prevent api resource updates if raw resources is disabled

2025-08-04 10:05:53 +02:00 · 2025-02-02 16:22:00 -05:00 · 2025-02-02 16:22:00 -05:00 · 0840c166ab
commit 0840c166ab
parent 65a537a670
2 changed files with 49 additions and 19 deletions
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@ -18,6 +18,7 @@ import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { subdomainSchema } from "@server/schemas/subdomainSchema";
+import config from "@server/lib/config";

 const createResourceParamsSchema = z
    .object({
@ -63,6 +64,30 @@ const createResourceSchema = z
            message: "Invalid subdomain",
            path: ["subdomain"]
        }
+    )
+    .refine(
+        (data) => {
+            if (!config.getRawConfig().flags?.allow_raw_resources) {
+                if (data.proxyPort !== undefined) {
+                    return false;
+                }
+            }
+            return true;
+        },
+        {
+            message: "Cannot update proxyPort"
+        }
+    )
+    .refine(
+        (data) => {
+            if (data.proxyPort === 443 || data.proxyPort === 80) {
+                return false;
+            }
+            return true;
+        },
+        {
+            message: "Port 80 and 443 are reserved for http and https resources"
+        }
    );

 export type CreateResourceResponse = Resource;
@ -133,15 +158,6 @@ export async function createResource(
                    )
                );

-            if (proxyPort === 443 || proxyPort === 80) {
-                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        "Port 80 and 443 are reserved for https resources"
-                    )
-                );
-            }
-
            if (existingResource.length > 0) {
                return next(
                    createHttpError(