project-nomad/settings.ts at 874daa816d8cf8e4466ba65bf137ce745356d95e - project-nomad - Gitea: Git with a cup of tea

github-mirror/project-nomad

mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 03:29:25 +01:00

LuisMIguelFurlanettoSousa 874daa816d fix(security): validar chave no endpoint de leitura de settings

O endpoint GET /api/system/settings aceitava qualquer string como
chave sem validação, enquanto o endpoint de escrita (PATCH) já
validava contra um enum de chaves permitidas.

Adiciona getSettingSchema com a mesma validação vine.enum(SETTINGS_KEYS)
para o endpoint de leitura, rejeitando chaves fora da lista permitida.

Ref #211

2026-03-24 06:45:59 -03:00

11 lines

328 B

TypeScript

Raw Blame History

 import vine from "@vinejs/vine";
 import { SETTINGS_KEYS } from "../../constants/kv_store.js";
 export const getSettingSchema = vine.compile(vine.object({
     key: vine.enum(SETTINGS_KEYS),
 }))
 export const updateSettingSchema = vine.compile(vine.object({
     key: vine.enum(SETTINGS_KEYS),
     value: vine.any().optional(),
 }))