#375: required URL validation for origin

basmasking · basmasking · commit 99bb8f253344 · 2025-07-22T15:27:26.000+02:00
diff --git a/docker/keycloak/comify-realm.json b/docker/keycloak/comify-realm.json
@@ -666,7 +666,6 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://a.comify.local:3000/rpc/domain/authentication/login",
         "http://localhost:3000/rpc/domain/authentication/login",
         "http://localhost:5173/rpc/domain/authentication/login"
       ],
diff --git a/src/domain/authentication/login/login.ts b/src/domain/authentication/login/login.ts
@@ -5,7 +5,7 @@ import getCreatorByEmail from '^/domain/creator/getByEmail';
 import registerCreator from '^/domain/creator/register';
 import { type Tenant } from '^/domain/tenant';
 
-import type { Requester } from '../types';
+import { type Requester } from '../types';
 
 export default async function login(identity: Identity, tenant: Tenant): Promise<Requester>
 {
diff --git a/src/domain/creator/create/validateData.ts b/src/domain/creator/create/validateData.ts
@@ -2,7 +2,7 @@
 import type { ValidationSchema } from '^/integrations/validation';
 import validator from '^/integrations/validation';
 
-import { optionalIdValidation } from '^/domain/definitions';
+import { optionalIdValidation, requiredIdValidation } from '^/domain/definitions';
 
 import InvalidCreator from '../InvalidCreator';
 import { fullNameValidation } from '../definitions';
@@ -19,7 +19,7 @@ const schema: ValidationSchema =
             required: true
         }
     },
-    tenantId: optionalIdValidation,
+    tenantId: requiredIdValidation,
     portraitId: optionalIdValidation
 };
 
diff --git a/src/domain/post/create/validateData.ts b/src/domain/post/create/validateData.ts
@@ -10,7 +10,7 @@ import type { ValidationModel } from './types';
 const schema: ValidationSchema =
 {
     creatorId: requiredIdValidation,
-    tenantId: optionalIdValidation,
+    tenantId: requiredIdValidation,
     comicId: optionalIdValidation,
     commentId: optionalIdValidation,
     parentId: optionalIdValidation
diff --git a/src/integrations/runtime/middlewares/OriginMiddleware.ts b/src/integrations/runtime/middlewares/OriginMiddleware.ts
@@ -75,7 +75,7 @@ export default class OriginMiddleware implements Middleware
 
     #validateOriginValue(value: string | undefined): void
     {
-        const result = validator.validate({ url: value }, schema);
+        const result = validator.validate({ origin: value }, schema);
 
         if (result.invalid)
         {
diff --git a/src/integrations/runtime/middlewares/RequesterMiddleware.ts b/src/integrations/runtime/middlewares/RequesterMiddleware.ts
@@ -17,13 +17,25 @@ export default class RequesterMiddleware implements Middleware
             request.setHeader('Authorization', this.#authorization);
         }
 
-        const response = await next();
-
-        if (response.hasHeader('Authorization'))
+        try
         {
-            this.#authorization = response.getHeader('Authorization')!;
+            const response = await next();
+
+            if (response.hasHeader('Authorization'))
+            {
+                this.#authorization = response.getHeader('Authorization')!;
+            }
+
+            return response;
         }
+        catch (error)
+        {
+            if (error?.constructor?.name === 'Unauthorized')
+            {
+                this.#authorization = undefined;
+            }
 
-        return response;
+            throw error;
+        }
     }
 }
diff --git a/src/webui/components/common/hooks/useTenant.ts b/src/webui/components/common/hooks/useTenant.ts
@@ -1,6 +1,7 @@
 
 import { useCallback } from 'react';
 
+import { tenant } from '^/domain/tenant';
 import getByOriginConverted from '^/domain/tenant/getByOriginConverted';
 
 import { useLoadData } from '^/webui/hooks';
@@ -9,9 +10,7 @@ export function useTenant()
 {
     const getTenant = useCallback(async () =>
     {
-        const tenant = await getByOriginConverted('');
-
-        return tenant;
+        return await getByOriginConverted(tenant.origin);
 
