Merge pull request #3085 from marcschaeferger-org/security-updates

Normalize request parameters and update dependencies for Security
2026-05-31 13:06:32 +00:00 · 2026-05-27 21:37:50 -07:00
parent ddabfb5ca1
commit 2946df3b8e
37 changed files with 2656 additions and 3609 deletions
--- a/server/middlewares/integration/verifyApiKeyOrgAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyOrgAccess.ts
@@ -4,6 +4,7 @@ import { apiKeyOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
+import { getFirstString } from "@server/lib/requestParams";

 export async function verifyApiKeyOrgAccess(
    req: Request,
@@ -12,7 +13,7 @@ export async function verifyApiKeyOrgAccess(
 ) {
    try {
        const apiKeyId = req.apiKey?.apiKeyId;
-        const orgId = req.params.orgId;
+        const orgId = getFirstString(req.params.orgId);

        if (!apiKeyId) {
            return next(
@@ -45,7 +46,7 @@ export async function verifyApiKeyOrgAccess(
        }

        if (!req.apiKeyOrg) {
-            next(
+            return next(
                createHttpError(
                    HttpCode.FORBIDDEN,
                    "Key does not have access to this organization"