From 4e7eac368f257e6a19cf6d98d01f0ffd03b55ff8 Mon Sep 17 00:00:00 2001 From: Owen Date: Wed, 18 Feb 2026 11:56:01 -0800 Subject: [PATCH] Uniform ne check on niceId and dont reject clients --- server/routers/client/updateClient.ts | 5 ++- server/routers/resource/updateResource.ts | 28 +++++++++----- server/routers/site/updateSite.ts | 45 ++++++++++++----------- 3 files changed, 45 insertions(+), 33 deletions(-) diff --git a/server/routers/client/updateClient.ts b/server/routers/client/updateClient.ts index 12d0a199..8ef01a2f 100644 --- a/server/routers/client/updateClient.ts +++ b/server/routers/client/updateClient.ts @@ -6,7 +6,7 @@ import response from "@server/lib/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import logger from "@server/logger"; -import { eq, and } from "drizzle-orm"; +import { eq, and, ne } from "drizzle-orm"; import { fromError } from "zod-validation-error"; import { OpenAPITags, registry } from "@server/openApi"; @@ -93,7 +93,8 @@ export async function updateClient( .where( and( eq(clients.niceId, niceId), - eq(clients.orgId, clients.orgId) + eq(clients.orgId, clients.orgId), + ne(clients.clientId, clientId) ) ) .limit(1); diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts index 4f35739b..4a3e65fa 100644 --- a/server/routers/resource/updateResource.ts +++ b/server/routers/resource/updateResource.ts @@ -9,7 +9,7 @@ import { Resource, resources } from "@server/db"; -import { eq, and } from "drizzle-orm"; +import { eq, and, ne } from "drizzle-orm"; import response from "@server/lib/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; @@ -33,7 +33,15 @@ const updateResourceParamsSchema = z.strictObject({ const updateHttpResourceBodySchema = z .strictObject({ name: z.string().min(1).max(255).optional(), - niceId: z.string().min(1).max(255).regex(/^[a-zA-Z0-9-]+$/, "niceId can only contain letters, numbers, and dashes").optional(), + niceId: z + .string() + .min(1) + .max(255) + .regex( + /^[a-zA-Z0-9-]+$/, + "niceId can only contain letters, numbers, and dashes" + ) + .optional(), subdomain: subdomainSchema.nullable().optional(), ssl: z.boolean().optional(), sso: z.boolean().optional(), @@ -248,14 +256,13 @@ async function updateHttpResource( .where( and( eq(resources.niceId, updateData.niceId), - eq(resources.orgId, resource.orgId) + eq(resources.orgId, resource.orgId), + ne(resources.resourceId, resource.resourceId) // exclude the current resource from the search ) - ); + ) + .limit(1); - if ( - existingResource && - existingResource.resourceId !== resource.resourceId - ) { + if (existingResource) { return next( createHttpError( HttpCode.CONFLICT, @@ -343,7 +350,10 @@ async function updateHttpResource( headers = null; } - const isLicensed = await isLicensedOrSubscribed(resource.orgId, tierMatrix.maintencePage); + const isLicensed = await isLicensedOrSubscribed( + resource.orgId, + tierMatrix.maintencePage + ); if (!isLicensed) { updateData.maintenanceModeEnabled = undefined; updateData.maintenanceModeType = undefined; diff --git a/server/routers/site/updateSite.ts b/server/routers/site/updateSite.ts index 44764362..ca0f7678 100644 --- a/server/routers/site/updateSite.ts +++ b/server/routers/site/updateSite.ts @@ -2,7 +2,7 @@ import { Request, Response, NextFunction } from "express"; import { z } from "zod"; import { db } from "@server/db"; import { sites } from "@server/db"; -import { eq, and } from "drizzle-orm"; +import { eq, and, ne } from "drizzle-orm"; import response from "@server/lib/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; @@ -19,8 +19,8 @@ const updateSiteBodySchema = z .strictObject({ name: z.string().min(1).max(255).optional(), niceId: z.string().min(1).max(255).optional(), - dockerSocketEnabled: z.boolean().optional(), - remoteSubnets: z.string().optional() + dockerSocketEnabled: z.boolean().optional() + // remoteSubnets: z.string().optional() // subdomain: z // .string() // .min(1) @@ -86,18 +86,19 @@ export async function updateSite( // if niceId is provided, check if it's already in use by another site if (updateData.niceId) { - const existingSite = await db + const [existingSite] = await db .select() .from(sites) .where( and( eq(sites.niceId, updateData.niceId), - eq(sites.orgId, sites.orgId) + eq(sites.orgId, sites.orgId), + ne(sites.siteId, siteId) ) ) .limit(1); - if (existingSite.length > 0 && existingSite[0].siteId !== siteId) { + if (existingSite) { return next( createHttpError( HttpCode.CONFLICT, @@ -107,22 +108,22 @@ export async function updateSite( } } - // if remoteSubnets is provided, ensure it's a valid comma-separated list of cidrs - if (updateData.remoteSubnets) { - const subnets = updateData.remoteSubnets - .split(",") - .map((s) => s.trim()); - for (const subnet of subnets) { - if (!isValidCIDR(subnet)) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - `Invalid CIDR format: ${subnet}` - ) - ); - } - } - } + // // if remoteSubnets is provided, ensure it's a valid comma-separated list of cidrs + // if (updateData.remoteSubnets) { + // const subnets = updateData.remoteSubnets + // .split(",") + // .map((s) => s.trim()); + // for (const subnet of subnets) { + // if (!isValidCIDR(subnet)) { + // return next( + // createHttpError( + // HttpCode.BAD_REQUEST, + // `Invalid CIDR format: ${subnet}` + // ) + // ); + // } + // } + // } const updatedSite = await db .update(sites)