From fd3fde9cc81d2ad16850f3d51b9f29cf5a9d148e Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Fri, 4 Mar 2022 18:01:08 +0100
Subject: [PATCH] refactor(api/private/history): validate POST data with DTO

This adds a `HistoryEntryImportListDto` which allows
to fully validate incoming JSON data.

Signed-off-by: David Mehren <git@herrmehren.de>
---
 src/api/private/me/history/history.controller.ts |  6 +++---
 src/history/history-entry-import.dto.ts          | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/api/private/me/history/history.controller.ts b/src/api/private/me/history/history.controller.ts
index e01a952ff..c8e0d8d03 100644
--- a/src/api/private/me/history/history.controller.ts
+++ b/src/api/private/me/history/history.controller.ts
@@ -15,7 +15,7 @@ import {
 } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 
-import { HistoryEntryImportDto } from '../../../../history/history-entry-import.dto';
+import { HistoryEntryImportListDto } from '../../../../history/history-entry-import.dto';
 import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto';
 import { HistoryEntryDto } from '../../../../history/history-entry.dto';
 import { HistoryService } from '../../../../history/history.service';
@@ -53,9 +53,9 @@ export class HistoryController {
   @OpenApi(201, 404)
   async setHistory(
     @RequestUser() user: User,
-    @Body('history') history: HistoryEntryImportDto[],
+    @Body() historyImport: HistoryEntryImportListDto,
   ): Promise<void> {
-    await this.historyService.setHistory(user, history);
+    await this.historyService.setHistory(user, historyImport.history);
   }
 
   @Delete()
diff --git a/src/history/history-entry-import.dto.ts b/src/history/history-entry-import.dto.ts
index d802d7899..e11ea6000 100644
--- a/src/history/history-entry-import.dto.ts
+++ b/src/history/history-entry-import.dto.ts
@@ -4,7 +4,13 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 import { Type } from 'class-transformer';
-import { IsBoolean, IsDate, IsString } from 'class-validator';
+import {
+  IsArray,
+  IsBoolean,
+  IsDate,
+  IsString,
+  ValidateNested,
+} from 'class-validator';
 
 import { BaseDto } from '../utils/base.dto.';
 
@@ -28,3 +34,10 @@ export class HistoryEntryImportDto extends BaseDto {
   @Type(() => Date)
   lastVisited: Date;
 }
+
+export class HistoryEntryImportListDto extends BaseDto {
+  @ValidateNested({ each: true })
+  @IsArray()
+  @Type(() => HistoryEntryImportDto)
+  history: HistoryEntryImportDto[];
+}