From ace1b7fad6b6875aa38fd7b265b14fcceb52dfbc Mon Sep 17 00:00:00 2001 From: David Mehren Date: Thu, 29 Apr 2021 16:43:16 +0200 Subject: [PATCH] MeController: Double-check that req.user is defined TokenAuthGuard ensures that req.user is always defined, but thanks to strict mode we have to check again. In the future, we may add a custom Request type and a custom param decorator to centralize the check. Signed-off-by: David Mehren --- src/api/public/me/me.controller.ts | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/api/public/me/me.controller.ts b/src/api/public/me/me.controller.ts index 3bc2ae167..2ba887108 100644 --- a/src/api/public/me/me.controller.ts +++ b/src/api/public/me/me.controller.ts @@ -15,6 +15,7 @@ import { Put, UseGuards, Req, + InternalServerErrorException, } from '@nestjs/common'; import { HistoryEntryUpdateDto } from '../../../history/history-entry-update.dto'; import { HistoryService } from '../../../history/history.service'; @@ -65,6 +66,10 @@ export class MeController { }) @ApiUnauthorizedResponse({ description: unauthorizedDescription }) async getMe(@Req() req: Request): Promise { + if (!req.user) { + // We should never reach this, as the TokenAuthGuard handles missing user info + throw new InternalServerErrorException('Request did not specify user'); + } return this.usersService.toUserDto( await this.usersService.getUserByUsername(req.user.userName), ); @@ -79,6 +84,10 @@ export class MeController { }) @ApiUnauthorizedResponse({ description: unauthorizedDescription }) async getUserHistory(@Req() req: Request): Promise { + if (!req.user) { + // We should never reach this, as the TokenAuthGuard handles missing user info + throw new InternalServerErrorException('Request did not specify user'); + } const foundEntries = await this.historyService.getEntriesByUser(req.user); return await Promise.all( foundEntries.map((entry) => this.historyService.toHistoryEntryDto(entry)), @@ -97,6 +106,10 @@ export class MeController { @Req() req: Request, @Param('note') note: string, ): Promise { + if (!req.user) { + // We should never reach this, as the TokenAuthGuard handles missing user info + throw new InternalServerErrorException('Request did not specify user'); + } try { const foundEntry = await this.historyService.getEntryByNoteIdOrAlias( note, @@ -124,6 +137,10 @@ export class MeController { @Param('note') note: string, @Body() entryUpdateDto: HistoryEntryUpdateDto, ): Promise { + if (!req.user) { + // We should never reach this, as the TokenAuthGuard handles missing user info + throw new InternalServerErrorException('Request did not specify user'); + } // ToDo: Check if user is allowed to pin this history entry try { return this.historyService.toHistoryEntryDto( @@ -151,6 +168,10 @@ export class MeController { @Req() req: Request, @Param('note') note: string, ): Promise { + if (!req.user) { + // We should never reach this, as the TokenAuthGuard handles missing user info + throw new InternalServerErrorException('Request did not specify user'); + } // ToDo: Check if user is allowed to delete note try { await this.historyService.deleteHistoryEntry(note, req.user); @@ -171,6 +192,10 @@ export class MeController { }) @ApiUnauthorizedResponse({ description: unauthorizedDescription }) async getMyNotes(@Req() req: Request): Promise { + if (!req.user) { + // We should never reach this, as the TokenAuthGuard handles missing user info + throw new InternalServerErrorException('Request did not specify user'); + } const notes = this.notesService.getUserNotes(req.user); return await Promise.all( (await notes).map((note) => this.notesService.toNoteMetadataDto(note)), @@ -186,6 +211,10 @@ export class MeController { }) @ApiUnauthorizedResponse({ description: unauthorizedDescription }) async getMyMedia(@Req() req: Request): Promise { + if (!req.user) { + // We should never reach this, as the TokenAuthGuard handles missing user info + throw new InternalServerErrorException('Request did not specify user'); + } const media = await this.mediaService.listUploadsByUser(req.user); return media.map((media) => this.mediaService.toMediaUploadDto(media)); }