diff --git a/next/package-lock.json b/next/package-lock.json index 8a115e50..6aa7d964 100644 --- a/next/package-lock.json +++ b/next/package-lock.json @@ -44,7 +44,8 @@ "react-query": "^3.39.2", "rehype-slug": "^6.0.0", "remark-gfm": "^4.0.0", - "swiper": "^8.4.5" + "swiper": "^8.4.5", + "uuid": "^13.0.0" }, "devDependencies": { "cypress": "^14.4.0", @@ -1065,6 +1066,15 @@ "node": ">= 6" } }, + "node_modules/@cypress/request/node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "dev": true, + "bin": { + "uuid": "dist/bin/uuid" + } + }, "node_modules/@cypress/xvfb": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/@cypress/xvfb/-/xvfb-1.2.4.tgz", @@ -8945,12 +8955,15 @@ } }, "node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", - "dev": true, + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-13.0.0.tgz", + "integrity": "sha512-XQegIaBTVUjSHliKqcnFqYypAd4S+WCYt5NIeRs6w/UAry7z8Y9j5ZwRRL4kzq9U3sD6v+85er9FvkEaBpji2w==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/uvu": { diff --git a/next/package.json b/next/package.json index 05fbbcc5..aa81b453 100644 --- a/next/package.json +++ b/next/package.json @@ -48,7 +48,8 @@ "react-query": "^3.39.2", "rehype-slug": "^6.0.0", "remark-gfm": "^4.0.0", - "swiper": "^8.4.5" + "swiper": "^8.4.5", + "uuid": "^13.0.0" }, "devDependencies": { "cypress": "^14.4.0", diff --git a/next/pages/api/datasets/getDataset.js b/next/pages/api/datasets/getDataset.js index 2a9ff8ad..21fc716a 100644 --- a/next/pages/api/datasets/getDataset.js +++ b/next/pages/api/datasets/getDataset.js @@ -1,9 +1,14 @@ import axios from "axios"; import { capitalize } from 'lodash'; +import { validate as isUuid } from "uuid"; const API_URL = `${process.env.NEXT_PUBLIC_API_URL}/api/v1/graphql`; export default async function getDataset(id, locale = 'pt') { + if (!id || !isUuid(id)) { + return null; + } + try { const res = await axios({ url: API_URL, diff --git a/next/pages/api/tables/getTable.js b/next/pages/api/tables/getTable.js index c99e0109..8678a17e 100644 --- a/next/pages/api/tables/getTable.js +++ b/next/pages/api/tables/getTable.js @@ -1,6 +1,7 @@ import axios from "axios"; import { cleanGraphQLResponse } from "../../../utils"; import { capitalize } from 'lodash'; +import { validate as isUuid } from "uuid"; const API_URL= `${process.env.NEXT_PUBLIC_API_URL}/api/v1/graphql` @@ -146,7 +147,12 @@ async function getTable(id, locale='pt') { } export default async function handler(req, res) { - const { id: id, locale } = req.query; + const { id, locale } = req.query; + + if (!id || !isUuid(id)) { + return res.status(400).json({ error: "Invalid or missing ID in Table", success: false }); + } + const result = await getTable(id, locale); if(result.errors) return res.status(500).json({error: result.errors, success: false}) diff --git a/next/pages/api/tables/getTableColumns.js b/next/pages/api/tables/getTableColumns.js index b2650f70..a31ec047 100644 --- a/next/pages/api/tables/getTableColumns.js +++ b/next/pages/api/tables/getTableColumns.js @@ -1,4 +1,5 @@ import axios from "axios"; +import { validate as isUuid } from "uuid"; async function getTableColumns(id) { const API_URL = `${process.env.NEXT_PUBLIC_API_URL}/tables/${id}/columns/`; @@ -18,6 +19,11 @@ async function getTableColumns(id) { export default async function handler(req, res) { const { id } = req.query; + + if (!id || !isUuid(id)) { + return res.status(400).json({ error: "Invalid or missing ID", success: false }); + } + const result = await getTableColumns(id); if (result === "err") return res.status(500).json({ error: "err", success: false });