From 0908b5eed086fa963a366c32b0354538b017cee4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Vidra?= <vojtechvidra@gmail.com>
Date: Wed, 10 Apr 2024 12:49:46 +0200
Subject: [PATCH 1/2] fix(be): fix create event uuid (#235)

---
 apps/backend/src/lib/uuid.ts                |  9 +++++++++
 apps/backend/src/sdk/sdk.controller.spec.ts | 14 +++++++++++---
 apps/backend/src/sdk/sdk.service.ts         |  3 +++
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/apps/backend/src/lib/uuid.ts b/apps/backend/src/lib/uuid.ts
index 0752e6ae..5f6642ef 100644
--- a/apps/backend/src/lib/uuid.ts
+++ b/apps/backend/src/lib/uuid.ts
@@ -5,3 +5,12 @@ export const UUIDParam = (name: string): ParameterDecorator =>
 
 export const UUIDQuery = (name: string): ParameterDecorator =>
   Query(name, new ParseUUIDPipe({ version: "4" }));
+
+export const isUUID = async (value: string): Promise<boolean> => {
+  try {
+    await new ParseUUIDPipe({ version: "4" }).transform(value, { type: "custom" });
+    return true;
+  } catch {
+    return false;
+  }
+};
diff --git a/apps/backend/src/sdk/sdk.controller.spec.ts b/apps/backend/src/sdk/sdk.controller.spec.ts
index a14483c2..2d6ba5ac 100644
--- a/apps/backend/src/sdk/sdk.controller.spec.ts
+++ b/apps/backend/src/sdk/sdk.controller.spec.ts
@@ -46,7 +46,10 @@ beforeEach(async () => {
 
 describe("Get css", () => {
   beforeEach(() => {
-    db.query.projects.findFirst.mockReturnValue({ css_vars: "vars", css_template: "template" });
+    db.query.projects.findFirst.mockReturnValue({
+      css_vars: "body { color: red; }",
+      css_template: "body { color: blue; }",
+    });
   });
   it("should throw without projectId", async () => {
     await expect(sdkController.getCss("", "latest")).rejects.toThrow("Not Found");
@@ -56,7 +59,7 @@ describe("Get css", () => {
     await expect(sdkController.getCss("projectId", "latest")).rejects.toThrow("Not Found");
   });
   it("should return css", async () => {
-    await expect(sdkController.getCss("projectId", "latest")).resolves.toEqual("vars\ntemplate");
+    await expect(sdkController.getCss("projectId", "latest")).resolves.toEqual("body{color:#00f}");
   });
 });
 
@@ -133,7 +136,7 @@ describe("Create event", () => {
     userHash: "d",
     flowHash: "e",
     stepHash: "f",
-    projectId: "g",
+    projectId: "882b69bd-d73e-454d-8042-44d0720c6ea4",
     sdkVersion: "0.0.0",
     location: "/",
     type: "startFlow",
@@ -149,6 +152,11 @@ describe("Create event", () => {
     lemonSqueezyService.createUsageRecord.mockResolvedValue({});
     organizationUsageService.getIsOrganizationLimitReachedByProject.mockResolvedValue(false);
   });
+  it("should throw with non uuid projectId", async () => {
+    await expect(
+      sdkController.createEvent("origin", { ...createEventDto, projectId: "my-id" }),
+    ).rejects.toThrow("Bad Request");
+  });
   it("should throw with not allowed origin", async () => {
     dbPermissionService.isAllowedOrigin.mockRejectedValue(new Error());
     await expect(sdkController.createEvent("origin", createEventDto)).rejects.toThrow();
diff --git a/apps/backend/src/sdk/sdk.service.ts b/apps/backend/src/sdk/sdk.service.ts
index 1273e84a..b5d8da1b 100644
--- a/apps/backend/src/sdk/sdk.service.ts
+++ b/apps/backend/src/sdk/sdk.service.ts
@@ -14,6 +14,7 @@ import { DatabaseService } from "../database/database.service";
 import { DbPermissionService } from "../db-permission/db-permission.service";
 import { LemonSqueezyService } from "../lemon-squeezy/lemon-squeezy.service";
 import { getDefaultCssMinTemplate, getDefaultCssMinVars } from "../lib/css";
+import { isUUID } from "../lib/uuid";
 import { OrganizationUsageService } from "../organization-usage/organization-usage.service";
 import type { CreateEventDto, CreateEventResponseDto, GetSdkFlowsDto } from "./sdk.dto";
 
@@ -220,6 +221,8 @@ export class SdkService {
     requestOrigin: string;
   }): Promise<CreateEventResponseDto> {
     const projectId = event.projectId;
+    if (!(await isUUID(projectId))) throw new BadRequestException();
+
     await this.dbPermissionService.isAllowedOrigin({ projectId, requestOrigin });
 
     const existingFlow = await this.databaseService.db.query.flows.findFirst({

From 9d3b5f25df10709e8df993a86ffe8ad6d8aae9c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Vidra?= <vojtechvidra@gmail.com>
Date: Wed, 10 Apr 2024 13:10:29 +0200
Subject: [PATCH 2/2] fix(app): submit preview dialog submits parent (#237)

---
 .../[projectId]/flow/[flowId]/(detail)/flow-preview-dialog.tsx | 1 +
 .../project/[projectId]/flow/[flowId]/edit/flow-edit-form.tsx  | 3 ++-
 packages/ui/src/dialog/dialog.tsx                              | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/(detail)/flow-preview-dialog.tsx b/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/(detail)/flow-preview-dialog.tsx
index aa83eb25..4078d1c3 100644
--- a/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/(detail)/flow-preview-dialog.tsx
+++ b/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/(detail)/flow-preview-dialog.tsx
@@ -82,6 +82,7 @@ export const FlowPreviewDialog: FC<Props> = ({ flow }) => {
             label="Start url"
             type="url"
             {...register("url")}
+            required
             placeholder="https://example.com/about"
           />
         </DialogContent>
diff --git a/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/edit/flow-edit-form.tsx b/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/edit/flow-edit-form.tsx
index 7cc3141f..4b29314c 100644
--- a/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/edit/flow-edit-form.tsx
+++ b/apps/app/src/app/(dashboard)/org/[organizationId]/project/[projectId]/flow/[flowId]/edit/flow-edit-form.tsx
@@ -59,7 +59,8 @@ export const FlowEditForm: FC<Props> = ({ flow, organizationId }) => {
       if (res.error) return;
       reset(data, { keepValues: true });
       toast.success(t.toasts.updateFlowSuccess);
-      if (event) router.push(backLink);
+      const calledProgramatically = !event;
+      if (!calledProgramatically) router.push(backLink);
       router.refresh();
     },
     [backLink, flow.id, reset, router, send],
diff --git a/packages/ui/src/dialog/dialog.tsx b/packages/ui/src/dialog/dialog.tsx
index ee906565..a1ee40be 100644
--- a/packages/ui/src/dialog/dialog.tsx
+++ b/packages/ui/src/dialog/dialog.tsx
@@ -45,6 +45,7 @@ export const Dialog: FC<Props> = ({ open, onOpenChange, trigger, children, maxWi
           })}
         />
         <RadixDialog.Content
+          onSubmit={(e) => e.stopPropagation()}
           className={css({
             backgroundColor: "bg",
             // TODO: come up with a systematic way for dialog widths