feat(workspace): expand forbidden subdomain validation (#9082)

Added new forbidden words and regex patterns to subdomain validation in `update-workspace-input`. Enhanced the `ForbiddenWords` validator to support both strings and regex matching. Updated tests to verify regex-based forbidden subdomain validation. Fix #9064 --------- Co-authored-by: Weiko <corentin@twenty.com>
2024-12-18 16:46:59 +01:00
parent 550756c2bf
commit 2bcce44e08
8 changed files with 126 additions and 86 deletions
--- a/packages/twenty-server/src/engine/core-modules/workspace/dtos/update-workspace-input.ts
+++ b/packages/twenty-server/src/engine/core-modules/workspace/dtos/update-workspace-input.ts
@ -1,8 +1,12 @@
 import { Field, InputType } from '@nestjs/graphql';

-import { IsBoolean, IsOptional, IsString, Matches } from 'class-validator';
-
-import { ForbiddenWords } from 'src/engine/utils/custom-class-validator/ForbiddenWords';
+import {
+  IsBoolean,
+  IsOptional,
+  IsString,
+  Matches,
+  IsNotIn,
+} from 'class-validator';

@InputType()
 export class UpdateWorkspaceInput {
@ -14,8 +18,91 @@ export class UpdateWorkspaceInput {
  @Field({ nullable: true })
  @IsString()
  @IsOptional()
-  @Matches(/^[a-z0-9][a-z0-9-]{1,28}[a-z0-9]$/)
-  @ForbiddenWords(['demo'])
+  @Matches(/^(?!api-).*^[a-z0-9][a-z0-9-]{1,28}[a-z0-9]$/)
+  @IsNotIn([
+    'demo',
+    'api',
+    't',
+    'companies',
+    'telemetry',
+    'logs',
+    'metrics',
+    'next',
+    'main',
+    'admin',
+    'dashboard',
+    'dash',
+    'billing',
+    'db',
+    'favicon',
+    'www',
+    'mail',
+    'docs',
+    'dev',
+    'app',
+    'staging',
+    'production',
+    'developer',
+    'files',
+    'cdn',
+    'storage',
+    'about',
+    'help',
+    'support',
+    'contact',
+    'privacy',
+    'terms',
+    'careers',
+    'jobs',
+    'blog',
+    'news',
+    'events',
+    'community',
+    'forum',
+    'chat',
+    'test',
+    'testing',
+    'feedback',
+    'config',
+    'settings',
+    'media',
+    'image',
+    'audio',
+    'video',
+    'images',
+    'partners',
+    'partnership',
+    'partnerships',
+    'assets',
+    'login',
+    'signin',
+    'signup',
+    'legal',
+    'shop',
+    'merch',
+    'store',
+    'auth',
+    'register',
+    'payment',
+    'fr',
+    'de',
+    'it',
+    'es',
+    'pt',
+    'nl',
+    'be',
+    'ch',
+    'us',
+    'ca',
+    'au',
+    'nz',
+    'za',
+    'uk',
+    'eu',
+    'asia',
+    'africa',
+    'america',
+  ])
  subdomain?: string;

  @Field({ nullable: true })
--- a/packages/twenty-server/src/engine/core-modules/workspace/workspace.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/workspace/workspace.resolver.ts
@ -1,4 +1,4 @@
-import { UseGuards } from '@nestjs/common';
+import { UseFilters, UseGuards } from '@nestjs/common';
 import {
  Args,
  Mutation,
@ -41,6 +41,7 @@ import { OriginHeader } from 'src/engine/decorators/auth/origin-header.decorator
 import { DemoEnvGuard } from 'src/engine/guards/demo.env.guard';
 import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
 import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
+import { GraphqlValidationExceptionFilter } from 'src/filters/validation-exception.filter';
 import { assert } from 'src/utils/assert';
 import { isDefined } from 'src/utils/is-defined';
 import { streamToBuffer } from 'src/utils/stream-to-buffer';
@ -50,6 +51,7 @@ import { Workspace } from './workspace.entity';
 import { WorkspaceService } from './services/workspace.service';

@Resolver(() => Workspace)
+@UseFilters(GraphqlValidationExceptionFilter)
 export class WorkspaceResolver {
  constructor(
    private readonly workspaceService: WorkspaceService,