     }, []);
 
diff --git a/test/domain/tenant/fixtures/values.fixtures.ts b/test/domain/tenant/fixtures/values.fixtures.ts
@@ -5,8 +5,8 @@ export const VALUES =
         TENANT1: 'example.com'
     },
     ORIGINS: {
-        FIRST: 'alpha.example.com',
-        SECOND: 'beta.example.com',
+        FIRST: 'http://alpha.example.com',
+        SECOND: 'http://beta.example.com',
         UNKNOWN: 'unknown'
     }
 };

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ import getCreatorByEmail from '^/domain/creator/getByEmail';`
`5`	`5`	`import registerCreator from '^/domain/creator/register';`
`6`	`6`	`import { type Tenant } from '^/domain/tenant';`
`7`	`7`
`8`		`-import type { Requester } from '../types';`
	`8`	`+import { type Requester } from '../types';`
`9`	`9`
`10`	`10`	`export default async function login(identity: Identity, tenant: Tenant): Promise<Requester>`
`11`	`11`	`{`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ import type { ValidationModel } from './types';`
`10`	`10`	`const schema: ValidationSchema =`
`11`	`11`	`{`
`12`	`12`	`creatorId: requiredIdValidation,`
`13`		`- tenantId: optionalIdValidation,`
	`13`	`+ tenantId: requiredIdValidation,`
`14`	`14`	`comicId: optionalIdValidation,`
`15`	`15`	`commentId: optionalIdValidation,`
`16`	`16`	`parentId: optionalIdValidation`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ export default class OriginMiddleware implements Middleware`
`75`	`75`
`76`	`76`	`#validateOriginValue(value: string \| undefined): void`
`77`	`77`	`{`
`78`		`- const result = validator.validate({ url: value }, schema);`
	`78`	`+ const result = validator.validate({ origin: value }, schema);`
`79`	`79`
`80`	`80`	`if (result.invalid)`
`81`	`81`	`{`
Original file line number	Diff line number	Diff line change
`@@ -17,13 +17,25 @@ export default class RequesterMiddleware implements Middleware`
`17`	`17`	`request.setHeader('Authorization', this.#authorization);`
`18`	`18`	`}`
`19`	`19`
`20`		`- const response = await next();`
`21`		`-`
`22`		`- if (response.hasHeader('Authorization'))`
	`20`	`+ try`
`23`	`21`	`{`
`24`		`- this.#authorization = response.getHeader('Authorization')!;`
	`22`	`+ const response = await next();`
	`23`	`+`
	`24`	`+ if (response.hasHeader('Authorization'))`
	`25`	`+ {`
	`26`	`+ this.#authorization = response.getHeader('Authorization')!;`
	`27`	`+ }`
	`28`	`+`
	`29`	`+ return response;`
`25`	`30`	`}`
	`31`	`+ catch (error)`
	`32`	`+ {`
	`33`	`+ if (error?.constructor?.name === 'Unauthorized')`
	`34`	`+ {`
	`35`	`+ this.#authorization = undefined;`
	`36`	`+ }`
`26`	`37`
`27`		`- return response;`
	`38`	`+ throw error;`
	`39`	`+ }`
`28`	`40`	`}`
`29`	`41`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`
`2`	`2`	`import { useCallback } from 'react';`
`3`	`3`
	`4`	`+import { tenant } from '^/domain/tenant';`
`4`	`5`	`import getByOriginConverted from '^/domain/tenant/getByOriginConverted';`
`5`	`6`
`6`	`7`	`import { useLoadData } from '^/webui/hooks';`
`@@ -9,9 +10,7 @@ export function useTenant()`
`9`	`10`	`{`
`10`	`11`	`const getTenant = useCallback(async () =>`
`11`	`12`	`{`
`12`		`- const tenant = await getByOriginConverted('');`
`13`		`-`
`14`		`- return tenant;`
	`13`	`+ return await getByOriginConverted(tenant.origin);`
`15`	`14`
`16`	`15`	`}, []);`
`17`	`16`