[front/components/data_source] - fix: ensure request access email inc…

…ludes requester info - Modify sendRequestDataSourceEmail function to guarantee emailRequester is always passed as a non-optional string - Implement type validation using io-ts for request access API endpoint to enhance data integrity
dust-tt · Aug 6, 2024 · bb23089 · bb23089
1 parent 1f7d403
commit bb23089
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 10 deletions.
diff --git a/front/components/data_source/RequestDataSourcesModal.tsx b/front/components/data_source/RequestDataSourcesModal.tsx
@@ -6,6 +6,7 @@ import { SendNotificationsContext } from "@app/components/sparkle/Notification";
 import { CONNECTOR_CONFIGURATIONS } from "@app/lib/connector_providers";
 import logger from "@app/logger/logger";
 import type { DataSourceIntegration } from "@app/pages/w/[wId]/builder/data-sources/managed";
+import type { PostRequestAccessBody } from "@app/pages/api/w/[wId]/data_sources/request-access";
 
 type RequestDataSourceProps = {
   isOpen: boolean;
@@ -25,7 +26,7 @@ async function sendRequestDataSourceEmail({
   email: string;
   emailMessage: string;
   dataSourceName: string;
-  emailRequester?: string;
+  emailRequester: string;
   owner: WorkspaceType;
 }) {
   const res = await fetch(`/api/w/${owner.sId}/data_sources/request-access`, {
@@ -38,7 +39,7 @@ async function sendRequestDataSourceEmail({
       emailMessage,
       dataSourceName,
       emailRequester,
-    }),
+    } satisfies PostRequestAccessBody),
   });
 
   if (!res.ok) {

diff --git a/front/pages/api/w/[wId]/data_sources/request-access.ts b/front/pages/api/w/[wId]/data_sources/request-access.ts
@@ -1,3 +1,6 @@
+import { isLeft } from "fp-ts/Either";
+import * as t from "io-ts";
+import * as reporter from "io-ts-reporters";
 import type { NextApiRequest, NextApiResponse } from "next";
 import sanitizeHtml from "sanitize-html";
 
@@ -6,6 +9,17 @@ import type { Authenticator } from "@app/lib/auth";
 import { sendEmail } from "@app/lib/email";
 import { apiError } from "@app/logger/withlogging";
 
+export const PostRequestAccessBodySchema = t.type({
+  email: t.string,
+  emailMessage: t.string,
+  emailRequester: t.string,
+  dataSourceName: t.string
+})
+
+export type PostRequestAccessBody = t.TypeOf<
+  typeof PostRequestAccessBodySchema
+>;
+
 async function handler(
   req: NextApiRequest,
   res: NextApiResponse,
@@ -36,22 +50,27 @@ async function handler(
     });
   }
 
-  const { email, emailMessage, emailRequester, dataSourceName } = req.body;
-  const html = `<p>${emailRequester} has sent you a request regarding the connection ${dataSourceName}</p>
-    <p>Message:</p>
-    ${emailMessage}`;
+  const bodyValidation = PostRequestAccessBodySchema.decode(
+    req.body
+  );
+  if (isLeft(bodyValidation)) {
+    const pathError = reporter.formatValidationErrors(bodyValidation.left);
 
-  if (!email || !emailMessage || !emailRequester || !dataSourceName) {
     return apiError(req, res, {
       status_code: 400,
       api_error: {
-        type: "unexpected_error_format",
-        message:
-          "Missing required fields: email, emailContent, dataSourceName or emailRequester",
+        type: "invalid_request_error",
+        message: `Invalid request body: ${pathError}`,
       },
     });
   }
 
+  const { email, emailMessage, emailRequester, dataSourceName } = bodyValidation.right;
+
+  const html = `<p>${emailRequester} has sent you a request regarding the connection ${dataSourceName}</p>
+    <p>Message:</p>
+    ${emailMessage}`;
+
   try {
     const message = {
       to: email,