feat: checkNoteIdOrAlias in more alias service methods

This should prevent any interaction by a forbidden id Signed-off-by: Philip Molares <philip.molares@udo.edu>
2025-05-24 20:14:35 -04:00 · 2022-02-06 22:09:22 +01:00 · 2022-02-06 22:09:22 +01:00 · c891a95588
commit c891a95588
parent 6269c7f7bc
4 changed files with 17 additions and 17 deletions
--- a/src/api/private/alias/alias.controller.ts
+++ b/src/api/private/alias/alias.controller.ts
@ -21,7 +21,6 @@ import {
  ApiNotFoundResponse,
  ApiTags,
  ApiUnauthorizedResponse,
-  ApiUnprocessableEntityResponse,
 } from '@nestjs/swagger';

 import { SessionGuard } from '../../../identity/session.guard';
@ -39,7 +38,6 @@ import {
  conflictDescription,
  notFoundDescription,
  unauthorizedDescription,
-  unprocessableEntityDescription,
 } from '../../utils/descriptions';
 import { RequestUser } from '../../utils/request-user.decorator';

@ -58,6 +56,7 @@ export class AliasController {
  }

  @Post()
+  @ApiBadRequestResponse({ description: badRequestDescription })
  @ApiConflictResponse({ description: conflictDescription })
  @ApiUnauthorizedResponse({ description: unauthorizedDescription })
  @ApiNotFoundResponse({ description: notFoundDescription })
@ -104,8 +103,8 @@ export class AliasController {
  @HttpCode(204)
  @ApiUnauthorizedResponse({ description: unauthorizedDescription })
  @ApiNotFoundResponse({ description: notFoundDescription })
-  @ApiUnprocessableEntityResponse({
-    description: unprocessableEntityDescription,
+  @ApiBadRequestResponse({
+    description: badRequestDescription,
  })
  async removeAlias(
    @RequestUser() user: User,
--- a/src/api/public/alias/alias.controller.ts
+++ b/src/api/public/alias/alias.controller.ts
@ -16,11 +16,11 @@ import {
  UseGuards,
 } from '@nestjs/common';
 import {
+  ApiBadRequestResponse,
  ApiNoContentResponse,
  ApiOkResponse,
  ApiSecurity,
  ApiTags,
-  ApiUnprocessableEntityResponse,
 } from '@nestjs/swagger';

 import { TokenAuthGuard } from '../../../auth/token.strategy';
@ -32,7 +32,7 @@ import { AliasService } from '../../../notes/alias.service';
 import { NotesService } from '../../../notes/notes.service';
 import { PermissionsService } from '../../../permissions/permissions.service';
 import { User } from '../../../users/user.entity';
-import { unprocessableEntityDescription } from '../../utils/descriptions';
+import { badRequestDescription } from '../../utils/descriptions';
 import { FullApi } from '../../utils/fullapi-decorator';
 import { RequestUser } from '../../utils/request-user.decorator';

@ -103,8 +103,8 @@ export class AliasController {
    description: 'The alias was deleted',
  })
  @FullApi
-  @ApiUnprocessableEntityResponse({
-    description: unprocessableEntityDescription,
+  @ApiBadRequestResponse({
+    description: badRequestDescription,
  })
  async removeAlias(
    @RequestUser() user: User,