mirror of
https://github.com/simstudioai/sim.git
synced 2026-04-06 03:00:16 -04:00
244cf4ff7e
* feat(selectors): add dropdown selectors for 14 integrations
* fix(selectors): secure OAuth tokens in JSM and Confluence selector routes
Convert JSM selector-servicedesks, selector-requesttypes, and Confluence
selector-spaces routes from GET (with access token in URL query params) to
POST with authorizeCredentialUse + refreshAccessTokenIfNeeded pattern. Also
adds missing ensureCredential guard to microsoft.planner.plans registry entry.
* fix(selectors): use sanitized serviceDeskId and encode SharePoint siteId
Use serviceDeskIdValidation.sanitized instead of raw serviceDeskId in JSM
request types URL. Add encodeURIComponent to SharePoint siteId to prevent
URL path injection.
* lint
* fix(selectors): revert encodeURIComponent on SharePoint siteId
SharePoint site IDs use the format "hostname,guid,guid" with commas that
must remain unencoded for the Microsoft Graph API. The encodeURIComponent
call would convert commas to %2C and break the API call.
* fix(selectors): use sanitized cloudId in Confluence and JSM route URLs
Use cloudIdValidation.sanitized instead of raw cloudId in URL construction
for consistency with the validation pattern, even though the current
validator returns the input unchanged.
* fix(selectors): add missing context fields to resolution, ensureCredential to sharepoint.lists, and siteId validation
- Add baseId, datasetId, serviceDeskId to SelectorResolutionArgs,
ExtendedSelectorContext, extractExtendedContext, useSelectorDisplayName,
and resolveSelectorForSubBlock so cascading selectors resolve correctly
through the resolution path.
- Add ensureCredential guard to sharepoint.lists registry entry.
- Add regex validation for SharePoint siteId format (hostname,GUID,GUID).
* fix(selectors): rename advanced subBlock IDs to avoid canonicalParamId clashes
Rename all advanced-mode subBlock IDs that matched their canonicalParamId
to use a `manual*` prefix, following the established convention
(e.g., manualSiteId, manualCredential). This prevents ambiguity between
subBlock IDs and canonical parameter names in the serialization layer.
25 renames across 14 blocks: baseId→manualBaseId, tableId→manualTableId,
workspace→manualWorkspace, objectType→manualObjectType, etc.
* Revert "fix(selectors): rename advanced subBlock IDs to avoid canonicalParamId clashes"
This reverts commit 4e30161c68.
* fix(selectors): rename canonicalParamIds to avoid subBlock ID clashes
Prefix all clashing canonicalParamId values with `selected_` so they
don't match any subBlock ID. Update each block's `inputs` section and
`tools.config.params` function to destructure the new canonical names
and remap them to the original tool param names. SubBlock IDs and tool
definitions remain unchanged for backwards compatibility.
Affected: 25 canonical params across 14 blocks (airtable, asana, attio,
calcom, confluence, google_bigquery, google_tasks, jsm, microsoft_planner,
notion, pipedrive, sharepoint, trello, zoom).
* fix(selectors): rename pre-existing driveId and files canonicalParamIds in SharePoint
Apply the same selected_ prefix convention to the pre-existing SharePoint
driveId and files canonical params that clashed with their subBlock IDs.
* style: format long lines in calcom, pipedrive, and sharepoint blocks
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): resolve cascading context for selected_ canonical params and normalize Asana response
Strip `selected_` prefix from canonical param IDs when mapping to
SelectorContext fields so cascading selectors (Airtable base→table,
BigQuery dataset→table, JSM serviceDesk→requestType) correctly
propagate parent values.
Normalize Asana workspaces route to return `{ id, name }` instead of
`{ gid, name }` for consistency with all other selector routes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): replace hacky prefix stripping with explicit CANONICAL_TO_CONTEXT mapping
Replace CONTEXT_FIELD_SET (Record<string, true>) with CANONICAL_TO_CONTEXT
(Record<string, keyof SelectorContext>) that explicitly maps canonical
param IDs to their SelectorContext field names.
This properly handles the selected_ prefix aliases (e.g. selected_baseId
→ baseId) without string manipulation, and removes the unsafe
Record<string, unknown> cast.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(selectors): remove unnecessary selected_ prefix from canonicalParamIds
The selected_ prefix was added to avoid a perceived clash between
canonicalParamId and subBlock id values, but this clash does not
actually cause any issues — pre-existing blocks on main (Google Sheets,
Webflow, SharePoint) already use matching values successfully.
