Migrate UserMembershipMiddleware.fetchEntity to zod

GitOrigin-RevId: 6f0cac9d3ba1f0d3de69609e19f3d36a1a9ded10
2026-05-30 20:31:34 +02:00 · 2025-07-03 15:26:34 -04:00
parent e3fb4236be
commit 3a409bf5e6
1 changed files with 11 additions and 1 deletions
--- a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js
+++ b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js
@@ -1,3 +1,5 @@
+// @ts-check
+
 const { expressify } = require('@overleaf/promise-utils')
 const async = require('async')
 const UserMembershipAuthorization = require('./UserMembershipAuthorization')
@@ -7,6 +9,7 @@ const EntityConfigs = require('./UserMembershipEntityConfigs')
 const Errors = require('../Errors/Errors')
 const HttpErrorHandler = require('../Errors/HttpErrorHandler')
 const TemplatesManager = require('../Templates/TemplatesManager')
+const { z, zz, validateReq } = require('../../infrastructure/Validation')
 const { useAdminCapabilities } = require('../Helpers/AdminAuthorizationHelper')

 // set of middleware arrays or functions that checks user access to an entity
@@ -244,11 +247,18 @@ function fetchEntityConfig(entityName) {
 }

 // fetch the entity with id and config, and set it in the request
+const fetchEntitySchema = z.object({
+  params: z.object({
+    id: zz.objectId(),
+  }),
+})
+
 function fetchEntity() {
  return expressify(async (req, res, next) => {
+    const { params } = validateReq(req, fetchEntitySchema)
    req.entity =
      await UserMembershipHandler.promises.getEntityWithoutAuthorizationCheck(
-        req.params.id,
+        params.id,
        req.entityConfig
      )
    next()