Basic widget data validation

2025-12-07 09:35:54 -08:00 · 2022-10-22 22:48:25 -07:00
parent 5b7d2eaf07
commit 7b7740563e
6 changed files with 88 additions and 2 deletions
--- a/src/utils/proxy/handlers/credentialed.js
+++ b/src/utils/proxy/handlers/credentialed.js
@@ -1,5 +1,6 @@
 import getServiceWidget from "utils/config/service-helpers";
 import { formatApiCall } from "utils/proxy/api-helpers";
+import validateWidgetData from "utils/proxy/validate-widget-data";
 import { httpProxy } from "utils/proxy/http";
 import createLogger from "utils/logger";
 import widgets from "widgets/widgets";
@@ -54,6 +55,10 @@ export default async function credentialedProxyHandler(req, res) {
        logger.debug("HTTP Error %d calling %s//%s%s...", status, url.protocol, url.hostname, url.pathname);
      }

+      if (!validateWidgetData(widget, endpoint, data)) {
+        return res.status(500).json({error: {message: "Invalid data", url, data}});
+      }
+
      if (contentType) res.setHeader("Content-Type", contentType);
      return res.status(status).send(data);
    }
--- a/src/utils/proxy/handlers/generic.js
+++ b/src/utils/proxy/handlers/generic.js
@@ -1,5 +1,6 @@
 import getServiceWidget from "utils/config/service-helpers";
 import { formatApiCall } from "utils/proxy/api-helpers";
+import validateWidgetData from "utils/proxy/validate-widget-data";
 import { httpProxy } from "utils/proxy/http";
 import createLogger from "utils/logger";
 import widgets from "widgets/widgets";
@@ -32,6 +33,11 @@ export default async function genericProxyHandler(req, res, map) {
      });

      let resultData = data;
+      
+      if (!validateWidgetData(widget, endpoint, resultData)) {
+        return res.status(status).json({error: {message: "Invalid data", url, data: resultData}});
+      }
+
      if (status === 200 && map) {
        resultData = map(data);
      }
@@ -44,6 +50,7 @@ export default async function genericProxyHandler(req, res, map) {

      if (status >= 400) {
        logger.debug("HTTP Error %d calling %s//%s%s...", status, url.protocol, url.hostname, url.pathname);
+        return res.status(status).json({error: {message: "HTTP Error", url, data}});
      }

      return res.status(status).send(resultData);
--- a/src/utils/proxy/http.js
+++ b/src/utils/proxy/http.js
@@ -98,6 +98,6 @@ export async function httpProxy(url, params = {}) {
  catch (err) {
    logger.error("Error calling %s//%s%s...", url.protocol, url.hostname, url.pathname);
    logger.error(err);
-    return [500, "application/json", { error: "Unexpected error" }, null];
+    return [500, "application/json", { error: {message: err?.message ?? "Unknown error", url, rawError: err} }, null];
  }
 }
--- a/src/utils/proxy/validate-widget-data.js
+++ b/src/utils/proxy/validate-widget-data.js
@@ -0,0 +1,22 @@
+import widgets from "widgets/widgets";
+
+export default function validateWidgetData(widget, endpoint, data) {
+    let valid = true;
+    let dataParsed;
+    try {
+        dataParsed = JSON.parse(data);
+    } catch (e) {
+        valid = false;
+    }
+
+    if (dataParsed) {
+        const validate = widgets[widget.type]?.mappings?.[endpoint]?.validate;
+        validate.forEach(key => {
+            if (dataParsed[key] === undefined) {
+                valid = false;
+            }
+        });
+    }
+    
+    return valid;
+}