Remove the prefix from all 14 blocks, revert use-selector-setup.ts to
the simple CONTEXT_FIELD_SET pattern, and simplify tools.config.params
functions that were only remapping the prefix back.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): add spaceId selector pair to Confluence V2 block
The V2 block was missing the spaceSelector basic-mode selector that the
V1 (Legacy) block already had.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(selectors): revert V1 block changes, add selectors to Notion V1 for V2 inheritance
Confluence V1: reverted to main state (V2 has its own subBlocks).
Notion V1: added selector pairs per-operation since V2 inherits
subBlocks, inputs, and params from V1.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): audit fixes for auth patterns, registry gaps, and display name resolution
- Convert Microsoft Planner plans/tasks routes from GET+getSession to POST+authorizeCredentialUse
- Add fetchById to microsoft.planner (tasks) and sharepoint.sites registry entries
- Add ensureCredential to sharepoint.sites and microsoft.planner registry fetchList
- Update microsoft.planner.plans registry to use POST method
- Add siteId, collectionId, spreadsheetId, fileId to SelectorDisplayNameArgs and caller
- Add fileId to SelectorResolutionArgs and resolution context
- Fix Zoom topicUpdate visibility in basic mode (remove mode:'advanced')
- Change Zoom meetings selector to fetch upcoming_meetings instead of only scheduled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: lint formatting fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): consolidate Notion canonical param pairs into array conditions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): add missing selectorKey to Confluence V1 page selector
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): use sanitized IDs in URLs, convert SharePoint routes to POST+authorizeCredentialUse
- Use planIdValidation.sanitized in MS Planner tasks fetch URL
- Convert sharepoint/lists and sharepoint/sites from GET+getSession to POST+authorizeCredentialUse
- Update registry entries to match POST pattern
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): revert Zoom meetings type to scheduled for broader compatibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): add SharePoint site ID validator, fix cascading selector display name fallbacks
- Add validateSharePointSiteId to input-validation.ts
- Use validation util in SharePoint lists route instead of inline regex
- Add || fallback to selector IDs in workflow-block.tsx so cascading
display names resolve in basic mode (baseSelector, planSelector, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): hoist requestId before try block in all selector routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): hoist requestId before try block in Trello boards route
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): guard selector queries against unresolved variable references
Skip fetchById and context population when values are design-time
placeholders (<Block.output> or {{ENV_VAR}}) rather than real IDs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(selectors): replace hardcoded display name fallbacks with canonical-aware resolution
Use resolveDependencyValue to resolve context values for
useSelectorDisplayName, eliminating manual || getStringValue('*Selector')
fallbacks that required updating for each new selector pair.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): tighten SharePoint site ID validation to exclude underscores
SharePoint composite site IDs use hostname,guid,guid format where only
alphanumerics, periods, hyphens, and commas are valid characters.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): ensure string IDs in Pipedrive/Cal.com routes, fix Trello closed board filter
Pipedrive pipelines and Cal.com event-types/schedules routes now
consistently return string IDs via String() conversion.
Trello boards route no longer filters out closed boards, preserving
them for fetchById lookups. The closed filter is applied only in the
registry's fetchList so archived boards don't appear in dropdowns
but can still be resolved by ID for display names.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): convert Zoom meeting IDs to strings for consistency
Zoom API returns numeric meeting IDs. Convert with String() to match
the string ID convention used by all other selector routes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(selectors): align registry types with route string ID returns
Routes already convert numeric IDs to strings via String(), so update
the registry types (CalcomEventType, CalcomSchedule, PipedrivePipeline,
ZoomMeeting) from id: number to id: string and remove the now-redundant
String() coercions in fetchList/fetchById.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1158 lines
30 KiB
TypeScript
1158 lines
30 KiB
TypeScript
import { createLogger } from '@sim/logger'
|
|
import * as ipaddr from 'ipaddr.js'
|
|
|
|
const logger = createLogger('InputValidation')
|
|
|
|
export interface ValidationResult {
|
|
isValid: boolean
|
|
error?: string
|
|
sanitized?: string
|
|
}
|
|
|
|
export interface PathSegmentOptions {
|
|
/** Name of the parameter for error messages */
|
|
paramName?: string
|
|
/** Maximum length allowed (default: 255) */
|
|
maxLength?: number
|
|
/** Allow hyphens (default: true) */
|
|
allowHyphens?: boolean
|
|
/** Allow underscores (default: true) */
|
|
allowUnderscores?: boolean
|
|
/** Allow dots (default: false, to prevent directory traversal) */
|
|
allowDots?: boolean
|
|
/** Custom regex pattern to match */
|
|
customPattern?: RegExp
|
|
}
|
|
|
|
/**
|
|
* Validates a path segment to prevent path traversal and SSRF attacks
|
|
*
|
|
* This function ensures that user-provided input used in URL paths or file paths
|
|
* cannot be used for directory traversal attacks or SSRF.
