prevent api resource updates if raw resources is disabled

2025-08-05 02:24:59 +02:00 · 2025-02-02 16:22:00 -05:00 · 2025-02-02 16:22:00 -05:00 · 0840c166ab
commit 0840c166ab
parent 65a537a670
2 changed files with 49 additions and 19 deletions
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@ -18,6 +18,7 @@ import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { subdomainSchema } from "@server/schemas/subdomainSchema";
+import config from "@server/lib/config";

 const createResourceParamsSchema = z
    .object({
@ -63,6 +64,30 @@ const createResourceSchema = z
            message: "Invalid subdomain",
            path: ["subdomain"]
        }
+    )
+    .refine(
+        (data) => {
+            if (!config.getRawConfig().flags?.allow_raw_resources) {
+                if (data.proxyPort !== undefined) {
+                    return false;
+                }
+            }
+            return true;
+        },
+        {
+            message: "Cannot update proxyPort"
+        }
+    )
+    .refine(
+        (data) => {
+            if (data.proxyPort === 443 || data.proxyPort === 80) {
+                return false;
+            }
+            return true;
+        },
+        {
+            message: "Port 80 and 443 are reserved for http and https resources"
+        }
    );

 export type CreateResourceResponse = Resource;
@ -133,15 +158,6 @@ export async function createResource(
                    )
                );

-            if (proxyPort === 443 || proxyPort === 80) {
-                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        "Port 80 and 443 are reserved for https resources"
-                    )
-                );
-            }
-
            if (existingResource.length > 0) {
                return next(
                    createHttpError(
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@ -9,6 +9,7 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { subdomainSchema } from "@server/schemas/subdomainSchema";
+import config from "@server/lib/config";

 const updateResourceParamsSchema = z
    .object({
@ -32,7 +33,29 @@ const updateResourceBodySchema = z
    .strict()
    .refine((data) => Object.keys(data).length > 0, {
        message: "At least one field must be provided for update"
-    });
+    })
+    .refine(
+        (data) => {
+            if (!config.getRawConfig().flags?.allow_raw_resources) {
+                if (data.proxyPort !== undefined) {
+                    return false;
+                }
+            }
+            return true;
+        },
+        { message: "Cannot update proxyPort" }
+    )
+    .refine(
+        (data) => {
+            if (data.proxyPort === 443 || data.proxyPort === 80) {
+                return false;
+            }
+            return true;
+        },
+        {
+            message: "Port 80 and 443 are reserved for http and https resources"
+        }
+    );

 export async function updateResource(
    req: Request,
@ -93,15 +116,6 @@ export async function updateResource(
                    )
                );

-            if (proxyPort === 443 || proxyPort === 80) {
-                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        "Port 80 and 443 are reserved for https resources"
-                    )
-                );
-            }
-
            if (
                existingResource.length > 0 &&
                existingResource[0].resourceId !== resourceId