Browse Source

prevent api resource updates if raw resources is disabled

Milo Schwartz 5 months ago
parent
commit
0840c166ab
2 changed files with 49 additions and 19 deletions
  1. 25 9
      server/routers/resource/createResource.ts
  2. 24 10
      server/routers/resource/updateResource.ts

+ 25 - 9
server/routers/resource/createResource.ts

@@ -18,6 +18,7 @@ import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { subdomainSchema } from "@server/schemas/subdomainSchema";
+import config from "@server/lib/config";
 
 const createResourceParamsSchema = z
     .object({
@@ -63,6 +64,30 @@ const createResourceSchema = z
             message: "Invalid subdomain",
             path: ["subdomain"]
         }
+    )
+    .refine(
+        (data) => {
+            if (!config.getRawConfig().flags?.allow_raw_resources) {
+                if (data.proxyPort !== undefined) {
+                    return false;
+                }
+            }
+            return true;
+        },
+        {
+            message: "Cannot update proxyPort"
+        }
+    )
+    .refine(
+        (data) => {
+            if (data.proxyPort === 443 || data.proxyPort === 80) {
+                return false;
+            }
+            return true;
+        },
+        {
+            message: "Port 80 and 443 are reserved for http and https resources"
+        }
     );
 
 export type CreateResourceResponse = Resource;
@@ -133,15 +158,6 @@ export async function createResource(
                     )
                 );
 
-            if (proxyPort === 443 || proxyPort === 80) {
-                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        "Port 80 and 443 are reserved for https resources"
-                    )
-                );
-            }
-
             if (existingResource.length > 0) {
                 return next(
                     createHttpError(

+ 24 - 10
server/routers/resource/updateResource.ts

@@ -9,6 +9,7 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { subdomainSchema } from "@server/schemas/subdomainSchema";
+import config from "@server/lib/config";
 
 const updateResourceParamsSchema = z
     .object({
@@ -32,7 +33,29 @@ const updateResourceBodySchema = z
     .strict()
     .refine((data) => Object.keys(data).length > 0, {
         message: "At least one field must be provided for update"
-    });
+    })
+    .refine(
+        (data) => {
+            if (!config.getRawConfig().flags?.allow_raw_resources) {
+                if (data.proxyPort !== undefined) {
+                    return false;
+                }
+            }
+            return true;
+        },
+        { message: "Cannot update proxyPort" }
+    )
+    .refine(
+        (data) => {
+            if (data.proxyPort === 443 || data.proxyPort === 80) {
+                return false;
+            }
+            return true;
+        },
+        {
+            message: "Port 80 and 443 are reserved for http and https resources"
+        }
+    );
 
 export async function updateResource(
     req: Request,
@@ -93,15 +116,6 @@ export async function updateResource(
                     )
                 );
 
-            if (proxyPort === 443 || proxyPort === 80) {
-                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        "Port 80 and 443 are reserved for https resources"
-                    )
-                );
-            }
-
             if (
                 existingResource.length > 0 &&
                 existingResource[0].resourceId !== resourceId