|
|
*
|
|
* Default behavior:
|
|
* - Allows: letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_)
|
|
* - Blocks: dots (.), slashes (/, \), null bytes, URL encoding, and special characters
|
|
*
|
|
* @param value - The path segment to validate
|
|
* @param options - Validation options
|
|
* @returns ValidationResult with isValid flag and optional error message
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validatePathSegment(itemId, { paramName: 'itemId' })
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validatePathSegment(
|
|
value: string | null | undefined,
|
|
options: PathSegmentOptions = {}
|
|
): ValidationResult {
|
|
const {
|
|
paramName = 'path segment',
|
|
maxLength = 255,
|
|
allowHyphens = true,
|
|
allowUnderscores = true,
|
|
allowDots = false,
|
|
customPattern,
|
|
} = options
|
|
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
if (value.length > maxLength) {
|
|
logger.warn('Path segment exceeds maximum length', {
|
|
paramName,
|
|
length: value.length,
|
|
maxLength,
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} exceeds maximum length of ${maxLength} characters`,
|
|
}
|
|
}
|
|
|
|
if (value.includes('\0') || value.includes('%00')) {
|
|
logger.warn('Path segment contains null bytes', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid characters`,
|
|
}
|
|
}
|
|
|
|
const pathTraversalPatterns = [
|
|
'..',
|
|
'./',
|
|
'.\\.',
|
|
'%2e%2e',
|
|
'%252e%252e',
|
|
'..%2f',
|
|
'..%5c',
|
|
'%2e%2e%2f',
|
|
'%2e%2e/',
|
|
'..%252f',
|
|
]
|
|
|
|
const lowerValue = value.toLowerCase()
|
|
for (const pattern of pathTraversalPatterns) {
|
|
if (lowerValue.includes(pattern.toLowerCase())) {
|
|
logger.warn('Path traversal attempt detected', {
|
|
paramName,
|
|
pattern,
|
|
value: value.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid path traversal sequences`,
|
|
}
|
|
}
|
|
}
|
|
|
|
if (value.includes('/') || value.includes('\\')) {
|
|
logger.warn('Path segment contains directory separators', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} cannot contain directory separators`,
|
|
}
|
|
}
|
|
|
|
if (customPattern) {
|
|
if (!customPattern.test(value)) {
|
|
logger.warn('Path segment failed custom pattern validation', {
|
|
paramName,
|
|
pattern: customPattern.toString(),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} format is invalid`,
|
|
}
|
|
}
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
let pattern = '^[a-zA-Z0-9'
|
|
if (allowHyphens) pattern += '\\-'
|
|
if (allowUnderscores) pattern += '_'
|
|
if (allowDots) pattern += '\\.'
|
|
pattern += ']+$'
|
|
|
|
const regex = new RegExp(pattern)
|
|
|
|
if (!regex.test(value)) {
|
|
logger.warn('Path segment contains disallowed characters', {
|
|
paramName,
|
|
value: value.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} can only contain alphanumeric characters${allowHyphens ? ', hyphens' : ''}${allowUnderscores ? ', underscores' : ''}${allowDots ? ', dots' : ''}`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates an alphanumeric ID (letters, numbers, hyphens, underscores only)
|
|
*
|
|
* @param value - The ID to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @param maxLength - Maximum length (default: 100)
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateAlphanumericId(userId, 'userId')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateAlphanumericId(
|
|
value: string | null | undefined,
|
|
paramName = 'ID',
|
|
maxLength = 100
|
|
): ValidationResult {
|
|
return validatePathSegment(value, {
|
|
paramName,
|
|
maxLength,
|
|
allowHyphens: true,
|
|
allowUnderscores: true,
|
|
allowDots: false,
|
|
})
|
|
}
|
|
|
|
/**
|
|
* Validates a numeric ID
|
|
*
|
|
* @param value - The ID to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @param options - Additional options (min, max)
|
|
* @returns ValidationResult with sanitized number as string
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateNumericId(pageNumber, 'pageNumber', { min: 1, max: 1000 })
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateNumericId(
|
|
value: string | number | null | undefined,
|
|
paramName = 'ID',
|
|
options: { min?: number; max?: number } = {}
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
const num = typeof value === 'number' ? value : Number(value)
|
|
|
|
if (Number.isNaN(num) || !Number.isFinite(num)) {
|
|
logger.warn('Invalid numeric ID', { paramName, value })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be a valid number`,
|
|
}
|
|
}
|
|
|
|
if (options.min !== undefined && num < options.min) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be at least ${options.min}`,
|
|
}
|
|
}
|
|
|
|
if (options.max !== undefined && num > options.max) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be at most ${options.max}`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: num.toString() }
|
|
}
|
|
|
|
/**
|
|
* Validates an integer value (from JSON body or other sources)
|
|
*
|
|
* This is stricter than validateNumericId - it requires:
|
|
* - Value must already be a number type (not string)
|
|
* - Must be an integer (no decimals)
|
|
* - Must be finite (not NaN or Infinity)
|
|
*
|
|
* @param value - The value to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @param options - Additional options (min, max)
