fix(frameworks): reject null fields and empty payload on custom framework update#3323
Merged
Merged
Conversation
…work update Addresses cubic review on the custom-framework edit endpoint: - DTO: @IsOptional() also skips validation for null, so PATCH { name: null } slipped through and hit the non-null DB column. Use @ValidateIf(value !== undefined) so omitted fields stay optional but an explicit null is rejected with a 400. - Service: guard against an empty payload (both fields undefined) up front with BadRequestException instead of issuing a no-op customFramework.update. Tests: new DTO spec (null/non-string/empty-string rejected; name-only, description-only, empty payloads accepted at field level) + service empty-payload guard test. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_019jXBJKNd7CYdUxf44DsKba
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
🎉 This PR is included in version 3.95.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #3319 (now merged) — addresses the two cubic findings on the custom-framework edit endpoint (
PATCH /v1/frameworks/:id/custom). Diff is only the 4 fix files.Fixes
1.
nullfields bypassed validation → DB error (cubic P2, real bug)@IsOptional()skips validation fornullandundefined, soPATCH { "name": null }passed validation, theninput.name !== undefinedwastruefornull, sodata.name = nullreached Prisma and failed against the non-null column (500).→ Both fields now use
@ValidateIf((_, value) => value !== undefined): an omitted field stays optional, but an explicitnullruns@IsStringand is rejected with a 400.2. Empty payload issued a no-op write (cubic P1)
An empty
data: {}is a valid Prisma no-op (bumpsupdatedAt) rather than a runtime error, but issuing a pointless write for a content-free PATCH is wrong.→ Added an up-front guard: if neither field is provided, throw
BadRequestException('No fields to update')before any DB work.Tests
update-custom-framework.dto.spec.ts): rejectsnullname/description, non-string, and empty-string name; accepts name-only, description-only, and empty payloads at the field level.findOneisolation failures remain — unrelated). Typecheck clean for all changed files.🤖 Generated with Claude Code
https://claude.ai/code/session_019jXBJKNd7CYdUxf44DsKba
Summary by cubic
Fix validation in the custom framework update endpoint. We now reject explicit nulls and empty PATCH payloads with 400 to prevent DB errors and no-op writes.
@IsOptionalwith@ValidateIf((_, v) => v !== undefined)onnameanddescriptionso explicitnullvalues run string/length checks and are rejected.BadRequestException('No fields to update')before any DB calls onPATCH /v1/frameworks/:id/custom.Written for commit 26bafcb. Summary will update on new commits.