#375: processed feedback

Author: basmasking

docker/mongodb/init.js

@@ -1,9 +1,14 @@
 
 db = db.getSiblingDB('comify');
-db.tenant.insertOne({
-    _id: 'localhost',
-    origins: [
-        'http://localhost:3000',
-        'http://localhost:5173'
-    ]
-});
+db.tenant.updateOne(
+    { _id: 'localhost' },
+    {
+        $set: {
+            origins: [
+                'http://localhost:3000',
+                'http://localhost:5173'
+            ]
+        }
+    },
+    { upsert: true }
+);

eslint.config.js

@@ -15,7 +15,8 @@ export default tseslint.config(
             "**/dist/**/*",
             "**/node_modules/**/*",
             "**/coverage/**/*",
-            "**/*config*"
+            "**/*config*",
+            "docker"
         ]
     },
     {

src/domain/relation/getAggregated/getAggregated.ts

@@ -6,7 +6,6 @@ import type { AggregatedData } from '../aggregate';
 import aggregate from '../aggregate';
 import get from '../get';
 
-
 export default async function getAggregated(requester: Requester, tenant: Tenant, followerId: string, followingId: string): Promise<AggregatedData>
 {
     const data = await get(followerId, followingId);

src/domain/tenant/getByOriginConverted/InvalidOrigin.ts

@@ -0,0 +1,7 @@
+
+import { ValidationError } from '^/integrations/runtime';
+
+export default class InvalidOrigin extends ValidationError
+{
+
+}

src/domain/tenant/getByOriginConverted/getByOriginConverted.ts

@@ -1,9 +1,12 @@
 
 import getByOrigin from '../getByOrigin';
 import type { Tenant } from '../types';
+import validateData from './validateData';
 
-export default async function getFormatted(origin: string): Promise<Tenant>
+export default async function getByOriginConverted(origin: string): Promise<Tenant>
 {
+    validateData({ origin });
+
     const tenant = await getByOrigin(origin);
 
     return {

src/domain/tenant/getByOriginConverted/types.ts

@@ -0,0 +1,4 @@
+
+import { type Tenant } from '../types';
+
+export type ValidationModel = Pick<Tenant, 'origin'>;

src/domain/tenant/getByOriginConverted/validateData.ts

@@ -0,0 +1,28 @@
+
+import type { ValidationSchema } from '^/integrations/validation';
+import validator from '^/integrations/validation';
+
+import InvalidOrigin from './InvalidOrigin';
+import { type ValidationModel } from './types';
+
+const schema: ValidationSchema =
+{
+    origin:
+    {
+        message: 'Invalid origin',
+        URL:
+        {
+            required: true
+        }
+    }
+};
+
+export default function validateData({ origin }: ValidationModel): void
+{
+    const result = validator.validate({ origin }, schema);
+
+    if (result.invalid)
+    {
+        throw new InvalidOrigin(result.messages);
+    }
+}

src/integrations/runtime/middlewares/OriginMiddleware.ts

@@ -2,7 +2,21 @@
 import type { Middleware, NextHandler, Request } from 'jitar';
 import { BadRequest, type Response } from 'jitar';
 
+import type { ValidationSchema } from '^/integrations/validation';
+import validator from '^/integrations/validation';
+
 const TENANT_COOKIE_NAME = 'x-tenant-origin';
+const schema: ValidationSchema =
+{
+    origin:
+    {
+        message: 'Invalid origin',
+        URL:
+        {
+            required: true
+        }
+    }
+};
 
 export default class OriginMiddleware implements Middleware
 {
@@ -19,18 +33,16 @@ export default class OriginMiddleware implements Middleware
             origin = this.#getOriginFromHeader(request);
         }
 
-        if (origin === undefined)
-        {
-            throw new BadRequest('Missing origin');
-        }
+        this.#validateOriginValue(origin);
 
-        request.setHeader('origin', origin);
+        // The origin header is validated and set here for use in other middlewares
+        request.setHeader('origin', origin as string);
 
         const response = await next();
 
         if (fromCookie === false)
         {
-            this.#setOriginCookie(response, origin);
+            this.#setOriginCookie(response, origin as string);
         }
 
         return response;
@@ -50,17 +62,27 @@ export default class OriginMiddleware implements Middleware
             return;
         }
 
-        for (const cookie of header.split('; '))
+        for (const cookie of header.split(';'))
         {
             const [key, value] = cookie.split('=');
 
-            if (key === TENANT_COOKIE_NAME) 
+            if (key.trim() === TENANT_COOKIE_NAME) 
             {
-                return value;
+                return value?.trim();
             }
         }
     }
 
+    #validateOriginValue(value: string | undefined): void
+    {
+        const result = validator.validate({ url: value }, schema);
+
+        if (result.invalid)
+        {
+            throw new BadRequest('Invalid origin');
+        }
+    }
+
     #setOriginCookie(response: Response, origin: string): void
     {
         response.setHeader('Set-Cookie', `${TENANT_COOKIE_NAME}=${origin}; Path=/; HttpOnly=true; SameSite=Strict; Secure`);

src/integrations/runtime/middlewares/TenantMiddleware.ts

@@ -31,13 +31,11 @@ export default class TenantMiddleware implements Middleware
 
             const response = await next();
 
-            if (response.status >= 500)
+            if (response.status < 500)
             {
-                return response;
+                this.#cache.set(origin, response);
             }
 
-            this.#cache.set(origin, response);
-
             return response;
         }
 

src/webui/components/common/TenantContainer.tsx

@@ -23,7 +23,7 @@ export default function Component({ children }: Props)
 
     }, [tenant]);
 
-    if (tenant === undefined) return;
+    if (tenant === undefined) return null;
 
     return children;
 }