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateInteger(failedCount, 'failedCount', { min: 0 })
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateInteger(
|
|
value: unknown,
|
|
paramName = 'value',
|
|
options: { min?: number; max?: number } = {}
|
|
): ValidationResult {
|
|
if (value === null || value === undefined) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
if (typeof value !== 'number') {
|
|
logger.warn('Value is not a number', { paramName, valueType: typeof value })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be a number`,
|
|
}
|
|
}
|
|
|
|
if (Number.isNaN(value) || !Number.isFinite(value)) {
|
|
logger.warn('Invalid number value', { paramName, value })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be a valid number`,
|
|
}
|
|
}
|
|
|
|
if (!Number.isInteger(value)) {
|
|
logger.warn('Value is not an integer', { paramName, value })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be an integer`,
|
|
}
|
|
}
|
|
|
|
if (options.min !== undefined && value < options.min) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be at least ${options.min}`,
|
|
}
|
|
}
|
|
|
|
if (options.max !== undefined && value > options.max) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be at most ${options.max}`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true }
|
|
}
|
|
|
|
/**
|
|
* Validates that a value is in an allowed list (enum validation)
|
|
*
|
|
* @param value - The value to validate
|
|
* @param allowedValues - Array of allowed values
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateEnum(type, ['note', 'contact', 'task'], 'type')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateEnum<T extends string>(
|
|
value: string | null | undefined,
|
|
allowedValues: readonly T[],
|
|
paramName = 'value'
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
if (!allowedValues.includes(value as T)) {
|
|
logger.warn('Value not in allowed list', {
|
|
paramName,
|
|
value,
|
|
allowedValues,
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be one of: ${allowedValues.join(', ')}`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates a hostname to prevent SSRF attacks
|
|
*
|
|
* This function checks that a hostname is not a private IP, localhost, or other reserved address.
|
|
* It complements the validateProxyUrl function by providing hostname-specific validation.
|
|
*
|
|
* @param hostname - The hostname to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateHostname(webhookDomain, 'webhook domain')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateHostname(
|
|
hostname: string | null | undefined,
|
|
paramName = 'hostname'
|
|
): ValidationResult {
|
|
if (hostname === null || hostname === undefined || hostname === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
const lowerHostname = hostname.toLowerCase()
|
|
|
|
if (lowerHostname === 'localhost') {
|
|
logger.warn('Hostname is localhost', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} cannot be a private IP address or localhost`,
|
|
}
|
|
}
|
|
|
|
if (ipaddr.isValid(lowerHostname)) {
|
|
if (isPrivateOrReservedIP(lowerHostname)) {
|
|
logger.warn('Hostname matches blocked IP range', {
|
|
paramName,
|
|
hostname: hostname.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} cannot be a private IP address or localhost`,
|
|
}
|
|
}
|
|
}
|
|
|
|
const hostnamePattern =
|
|
/^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i
|
|
|
|
if (!hostnamePattern.test(hostname)) {
|
|
logger.warn('Invalid hostname format', {
|
|
paramName,
|
|
hostname: hostname.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is not a valid hostname`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: hostname }
|
|
}
|
|
|
|
/**
|
|
* Validates a file extension
|
|
*
|
|
* @param extension - The file extension (with or without leading dot)
|
|
* @param allowedExtensions - Array of allowed extensions (without dots)
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateFileExtension(ext, ['jpg', 'png', 'gif'], 'file extension')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateFileExtension(
|
|
extension: string | null | undefined,
|
|
allowedExtensions: readonly string[],
|
|
paramName = 'file extension'
|
|
): ValidationResult {
|
|
if (extension === null || extension === undefined || extension === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
const ext = extension.startsWith('.') ? extension.slice(1) : extension
|
|
const normalizedExt = ext.toLowerCase()
|
|
|
|
if (!allowedExtensions.map((e) => e.toLowerCase()).includes(normalizedExt)) {
|
|
logger.warn('File extension not in allowed list', {
|
|
paramName,
|
|
extension: ext,
|
|
allowedExtensions,
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be one of: ${allowedExtensions.join(', ')}`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: normalizedExt }
|
|
}
|
|
|
|
/**
|
|
* Validates Microsoft Graph API resource IDs
|
|
*
|
|
* Microsoft Graph IDs can be complex - for example, SharePoint site IDs can include:
|
|
* - "root" (literal string)
|
|
* - GUIDs
|
|
* - Hostnames with colons and slashes (e.g., "hostname:/sites/sitename")
|
|
* - Group paths (e.g., "groups/{guid}/sites/root")
|
|
*
|
|
* This function allows these legitimate patterns while blocking path traversal.
