diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml index d8a16d772e2..301077386c7 100644 --- a/common/config/rush/pnpm-lock.yaml +++ b/common/config/rush/pnpm-lock.yaml @@ -5359,7 +5359,7 @@ packages: version: 0.0.0 '@rush-temp/pod-datalake@file:projects/pod-datalake.tgz': - resolution: {integrity: sha512-F5b7+LrFJ4DehshyZvW2eRRSaoCMxThoHlDbUHBivLROUhLWv3IzmET68+8hsaDRuJwpM09YJm6uWZ3+eEUAVA==, tarball: file:projects/pod-datalake.tgz} + resolution: {integrity: sha512-q70g3uYr33Y3tQmZo0FCs2KUbJ2sFkcRbDB6QxUy4Q094epwW5i1u8W9OaivZXNXUWQEB/l+nuCIohNlQkeO7g==, tarball: file:projects/pod-datalake.tgz} version: 0.0.0 '@rush-temp/pod-export@file:projects/pod-export.tgz': @@ -25765,6 +25765,7 @@ snapshots: '@types/morgan': 1.9.9 '@types/node': 22.15.29 '@types/on-headers': 1.0.3 + '@types/uuid': 8.3.4 '@types/ws': 8.5.11 '@typescript-eslint/eslint-plugin': 6.21.0(@typescript-eslint/parser@6.21.0(eslint@8.56.0)(typescript@5.8.3))(eslint@8.56.0)(typescript@5.8.3) '@typescript-eslint/parser': 6.21.0(eslint@8.56.0)(typescript@5.8.3) @@ -25789,6 +25790,7 @@ snapshots: ts-jest: 29.1.2(@babel/core@7.23.9)(@jest/types@29.6.3)(babel-jest@29.7.0(@babel/core@7.23.9))(esbuild@0.25.9)(jest@29.7.0(@types/node@22.15.29)(ts-node@10.9.2(@swc/core@1.13.5)(@types/node@22.15.29)(typescript@5.8.3)))(typescript@5.8.3) ts-node: 10.9.2(@swc/core@1.13.5)(@types/node@22.15.29)(typescript@5.8.3) typescript: 5.8.3 + uuid: 8.3.2 transitivePeerDependencies: - '@babel/core' - '@jest/types' diff --git a/services/datalake/pod-datalake/package.json b/services/datalake/pod-datalake/package.json index 279481f7bb0..78fb79174af 100644 --- a/services/datalake/pod-datalake/package.json +++ b/services/datalake/pod-datalake/package.json @@ -54,7 +54,8 @@ "ts-node": "^10.8.0", "typescript": "^5.8.3", "@types/morgan": "~1.9.9", - "@types/on-headers": "^1.0.2" + "@types/on-headers": "^1.0.2", + "@types/uuid": "^8.3.1" }, "dependencies": { "@hcengineering/analytics": "^0.7.3", @@ -78,6 +79,7 @@ "@smithy/node-http-handler": "^4.0.2", "morgan": "^1.10.0", "on-headers": "^1.0.2", - "lru-cache": "^11.1.0" + "lru-cache": "^11.1.0", + "uuid": "^8.3.2" } } diff --git a/services/datalake/pod-datalake/src/middleware.ts b/services/datalake/pod-datalake/src/middleware.ts index e301e718579..986cdc98bb8 100644 --- a/services/datalake/pod-datalake/src/middleware.ts +++ b/services/datalake/pod-datalake/src/middleware.ts @@ -17,6 +17,7 @@ import { systemAccountUuid } from '@hcengineering/core' import { extractToken } from '@hcengineering/server-client' import { Token } from '@hcengineering/server-token' import { type Response, type Request, type NextFunction, RequestHandler } from 'express' +import { validate } from 'uuid' import { ApiError } from './error' export interface KeepAliveOptions { @@ -66,7 +67,7 @@ export const withAuthorization = (req: RequestWithAuth, res: Response, next: Nex } export const withWorkspace = (req: RequestWithAuth, res: Response, next: NextFunction): void => { - if (req.params.workspace === undefined || req.params.workspace === '') { + if (req.params.workspace === undefined || req.params.workspace === '' || !validate(req.params.workspace)) { next(new ApiError(400, 'Missing workspace')) return } @@ -85,7 +86,7 @@ export const withWorkspace = (req: RequestWithAuth, res: Response, next: NextFun } export const withBlob = (req: RequestWithAuth, res: Response, next: NextFunction): void => { - if (req.params.workspace === undefined || req.params.workspace === '') { + if (req.params.workspace === undefined || req.params.workspace === '' || !validate(req.params.workspace)) { next(new ApiError(400, 'Missing workspace')) return }