[FEAT] Prisma injection validation (#1874)

check all prisma models/model usage and patch any potential sql injection vulns

[FEAT] Prisma injection validation (#1874)
e909b25b · Sean Hatfield · GitHub · 9b86bbd2 · e909b25b
Unverified Commit e909b25b authored 9 months ago by Sean Hatfield Committed by GitHub 9 months ago
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -22,6 +22,15 @@ const User = {
        throw new Error(e.message);
      }
    },
+    role: (role = "default") => {
+      const VALID_ROLES = ["default", "admin", "manager"];
+      if (!VALID_ROLES.includes(role)) {
+        throw new Error(
+          `Invalid role. Allowed roles are: ${VALID_ROLES.join(", ")}`
+        );
+      }
+      return String(role);
+    },
  },

  // validations for the above writable fields.
@@ -52,7 +61,7 @@ const User = {
        data: {
          username: this.validations.username(username),
          password: hashedPassword,
-          role: String(role),
+          role: this.validations.role(role),
        },
      });
      return { user: this.filterFields(user), error: null };