|
|
*
|
|
* @param value - The Microsoft Graph ID to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateMicrosoftGraphId(siteId, 'siteId')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateMicrosoftGraphId(
|
|
value: string | null | undefined,
|
|
paramName = 'ID'
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
const pathTraversalPatterns = [
|
|
'../',
|
|
'..\\',
|
|
'%2e%2e%2f',
|
|
'%2e%2e/',
|
|
'..%2f',
|
|
'%2e%2e%5c',
|
|
'%2e%2e\\',
|
|
'..%5c',
|
|
'%252e%252e%252f',
|
|
]
|
|
|
|
const lowerValue = value.toLowerCase()
|
|
for (const pattern of pathTraversalPatterns) {
|
|
if (lowerValue.includes(pattern)) {
|
|
logger.warn('Path traversal attempt in Microsoft Graph ID', {
|
|
paramName,
|
|
value: value.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid path traversal sequence`,
|
|
}
|
|
}
|
|
}
|
|
|
|
if (/[\x00-\x1f\x7f]/.test(value) || value.includes('%00')) {
|
|
logger.warn('Control characters in Microsoft Graph ID', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid control characters`,
|
|
}
|
|
}
|
|
|
|
if (value.includes('\n') || value.includes('\r')) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid newline characters`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates SharePoint site IDs used in Microsoft Graph API.
|
|
*
|
|
* Site IDs are compound identifiers: `hostname,spsite-guid,spweb-guid`
|
|
* (e.g. `contoso.sharepoint.com,2C712604-1370-44E7-A1F5-426573FDA80A,2D2244C3-251A-49EA-93A8-39E1C3A060FE`).
|
|
* The API also accepts partial forms like a single GUID or just a hostname.
|
|
*
|
|
* Allowed characters: alphanumeric, periods, hyphens, and commas.
|
|
*
|
|
* @param value - The SharePoint site ID to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*/
|
|
export function validateSharePointSiteId(
|
|
value: string | null | undefined,
|
|
paramName = 'siteId'
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
if (value.length > 512) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} exceeds maximum length`,
|
|
}
|
|
}
|
|
|
|
if (!/^[a-zA-Z0-9.\-,]+$/.test(value)) {
|
|
logger.warn('Invalid characters in SharePoint site ID', {
|
|
paramName,
|
|
value: value.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid characters`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates Jira Cloud IDs (typically UUID format)
|
|
*
|
|
* @param value - The Jira Cloud ID to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateJiraCloudId(cloudId, 'cloudId')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateJiraCloudId(
|
|
value: string | null | undefined,
|
|
paramName = 'cloudId'
|
|
): ValidationResult {
|
|
return validatePathSegment(value, {
|
|
paramName,
|
|
allowHyphens: true,
|
|
allowUnderscores: false,
|
|
allowDots: false,
|
|
maxLength: 100,
|
|
})
|
|
}
|
|
|
|
/**
|
|
* Validates Jira issue keys (format: PROJECT-123 or PROJECT-KEY-123)
|
|
*
|
|
* @param value - The Jira issue key to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateJiraIssueKey(issueKey, 'issueKey')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateJiraIssueKey(
|
|
value: string | null | undefined,
|
|
paramName = 'issueKey'
|
|
): ValidationResult {
|
|
return validatePathSegment(value, {
|
|
paramName,
|
|
allowHyphens: true,
|
|
allowUnderscores: false,
|
|
allowDots: false,
|
|
maxLength: 255,
|
|
})
|
|
}
|
|
|
|
/**
|
|
* Validates a URL to prevent SSRF attacks
|
|
*
|
|
* This function checks that URLs:
|
|
* - Use https:// protocol only
|
|
* - Do not point to private IP ranges or localhost
|
|
* - Do not use suspicious ports
|
|
*
|
|
* @param url - The URL to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateExternalUrl(url, 'fileUrl')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateExternalUrl(
|
|
url: string | null | undefined,
|
|
paramName = 'url'
|
|
): ValidationResult {
|
|
