage and patch any potential sql injection vulns
This commit is contained in:
Sean Hatfield 2024-07-16 16:40:05 -07:00 committed by GitHub
parent 9b86bbd2b8
commit e909b25b29
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 1 deletions

11
server/models/user.js
View file

@ -22,6 +22,15 @@ const User = {
throw new Error(e.message); throw new Error(e.message);
} }
}, },
role: (role = "default") => {
const VALID_ROLES = ["default", "admin", "manager"];
if (!VALID_ROLES.includes(role)) {
throw new Error(
`Invalid role. Allowed roles are: ${VALID_ROLES.join(", ")}`
);
}
return String(role);
},
}, },
// validations for the above writable fields. // validations for the above writable fields.
@ -52,7 +61,7 @@ const User = {
data: { data: {
username: this.validations.username(username), username: this.validations.username(username),
password: hashedPassword, password: hashedPassword,
role: String(role), role: this.validations.role(role),
}, },
}); });
return { user: this.filterFields(user), error: null }; return { user: this.filterFields(user), error: null };