From 3a409bf5e682fdbccc6a9910d6db015ab831d0c3 Mon Sep 17 00:00:00 2001
From: Eric Mc Sween <5454374+emcsween@users.noreply.github.com>
Date: Thu, 3 Jul 2025 15:26:34 -0400
Subject: [PATCH] Migrate UserMembershipMiddleware.fetchEntity to zod

GitOrigin-RevId: 6f0cac9d3ba1f0d3de69609e19f3d36a1a9ded10
---
 .../UserMembership/UserMembershipMiddleware.js       | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js
index 02505b4304..ef8f636409 100644
--- a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js
+++ b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js
@@ -1,3 +1,5 @@
+// @ts-check
+
 const { expressify } = require('@overleaf/promise-utils')
 const async = require('async')
 const UserMembershipAuthorization = require('./UserMembershipAuthorization')
@@ -7,6 +9,7 @@ const EntityConfigs = require('./UserMembershipEntityConfigs')
 const Errors = require('../Errors/Errors')
 const HttpErrorHandler = require('../Errors/HttpErrorHandler')
 const TemplatesManager = require('../Templates/TemplatesManager')
+const { z, zz, validateReq } = require('../../infrastructure/Validation')
 const { useAdminCapabilities } = require('../Helpers/AdminAuthorizationHelper')
 
 // set of middleware arrays or functions that checks user access to an entity
@@ -244,11 +247,18 @@ function fetchEntityConfig(entityName) {
 }
 
 // fetch the entity with id and config, and set it in the request
+const fetchEntitySchema = z.object({
+  params: z.object({
+    id: zz.objectId(),
+  }),
+})
+
 function fetchEntity() {
   return expressify(async (req, res, next) => {
+    const { params } = validateReq(req, fetchEntitySchema)
     req.entity =
       await UserMembershipHandler.promises.getEntityWithoutAuthorizationCheck(
-        req.params.id,
+        params.id,
         req.entityConfig
       )
     next()