if (!url || typeof url !== 'string') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required and must be a string`,
|
|
}
|
|
}
|
|
|
|
let parsedUrl: URL
|
|
try {
|
|
parsedUrl = new URL(url)
|
|
} catch {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be a valid URL`,
|
|
}
|
|
}
|
|
|
|
const protocol = parsedUrl.protocol
|
|
const hostname = parsedUrl.hostname.toLowerCase()
|
|
|
|
const cleanHostname =
|
|
hostname.startsWith('[') && hostname.endsWith(']') ? hostname.slice(1, -1) : hostname
|
|
|
|
let isLocalhost = cleanHostname === 'localhost'
|
|
if (ipaddr.isValid(cleanHostname)) {
|
|
const processedIP = ipaddr.process(cleanHostname).toString()
|
|
if (processedIP === '127.0.0.1' || processedIP === '::1') {
|
|
isLocalhost = true
|
|
}
|
|
}
|
|
|
|
if (protocol !== 'https:' && !(protocol === 'http:' && isLocalhost)) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must use https:// protocol`,
|
|
}
|
|
}
|
|
|
|
if (!isLocalhost && ipaddr.isValid(cleanHostname)) {
|
|
if (isPrivateOrReservedIP(cleanHostname)) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} cannot point to private IP addresses`,
|
|
}
|
|
}
|
|
}
|
|
|
|
// Block suspicious ports commonly used for internal services
|
|
const port = parsedUrl.port
|
|
const blockedPorts = [
|
|
'22', // SSH
|
|
'23', // Telnet
|
|
'25', // SMTP
|
|
'3306', // MySQL
|
|
'5432', // PostgreSQL
|
|
'6379', // Redis
|
|
'27017', // MongoDB
|
|
'9200', // Elasticsearch
|
|
]
|
|
|
|
if (port && blockedPorts.includes(port)) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} uses a blocked port`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true }
|
|
}
|
|
|
|
/**
|
|
* Validates an image URL to prevent SSRF attacks
|
|
* Alias for validateExternalUrl for backward compatibility
|
|
*/
|
|
export function validateImageUrl(
|
|
url: string | null | undefined,
|
|
paramName = 'imageUrl'
|
|
): ValidationResult {
|
|
return validateExternalUrl(url, paramName)
|
|
}
|
|
|
|
/**
|
|
* Validates a proxy URL to prevent SSRF attacks
|
|
* Alias for validateExternalUrl for backward compatibility
|
|
*/
|
|
export function validateProxyUrl(
|
|
url: string | null | undefined,
|
|
paramName = 'proxyUrl'
|
|
): ValidationResult {
|
|
return validateExternalUrl(url, paramName)
|
|
}
|
|
|
|
/**
|
|
* Checks if an IP address is private or reserved (not routable on the public internet)
|
|
* Uses ipaddr.js for robust handling of all IP formats including:
|
|
* - Octal notation (0177.0.0.1)
|
|
* - Hex notation (0x7f000001)
|
|
* - IPv4-mapped IPv6 (::ffff:127.0.0.1)
|
|
* - Various edge cases that regex patterns miss
|
|
*/
|
|
function isPrivateOrReservedIP(ip: string): boolean {
|
|
try {
|
|
if (!ipaddr.isValid(ip)) {
|
|
return true
|
|
}
|
|
|
|
const addr = ipaddr.process(ip)
|
|
const range = addr.range()
|
|
|
|
return range !== 'unicast'
|
|
} catch {
|
|
return true
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Validates an Airtable ID (base, table, or webhook ID)
|
|
*
|
|
* Airtable IDs have specific prefixes:
|
|
* - Base IDs: "app" + 14 alphanumeric characters (e.g., appXXXXXXXXXXXXXX)
|
|
* - Table IDs: "tbl" + 14 alphanumeric characters
|
|
* - Webhook IDs: "ach" + 14 alphanumeric characters
|
|
*
|
|
* @param value - The ID to validate
|
|
* @param expectedPrefix - The expected prefix ('app', 'tbl', or 'ach')
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateAirtableId(baseId, 'app', 'baseId')
|
|
* if (!result.isValid) {
|
|
* throw new Error(result.error)
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateAirtableId(
|
|
value: string | null | undefined,
|
|
expectedPrefix: 'app' | 'tbl' | 'ach',
|
|
paramName = 'ID'
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
// Airtable IDs: prefix (3 chars) + 14 alphanumeric characters = 17 chars total
|
|
const airtableIdPattern = new RegExp(`^${expectedPrefix}[a-zA-Z0-9]{14}$`)
