mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-12 13:27:31 -08:00
fix(core): Ensure ID is a positive integer when fetching execution (#9629)
This commit is contained in:
parent
f94090b48c
commit
411ffbda7f
|
@ -8,6 +8,8 @@ import { NotFoundError } from '@/errors/response-errors/not-found.error';
|
|||
import { parseRangeQuery } from './parse-range-query.middleware';
|
||||
import type { User } from '@/databases/entities/User';
|
||||
import type { Scope } from '@n8n/permissions';
|
||||
import { isPositiveInteger } from '@/utils';
|
||||
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
|
||||
|
||||
@RestController('/executions')
|
||||
export class ExecutionsController {
|
||||
|
@ -59,6 +61,10 @@ export class ExecutionsController {
|
|||
|
||||
@Get('/:id')
|
||||
async getOne(req: ExecutionRequest.GetOne) {
|
||||
if (!isPositiveInteger(req.params.id)) {
|
||||
throw new BadRequestError('Execution ID is not a number');
|
||||
}
|
||||
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:read');
|
||||
|
||||
if (workflowIds.length === 0) throw new NotFoundError('Execution not found');
|
||||
|
|
|
@ -92,3 +92,5 @@ export function rightDiff<T1, T2>(
|
|||
* in switch statements or if/else chains.
|
||||
*/
|
||||
export const assertNever = (_value: never) => {};
|
||||
|
||||
export const isPositiveInteger = (maybeInt: string) => /^[1-9]\d*$/.test(maybeInt);
|
||||
|
|
|
@ -4,6 +4,7 @@ import { ExecutionsController } from '@/executions/executions.controller';
|
|||
import type { ExecutionRequest, ExecutionSummaries } from '@/executions/execution.types';
|
||||
import type { ExecutionService } from '@/executions/execution.service';
|
||||
import type { WorkflowSharingService } from '@/workflows/workflowSharing.service';
|
||||
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
|
||||
|
||||
describe('ExecutionsController', () => {
|
||||
const executionService = mock<ExecutionService>();
|
||||
|
@ -20,6 +21,14 @@ describe('ExecutionsController', () => {
|
|||
jest.clearAllMocks();
|
||||
});
|
||||
|
||||
describe('getOne', () => {
|
||||
it('should 400 when execution is not a number', async () => {
|
||||
const req = mock<ExecutionRequest.GetOne>({ params: { id: 'test' } });
|
||||
|
||||
await expect(executionsController.getOne(req)).rejects.toThrow(BadRequestError);
|
||||
});
|
||||
});
|
||||
|
||||
describe('getMany', () => {
|
||||
const NO_EXECUTIONS = { count: 0, estimated: false, results: [] };
|
||||
|
||||
|
|
Loading…
Reference in a new issue