Merge pull request #3085 from marcschaeferger-org/security-updates

Normalize request parameters and update dependencies for Security
2026-06-03 22:35:59 +00:00 · 2026-05-27 21:37:50 -07:00
parent ddabfb5ca1
commit 2946df3b8e
37 changed files with 2656 additions and 3609 deletions
--- a/server/middlewares/verifyDomainAccess.ts
+++ b/server/middlewares/verifyDomainAccess.ts
@@ -6,6 +6,7 @@ import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
+import { getFirstString } from "@server/lib/requestParams";

 export async function verifyDomainAccess(
    req: Request,
@@ -14,9 +15,8 @@ export async function verifyDomainAccess(
 ) {
    try {
        const userId = req.user!.userId;
-        const domainId =
-            req.params.domainId;
-        const orgId = req.params.orgId;
+        const domainId = getFirstString(req.params.domainId);
+        const orgId = getFirstString(req.params.orgId);

        if (!userId) {
            return next(
@@ -62,10 +62,7 @@ export async function verifyDomainAccess(
                .select()
                .from(userOrgs)
                .where(
-                    and(
-                        eq(userOrgs.userId, userId),
-                        eq(userOrgs.orgId, orgId)
-                    )
+                    and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))
                )
                .limit(1);
            req.userOrg = userOrgRole[0];