|
|
|
|
if (!airtableIdPattern.test(value)) {
|
|
logger.warn('Invalid Airtable ID format', {
|
|
paramName,
|
|
expectedPrefix,
|
|
value: value.substring(0, 20),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be a valid Airtable ID starting with "${expectedPrefix}"`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates an AWS region identifier
|
|
*
|
|
* Supported region formats:
|
|
* - Standard: us-east-1, eu-west-2, ap-southeast-1, sa-east-1, af-south-1
|
|
* - GovCloud: us-gov-east-1, us-gov-west-1
|
|
* - China: cn-north-1, cn-northwest-1
|
|
* - Israel: il-central-1
|
|
* - ISO partitions: us-iso-east-1, us-isob-east-1
|
|
*
|
|
* @param value - The AWS region to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateAwsRegion(region, 'region')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateAwsRegion(
|
|
value: string | null | undefined,
|
|
paramName = 'region'
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
// AWS region patterns:
|
|
// - Standard: af|ap|ca|eu|me|sa|us|il followed by direction and number
|
|
// - GovCloud: us-gov-east-1, us-gov-west-1
|
|
// - China: cn-north-1, cn-northwest-1
|
|
// - ISO: us-iso-east-1, us-iso-west-1, us-isob-east-1
|
|
const awsRegionPattern =
|
|
/^(af|ap|ca|cn|eu|il|me|sa|us|us-gov|us-iso|us-isob)-(central|north|northeast|northwest|south|southeast|southwest|east|west)-\d{1,2}$/
|
|
|
|
if (!awsRegionPattern.test(value)) {
|
|
logger.warn('Invalid AWS region format', {
|
|
paramName,
|
|
value: value.substring(0, 50),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be a valid AWS region (e.g., us-east-1, eu-west-2, us-gov-west-1)`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates an S3 bucket name according to AWS naming rules
|
|
*
|
|
* S3 bucket names must:
|
|
* - Be 3-63 characters long
|
|
* - Start and end with a letter or number
|
|
* - Contain only lowercase letters, numbers, and hyphens
|
|
* - Not contain consecutive periods
|
|
* - Not be formatted as an IP address
|
|
*
|
|
* @param value - The S3 bucket name to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateS3BucketName(bucket, 'bucket')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateS3BucketName(
|
|
value: string | null | undefined,
|
|
paramName = 'bucket'
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
if (value.length < 3 || value.length > 63) {
|
|
logger.warn('S3 bucket name length invalid', {
|
|
paramName,
|
|
length: value.length,
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must be between 3 and 63 characters`,
|
|
}
|
|
}
|
|
|
|
const bucketNamePattern = /^[a-z0-9][a-z0-9.-]*[a-z0-9]$|^[a-z0-9]$/
|
|
|
|
if (!bucketNamePattern.test(value)) {
|
|
logger.warn('Invalid S3 bucket name format', {
|
|
paramName,
|
|
value: value.substring(0, 63),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} must start and end with a letter or number, and contain only lowercase letters, numbers, hyphens, and periods`,
|
|
}
|
|
}
|
|
|
|
if (value.includes('..')) {
|
|
logger.warn('S3 bucket name contains consecutive periods', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} cannot contain consecutive periods`,
|
|
}
|
|
}
|
|
|
|
const ipPattern = /^(\d{1,3}\.){3}\d{1,3}$/
|
|
if (ipPattern.test(value)) {
|
|
logger.warn('S3 bucket name formatted as IP address', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} cannot be formatted as an IP address`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates a Google Calendar ID
|
|
*
|
|
* Google Calendar IDs can be:
|
|
* - "primary" (literal string for the user's primary calendar)
|
|
* - Email addresses (for user calendars)
|
|
* - Alphanumeric strings with hyphens, underscores, and dots (for other calendars)
|
|
*
|
|
* This validator allows these legitimate formats while blocking path traversal and injection attempts.
