fix: validate PDF options in template render route (BUG-103)
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 16m25s
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 16m25s
This commit is contained in:
parent
ba2e542e2a
commit
47571c8c81
2 changed files with 109 additions and 4 deletions
|
|
@ -3,6 +3,7 @@ import { renderPdf } from "../services/browser.js";
|
|||
import logger from "../services/logger.js";
|
||||
import { templates, renderTemplate } from "../services/templates.js";
|
||||
import { sanitizeFilename } from "../utils/sanitize.js";
|
||||
import { validatePdfOptions } from "../utils/pdf-options.js";
|
||||
|
||||
export const templatesRouter = Router();
|
||||
|
||||
|
|
@ -153,11 +154,19 @@ templatesRouter.post("/:id/render", async (req: Request, res: Response) => {
|
|||
return;
|
||||
}
|
||||
|
||||
// Validate PDF options from underscore-prefixed fields (BUG-103)
|
||||
const pdfOpts: Record<string, any> = {};
|
||||
if (data._format !== undefined) pdfOpts.format = data._format;
|
||||
if (data._margin !== undefined) pdfOpts.margin = data._margin;
|
||||
const validation = validatePdfOptions(pdfOpts);
|
||||
if (!validation.valid) {
|
||||
res.status(400).json({ error: validation.error });
|
||||
return;
|
||||
}
|
||||
const sanitizedPdf = { format: "A4" as string, ...validation.sanitized };
|
||||
|
||||
const html = renderTemplate(id, data);
|
||||
const pdf = await renderPdf(html, {
|
||||
format: data._format || "A4",
|
||||
margin: data._margin,
|
||||
});
|
||||
const pdf = await renderPdf(html, sanitizedPdf);
|
||||
|
||||
const filename = sanitizeFilename(data._filename || `${id}.pdf`);
|
||||
res.setHeader("Content-Type", "application/pdf");
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue