feat(com-api)!: limit productStorageList and product-list storage par…

…am (#830)
Alwatr · Feb 15, 2023 · 4d02a15 · 4d02a15
2 parents ea54eb9 + 7ea567e
commit 4d02a15
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/uniquely/com-api/demo-data.http b/uniquely/com-api/demo-data.http
@@ -2,7 +2,7 @@
 @adminToken = ADMIN_SECRET_TOKEN
 
 ### New product 1
-PATCH {{apiUrl}}/product-list/?name=tile
+PATCH {{apiUrl}}/product-list/?storage=tile
 Authorization: Bearer {{adminToken}}
 Content-Type: application/json
 

diff --git a/uniquely/com-api/demo.http b/uniquely/com-api/demo.http
@@ -7,11 +7,11 @@
 GET {{apiUrl}}/
 
 ### Get all product.
-GET {{apiUrl}}/product-list/?name=tile
+GET {{apiUrl}}/product-list/?storage=tile
 Authorization: Bearer {{userToken}}
 
 ### Insert/edit a product.
-PATCH {{apiUrl}}/product-list/?name=tile
+PATCH {{apiUrl}}/product-list/?storage=tile
 Authorization: Bearer {{adminToken}}
 Content-Type: application/json
 

diff --git a/uniquely/com-api/src/lib/config.ts b/uniquely/com-api/src/lib/config.ts
@@ -25,6 +25,10 @@ export const config = {
   productStoragePrefix: 'product-list-',
   priceStoragePrefix: 'price-list-',
   orderStoragePrefix: 'order-list-',
+  productStorageList: (process.env.PRODUCT_STORAGE_LIST ?? 'temp')
+      .split(',')
+      .map((f) => f.trim())
+      .filter((f) => f != ''),
 } as const;
 
 logger.logProperty('config', config);
diff --git a/uniquely/com-api/src/route/get-product-list.ts b/uniquely/com-api/src/route/get-product-list.ts
@@ -7,6 +7,13 @@ import type {Product} from '@alwatr/type/customer-order-management.js';
 nanoServer.route('GET', '/product-list/', async (connection) => {
   logger.logMethod('get-product-list');
   connection.requireToken(config.nanoServer.accessToken);
-  const params = connection.requireQueryParams<{name: string}>({name: 'string'});
-  return await storageClient.getStorage<Product>(config.productStoragePrefix + params.name);
+  const params = connection.requireQueryParams<{storage: string}>({storage: 'string'});
+  if (config.productStorageList.indexOf(params.storage) === -1) {
+    return {
+      ok: false,
+      statusCode: 404,
+      errorCode: 'product_not_found',
+    };
+  }
+  return await storageClient.getStorage<Product>(config.productStoragePrefix + params.storage);
 });