|
|
*
|
|
* @param value - The calendar ID to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* const result = validateGoogleCalendarId(calendarId, 'calendarId')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validateGoogleCalendarId(
|
|
value: string | null | undefined,
|
|
paramName = 'calendarId'
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
if (value === 'primary') {
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
const pathTraversalPatterns = [
|
|
'../',
|
|
'..\\',
|
|
'%2e%2e%2f',
|
|
'%2e%2e/',
|
|
'..%2f',
|
|
'%2e%2e%5c',
|
|
'%2e%2e\\',
|
|
'..%5c',
|
|
'%252e%252e%252f',
|
|
]
|
|
|
|
const lowerValue = value.toLowerCase()
|
|
for (const pattern of pathTraversalPatterns) {
|
|
if (lowerValue.includes(pattern)) {
|
|
logger.warn('Path traversal attempt in Google Calendar ID', {
|
|
paramName,
|
|
value: value.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid path traversal sequence`,
|
|
}
|
|
}
|
|
}
|
|
|
|
if (/[\x00-\x1f\x7f]/.test(value) || value.includes('%00')) {
|
|
logger.warn('Control characters in Google Calendar ID', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid control characters`,
|
|
}
|
|
}
|
|
|
|
if (value.includes('\n') || value.includes('\r')) {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid newline characters`,
|
|
}
|
|
}
|
|
|
|
const emailPattern = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/
|
|
if (emailPattern.test(value)) {
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
const calendarIdPattern = /^[a-zA-Z0-9._@%#+-]+$/
|
|
if (!calendarIdPattern.test(value)) {
|
|
logger.warn('Invalid Google Calendar ID format', {
|
|
paramName,
|
|
value: value.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} format is invalid. Must be "primary", an email address, or an alphanumeric ID`,
|
|
}
|
|
}
|
|
|
|
if (value.length > 255) {
|
|
logger.warn('Google Calendar ID exceeds maximum length', {
|
|
paramName,
|
|
length: value.length,
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} exceeds maximum length of 255 characters`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|
|
|
|
/**
|
|
* Validates a pagination cursor token
|
|
*
|
|
* Pagination cursors are opaque tokens returned by APIs (e.g., Confluence, Jira)
|
|
* and passed back to get the next page. They are typically base64-encoded or
|
|
* URL-safe strings. This validator ensures the cursor cannot contain characters
|
|
* that could alter URL structure.
|
|
*
|
|
* @param value - The cursor token to validate
|
|
* @param paramName - Name of the parameter for error messages
|
|
* @param maxLength - Maximum length (default: 1024)
|
|
* @returns ValidationResult
|
|
*
|
|
* @example
|
|
* ```typescript
|
|
* if (cursor) {
|
|
* const result = validatePaginationCursor(cursor, 'cursor')
|
|
* if (!result.isValid) {
|
|
* return NextResponse.json({ error: result.error }, { status: 400 })
|
|
* }
|
|
* }
|
|
* ```
|
|
*/
|
|
export function validatePaginationCursor(
|
|
value: string | null | undefined,
|
|
paramName = 'cursor',
|
|
maxLength = 1024
|
|
): ValidationResult {
|
|
if (value === null || value === undefined || value === '') {
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} is required`,
|
|
}
|
|
}
|
|
|
|
if (value.length > maxLength) {
|
|
logger.warn('Pagination cursor exceeds maximum length', {
|
|
paramName,
|
|
length: value.length,
|
|
maxLength,
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} exceeds maximum length of ${maxLength} characters`,
|
|
}
|
|
}
|
|
|
|
if (/[\x00-\x1f\x7f]/.test(value) || value.includes('%00')) {
|
|
logger.warn('Pagination cursor contains control characters', { paramName })
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid characters`,
|
|
}
|
|
}
|
|
|
|
// Allow alphanumeric, base64 chars (+, /, =), and URL-safe chars (-, _, ., ~, %)
|
|
const cursorPattern = /^[A-Za-z0-9+/=\-_.~%]+$/
|
|
if (!cursorPattern.test(value)) {
|
|
logger.warn('Pagination cursor contains disallowed characters', {
|
|
paramName,
|
|
value: value.substring(0, 100),
|
|
})
|
|
return {
|
|
isValid: false,
|
|
error: `${paramName} contains invalid characters`,
|
|
}
|
|
}
|
|
|
|
return { isValid: true, sanitized: value }
|
|
}
|