sij/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2025-04-24 21:48:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[FEAT] Prisma injection validation ()

Browse source 
check all prisma models/model usage and patch any potential sql injection vulns
This commit is contained in:
Sean Hatfield 2024-07-16 16:40:05 -07:00 committed by GitHub
parent 9b86bbd2b8
commit e909b25b29
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 1 deletions

11
server/models/user.js
View file

@ -22,6 +22,15 @@ const User = {
throw new Error(e.message);
}
},
role: (role = "default") => {
const VALID_ROLES = ["default", "admin", "manager"];
if (!VALID_ROLES.includes(role)) {
throw new Error(
`Invalid role. Allowed roles are: ${VALID_ROLES.join(", ")}`
);
}
return String(role);
},
},
// validations for the above writable fields.
@ -52,7 +61,7 @@ const User = {
data: {
username: this.validations.username(username),
password: hashedPassword,
role: String(role),
role: this.validations.role(role),
},
});
return { user: this.filterFields(user), error: null };