refactor: add server side validation schema for authProviders (#4876)

* refactor: move files to subfolder

* refactor: schema for authenticationProviders.info

* refactor: schema for authenticationProviders.update

* refactor: use validated body

server/routes/api/apiKeys/apiKeys.ts

@@ -15,7 +15,7 @@ router.post(
   auth({ member: true }),
   validate(T.APIKeysCreateSchema),
   async (ctx: APIContext<T.APIKeysCreateReq>) => {
-    const { name } = ctx.request.body;
+    const { name } = ctx.input.body;
     const { user } = ctx.state.auth;
 
     authorize(user, "createApiKey", user.team);
@@ -68,7 +68,7 @@ router.post(
   auth({ member: true }),
   validate(T.APIKeysDeleteSchema),
   async (ctx: APIContext<T.APIKeysDeleteReq>) => {
-    const { id } = ctx.request.body;
+    const { id } = ctx.input.body;
     const { user } = ctx.state.auth;
 
     const key = await ApiKey.findByPk(id);

server/routes/api/authenticationProviders/authenticationProviders.ts

@@ -1,6 +1,7 @@
 import Router from "koa-router";
 import { sequelize } from "@server/database/sequelize";
 import auth from "@server/middlewares/authentication";
+import validate from "@server/middlewares/validate";
 import { AuthenticationProvider, Event } from "@server/models";
 import { authorize } from "@server/policies";
 import {
@@ -8,19 +9,19 @@ import {
   presentPolicies,
 } from "@server/presenters";
 import { APIContext } from "@server/types";
-import { assertUuid, assertPresent } from "@server/validation";
-import allAuthenticationProviders from "../auth/providers";
+import allAuthenticationProviders from "../../auth/providers";
+import * as T from "./schema";
 
 const router = new Router();
 
 router.post(
   "authenticationProviders.info",
   auth({ admin: true }),
-  async (ctx: APIContext) => {
-    const { id } = ctx.request.body;
-    assertUuid(id, "id is required");
-
+  validate(T.AuthenticationProvidersInfoSchema),
+  async (ctx: APIContext<T.AuthenticationProvidersInfoReq>) => {
+    const { id } = ctx.input.body;
     const { user } = ctx.state.auth;
+
     const authenticationProvider = await AuthenticationProvider.findByPk(id);
     authorize(user, "read", authenticationProvider);
 
@@ -34,10 +35,9 @@ router.post(
 router.post(
   "authenticationProviders.update",
   auth({ admin: true }),
-  async (ctx: APIContext) => {
-    const { id, isEnabled } = ctx.request.body;
-    assertUuid(id, "id is required");
-    assertPresent(isEnabled, "isEnabled is required");
+  validate(T.AuthenticationProvidersUpdateSchema),
+  async (ctx: APIContext<T.AuthenticationProvidersUpdateReq>) => {
+    const { id, isEnabled } = ctx.input.body;
     const { user } = ctx.state.auth;
 
     const authenticationProvider = await sequelize.transaction(

server/routes/api/authenticationProviders/index.ts

@@ -0,0 +1 @@
+export { default } from "./authenticationProviders";

server/routes/api/authenticationProviders/schema.ts

@@ -0,0 +1,27 @@
+import { z } from "zod";
+import BaseSchema from "@server/routes/api/BaseSchema";
+
+export const AuthenticationProvidersInfoSchema = BaseSchema.extend({
+  body: z.object({
+    /** Authentication Provider Id */
+    id: z.string().uuid(),
+  }),
+});
+
+export type AuthenticationProvidersInfoReq = z.infer<
+  typeof AuthenticationProvidersInfoSchema
+>;
+
+export const AuthenticationProvidersUpdateSchema = BaseSchema.extend({
+  body: z.object({
+    /** Authentication Provider Id */
+    id: z.string().uuid(),
+
+    /** Whether the Authentication Provider is enabled or not */
+    isEnabled: z.boolean(),
+  }),
+});
+
+export type AuthenticationProvidersUpdateReq = z.infer<
+  typeof AuthenticationProvidersUpdateSchema
+>;