github/oneuptime
1
1
Fork 0
mirror of https://github.com/OneUptime/oneuptime.git synced 2026-04-06 00:32:12 +02:00
Code Issues 193 Packages Projects Releases Wiki Activity

feat(api): add item validation and user ID checks in verification endpoints for UserCall, UserEmail, UserSMS, and UserWhatsApp

Browse Source
This commit is contained in:
Nawaz Dhandala
2026-03-07 18:44:27 +00:00
parent 4dc9542c2c
commit ea57608ca6
4 changed files with 116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Common/Server/API/UserCallAPI.ts
View File

@@ -136,6 +136,35 @@ export default class UserCallAPI extends BaseAPI<
);
}
const item: UserCall | null = await this.service.findOneById({
id: req.body["itemId"],
props: {
isRoot: true,
},
select: {
userId: true,
},
});
if (!item) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Item not found"),
);
}
if (
item.userId?.toString() !==
(req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Invalid user ID"),
);
}
await this.service.resendVerificationCode(req.body.itemId);
return Response.sendEmptySuccessResponse(req, res);

29
Common/Server/API/UserEmailAPI.ts
View File

@@ -137,6 +137,35 @@ export default class UserEmailAPI extends BaseAPI<
);
}
const item: UserEmail | null = await this.service.findOneById({
id: req.body["itemId"],
props: {
isRoot: true,
},
select: {
userId: true,
},
});
if (!item) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Item not found"),
);
}
if (
item.userId?.toString() !==
(req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Invalid user ID"),
);
}
await this.service.resendVerificationCode(req.body.itemId);
return Response.sendEmptySuccessResponse(req, res);

29
Common/Server/API/UserSmsAPI.ts
View File

@@ -132,6 +132,35 @@ export default class UserSMSAPI extends BaseAPI<UserSMS, UserSMSServiceType> {
);
}
const item: UserSMS | null = await this.service.findOneById({
id: req.body["itemId"],
props: {
isRoot: true,
},
select: {
userId: true,
},
});
if (!item) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Item not found"),
);
}
if (
item.userId?.toString() !==
(req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Invalid user ID"),
);
}
await this.service.resendVerificationCode(req.body.itemId);
return Response.sendEmptySuccessResponse(req, res);

29
Common/Server/API/UserWhatsAppAPI.ts
View File

@@ -143,6 +143,35 @@ export default class UserWhatsAppAPI extends BaseAPI<
);
}
const item: UserWhatsApp | null = await this.service.findOneById({
id: req.body["itemId"],
props: {
isRoot: true,
},
select: {
userId: true,
},
});
if (!item) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Item not found"),
);
}
if (
item.userId?.toString() !==
(req as OneUptimeRequest)?.userAuthorization?.userId?.toString()
) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Invalid user ID"),
);
}
await this.service.resendVerificationCode(req.body.itemId);
return Response.sendEmptySuccessResponse(req, res);