diff --git a/server/routes/api/attachments.ts b/server/routes/api/attachments.ts index 095b64653..fccfc6865 100644 --- a/server/routes/api/attachments.ts +++ b/server/routes/api/attachments.ts @@ -2,11 +2,7 @@ import Router from "koa-router"; import { v4 as uuidv4 } from "uuid"; import { bytesToHumanReadable } from "@shared/utils/files"; import { sequelize } from "@server/database/sequelize"; -import { - AuthorizationError, - NotFoundError, - ValidationError, -} from "@server/errors"; +import { AuthorizationError, ValidationError } from "@server/errors"; import auth from "@server/middlewares/authentication"; import { Attachment, Document, Event } from "@server/models"; import { authorize } from "@server/policies"; @@ -15,7 +11,7 @@ import { publicS3Endpoint, getSignedUrl, } from "@server/utils/s3"; -import { assertPresent } from "@server/validation"; +import { assertPresent, assertUuid } from "@server/validation"; const router = new Router(); const AWS_S3_ACL = process.env.AWS_S3_ACL || "private"; @@ -113,13 +109,11 @@ router.post("attachments.create", auth(), async (ctx) => { router.post("attachments.delete", auth(), async (ctx) => { const { id } = ctx.body; - assertPresent(id, "id is required"); + assertUuid(id, "id is required"); const { user } = ctx.state; - const attachment = await Attachment.findByPk(id); - - if (!attachment) { - throw NotFoundError(); - } + const attachment = await Attachment.findByPk(id, { + rejectOnEmpty: true, + }); if (attachment.documentId) { const document = await Document.findByPk(attachment.documentId, { @@ -144,13 +138,11 @@ router.post("attachments.delete", auth(), async (ctx) => { router.post("attachments.redirect", auth(), async (ctx) => { const { id } = ctx.body; - assertPresent(id, "id is required"); + assertUuid(id, "id is required"); const { user } = ctx.state; - const attachment = await Attachment.findByPk(id); - - if (!attachment) { - throw NotFoundError(); - } + const attachment = await Attachment.findByPk(id, { + rejectOnEmpty: true, + }); if (attachment.isPrivate) { if (attachment.teamId !== user.teamId) { diff --git a/server/routes/api/revisions.ts b/server/routes/api/revisions.ts index f8a94d634..8d08f9894 100644 --- a/server/routes/api/revisions.ts +++ b/server/routes/api/revisions.ts @@ -1,23 +1,20 @@ import Router from "koa-router"; -import { NotFoundError } from "@server/errors"; import auth from "@server/middlewares/authentication"; import { Document, Revision } from "@server/models"; import { authorize } from "@server/policies"; import { presentRevision } from "@server/presenters"; -import { assertPresent, assertSort } from "@server/validation"; +import { assertPresent, assertSort, assertUuid } from "@server/validation"; import pagination from "./middlewares/pagination"; const router = new Router(); router.post("revisions.info", auth(), async (ctx) => { const { id } = ctx.body; - assertPresent(id, "id is required"); + assertUuid(id, "id is required"); const { user } = ctx.state; - const revision = await Revision.findByPk(id); - - if (!revision) { - throw NotFoundError(); - } + const revision = await Revision.findByPk(id, { + rejectOnEmpty: true, + }); const document = await Document.findByPk(revision.documentId, { userId: user.id, diff --git a/server/routes/api/searches.ts b/server/routes/api/searches.ts index 73b60bd4c..18194c0b4 100644 --- a/server/routes/api/searches.ts +++ b/server/routes/api/searches.ts @@ -2,7 +2,7 @@ import Router from "koa-router"; import auth from "@server/middlewares/authentication"; import { SearchQuery } from "@server/models"; import { presentSearchQuery } from "@server/presenters"; -import { assertPresent } from "@server/validation"; +import { assertPresent, assertUuid } from "@server/validation"; import pagination from "./middlewares/pagination"; const router = new Router(); @@ -28,6 +28,9 @@ router.post("searches.list", auth(), pagination(), async (ctx) => { router.post("searches.delete", auth(), async (ctx) => { const { id, query } = ctx.body; assertPresent(id || query, "id or query is required"); + if (id) { + assertUuid(id, "id is must be a uuid"); + } const { user } = ctx.state; await SearchQuery.destroy({