refactor(api/private/tokens): validate POST data with DTO

This adds a `AuthTokenCreateDto` which allows to fully validate incoming JSON data. Signed-off-by: David Mehren <git@herrmehren.de>
2025-05-21 02:35:23 -04:00 · 2022-03-04 18:01:45 +01:00 · 2022-03-04 18:01:45 +01:00 · 552cb05d92
commit 552cb05d92
parent fd3fde9cc8
3 changed files with 24 additions and 7 deletions
--- a/src/api/private/tokens/tokens.controller.ts
+++ b/src/api/private/tokens/tokens.controller.ts
@ -16,6 +16,7 @@ import {
 import { ApiTags } from '@nestjs/swagger';

 import {
+  AuthTokenCreateDto,
  AuthTokenDto,
  AuthTokenWithSecretDto,
 } from '../../../auth/auth-token.dto';
@ -23,7 +24,6 @@ import { AuthService } from '../../../auth/auth.service';
 import { SessionGuard } from '../../../identity/session.guard';
 import { ConsoleLoggerService } from '../../../logger/console-logger.service';
 import { User } from '../../../users/user.entity';
-import { TimestampMillis } from '../../../utils/timestamp';
 import { OpenApi } from '../../utils/openapi.decorator';
 import { RequestUser } from '../../utils/request-user.decorator';

@ -50,11 +50,14 @@ export class TokensController {
  @Post()
  @OpenApi(201)
  async postTokenRequest(
-    @Body('label') label: string,
-    @Body('validUntil') validUntil: TimestampMillis,
+    @Body() createDto: AuthTokenCreateDto,
    @RequestUser() user: User,
  ): Promise<AuthTokenWithSecretDto> {
-    return await this.authService.createTokenForUser(user, label, validUntil);
+    return await this.authService.createTokenForUser(
+      user,
+      createDto.label,
+      createDto.validUntil,
+    );
  }

  @Delete('/:keyId')