kennethnym/aris
1
0
Fork 0
mirror of https://github.com/kennethnym/aris.git synced 2026-03-26 20:01:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): reject unknown fields in source config (#88)

Browse Source 
Add "+": "reject" to all arktype schemas so undeclared
keys return 400. Sources without a configSchema now
reject the config field entirely at the HTTP layer.

Co-authored-by: Ona <no-reply@ona.com>
This commit is contained in:
Kenneth
2026-03-22 22:45:17 +00:00
committed by GitHub
parent a52addebd8
commit 99c097e503
5 changed files with 118 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
apps/aelis-backend/src/sources/http.ts
View File

@@ -20,15 +20,22 @@ interface SourcesHttpHandlersDeps {
}
const UpdateSourceConfigRequestBody = type({
"+": "reject",
"enabled?": "boolean",
"config?": "unknown",
})
const ReplaceSourceConfigRequestBody = type({
"+": "reject",
enabled: "boolean",
config: "unknown",
})
const ReplaceSourceConfigNoConfigRequestBody = type({
"+": "reject",
enabled: "boolean",
})
export function registerSourcesHttpHandlers(
app: Hono,
{ sessionManager, authSessionMiddleware }: SourcesHttpHandlersDeps,
@@ -90,6 +97,10 @@ async function handleUpdateSource(c: Context<Env>) {
return c.json({ error: parsed.summary }, 400)
}
if (!provider.configSchema && "config" in parsed) {
return c.json({ error: `Source "${sourceId}" does not accept config` }, 400)
}
const { enabled, config: newConfig } = parsed
const user = c.get("user")!
@@ -131,12 +142,16 @@ async function handleReplaceSource(c: Context<Env>) {
return c.json({ error: "Invalid JSON" }, 400)
}
const parsed = ReplaceSourceConfigRequestBody(body)
const schema = provider.configSchema
? ReplaceSourceConfigRequestBody
: ReplaceSourceConfigNoConfigRequestBody
const parsed = schema(body)
if (parsed instanceof type.errors) {
return c.json({ error: parsed.summary }, 400)
}
const { enabled, config } = parsed
const { enabled } = parsed
const config = "config" in parsed ? parsed.config : undefined
const user = c.get("user")!
try {