From 72b0e78788be2f126ed10b0800d52b8181133113 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sat, 20 Aug 2022 23:46:01 +0200
Subject: [PATCH] fix: Validate uuid on attachments.create endpoint

---
 server/routes/api/attachments.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/routes/api/attachments.ts b/server/routes/api/attachments.ts
index 76cccd199..8959bf8f6 100644
--- a/server/routes/api/attachments.ts
+++ b/server/routes/api/attachments.ts
@@ -56,7 +56,8 @@ router.post("attachments.create", auth(), async (ctx) => {
   const endpoint = publicS3Endpoint();
   const url = `${endpoint}/${key}`;
 
-  if (documentId) {
+  if (documentId !== undefined) {
+    assertUuid(documentId, "documentId must be a uuid");
     const document = await Document.findByPk(documentId, {
       userId: user.id,
     });