fix: added api param validations (#1121)

* fix: added api param validations

Signed-off-by: bhavanakarwade <[email protected]>

* fix: removed unnecessary validations

Signed-off-by: bhavanakarwade <[email protected]>

---------

Signed-off-by: bhavanakarwade <[email protected]>

Author: bhavanakarwade

apps/api-gateway/src/connection/connection.controller.ts

@@ -23,6 +23,7 @@ import { ClientProxy} from '@nestjs/microservices';
 import { BasicMessageDto, QuestionAnswerWebhookDto, QuestionDto} from './dtos/question-answer.dto';
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 import { user } from '@prisma/client';
+import { TrimStringParamPipe } from '@credebl/common/cast.helper';
 @UseFilters(CustomExceptionFilter)
 @Controller()
 @ApiTags('connections')
@@ -52,8 +53,8 @@ export class ConnectionController {
     @ApiResponse({ status: HttpStatus.OK, description: 'Success', type: ApiResponseDto })
     async getConnectionsById(
         @User() user: IUserRequest,
-        @Param('connectionId') connectionId: string,
         @Param('orgId') orgId: string,
+        @Param('connectionId', TrimStringParamPipe, new ParseUUIDPipe({exceptionFactory: (): Error => { throw new BadRequestException(ResponseMessages.connection.error.invalidConnectionId); }})) connectionId: string,
         @Res() res: Response
     ): Promise<Response> {
         const connectionsDetails = await this.connectionService.getConnectionsById(user, connectionId, orgId);
@@ -416,13 +417,13 @@ export class ConnectionController {
  * @returns The details of the sent basic message
  */
   @Post('/orgs/:orgId/basic-message/:connectionId')
-    @ApiOperation({ summary: 'Send basic message', description: 'Send a basic message to a specific connection for a specific organization.' })
-    @UseGuards(AuthGuard('jwt'), OrgRolesGuard)
+  @ApiOperation({ summary: 'Send basic message', description: 'Send a basic message to a specific connection for a specific organization.' })
+  @UseGuards(AuthGuard('jwt'), OrgRolesGuard)
     @Roles(OrgRoles.OWNER, OrgRoles.ADMIN, OrgRoles.ISSUER, OrgRoles.VERIFIER, OrgRoles.MEMBER, OrgRoles.HOLDER, OrgRoles.SUPER_ADMIN, OrgRoles.PLATFORM_ADMIN)
     @ApiResponse({ status: HttpStatus.CREATED, description: 'Created', type: ApiResponseDto })
     async sendBasicMessage(
         @Param('orgId') orgId: string,
-        @Param('connectionId') connectionId: string,
+        @Param('connectionId', TrimStringParamPipe, new ParseUUIDPipe({exceptionFactory: (): Error => { throw new BadRequestException(ResponseMessages.connection.error.invalidConnectionId); }})) connectionId: string,
         @Body() basicMessageDto: BasicMessageDto,
         @User() reqUser: IUserRequestInterface,
         @Res() res: Response

apps/api-gateway/src/organization/organization.controller.ts

@@ -109,8 +109,12 @@ export class OrganizationController {
   })
   @ApiResponse({ status: HttpStatus.OK, description: 'Success', type: ApiResponseDto })
   @UseGuards(AuthGuard('jwt'))
+  @Roles(OrgRoles.OWNER, OrgRoles.ADMIN)
   @ApiBearerAuth()
-  async getOrgRoles(@Param('orgId', new ParseUUIDPipe({exceptionFactory: (): Error => { throw new BadRequestException(ResponseMessages.organisation.error.invalidOrgId); }})) orgId: string, @User() user: user, @Res() res: Response): Promise<Response> {
+  async getOrgRoles(
+    @Param('orgId') orgId: string, 
+    @User() user: user, 
+    @Res() res: Response): Promise<Response> {
 
     const orgRoles = await this.organizationService.getOrgRoles(orgId.trim(), user);
 

apps/api-gateway/src/user/user.controller.ts

@@ -50,6 +50,7 @@ import { OrgRoles } from 'libs/org-roles/enums';
 import { AwsService } from '@credebl/aws/aws.service';
 import { PaginationDto } from '@credebl/common/dtos/pagination.dto';
 import { UserAccessGuard } from '../authz/guards/user-access-guard';
+import { TrimStringParamPipe } from '@credebl/common/cast.helper';
 
 @UseFilters(CustomExceptionFilter)
 @Controller('users')
@@ -306,7 +307,7 @@ export class UserController {
   @ApiBearerAuth()
   async acceptRejectInvitaion(
       @Body() acceptRejectInvitation: AcceptRejectInvitationDto,
-      @Param('invitationId', new ParseUUIDPipe({exceptionFactory: (): Error => { throw new BadRequestException(`Invalid format for InvitationId`); }})) invitationId: string,
+      @Param('invitationId', TrimStringParamPipe, new ParseUUIDPipe({exceptionFactory: (): Error => { throw new BadRequestException(`Invalid format for InvitationId`); }})) invitationId: string,
     @User() reqUser: user,
     @Res() res: Response
   ): Promise<Response> {

apps/api-gateway/src/webhook/dtos/get-webhoook-dto.ts

@@ -1,5 +1,5 @@
 import { ApiExtraModels, ApiPropertyOptional } from '@nestjs/swagger';
-import { IsOptional, IsString } from 'class-validator';
+import { IsOptional, IsString, IsUUID } from 'class-validator';
 import { Transform } from 'class-transformer';
 import { trim } from '@credebl/common/cast.helper';
 
@@ -15,6 +15,7 @@ export class GetWebhookDto {
     @ApiPropertyOptional({example: '3a041d6e-d24c-4ed9-b011-1cfc371a8b8e'})
     @IsOptional()
     @Transform(({ value }) => trim(value))
+    @IsUUID('4', { message: 'Please provide valid tenantId' })
     @IsString({ message: 'Tenant id must be in string format.' })
     tenantId?: string;
 }

libs/common/src/response-messages/index.ts

@@ -282,6 +282,7 @@ export const ResponseMessages = {
       basicMessage: 'Basic message sent successfully'
     },
     error: {
+      invalidConnectionId: 'Invalid format for connectionId',
       exists: 'Connection is already exist',
       connectionNotFound: 'Connection not found',
       agentEndPointNotFound: 'agentEndPoint Not Found',