Fix missing exception catch (#12069)

add a check about uuid in rest api findOne handler

packages/twenty-server/src/engine/api/rest/core/query-builder/utils/path-parsers/__tests__/parse-core-path.utils.spec.ts

@@ -1,16 +1,20 @@
 import { parseCorePath } from 'src/engine/api/rest/core/query-builder/utils/path-parsers/parse-core-path.utils';
 
+const testUUID = '20202020-ef5a-4822-9e08-cf6e4a4dcd6b';
+
 describe('parseCorePath', () => {
-  it('should parse object from request path', () => {
-    const request: any = { path: '/rest/companies/uuid' };
+  it('should parse find one object from request path', () => {
+    const request: any = {
+      path: `/rest/companies/${testUUID}`,
+    };
 
     expect(parseCorePath(request)).toEqual({
       object: 'companies',
-      id: 'uuid',
+      id: testUUID,
     });
   });
 
-  it('should parse object from request path', () => {
+  it('should parse find many object from request path', () => {
     const request: any = { path: '/rest/companies' };
 
     expect(parseCorePath(request)).toEqual({
@@ -20,10 +24,19 @@ describe('parseCorePath', () => {
   });
 
   it('should throw for wrong request path', () => {
-    const request: any = { path: '/rest/companies/uuid/toto' };
+    const request: any = { path: `/rest/companies/${testUUID}/toto` };
 
     expect(() => parseCorePath(request)).toThrow(
-      "Query path '/rest/companies/uuid/toto' invalid. Valid examples: /rest/companies/id or /rest/companies or /rest/batch/companies",
+      `Query path '/rest/companies/${testUUID}/toto' invalid. Valid examples: /rest/companies/id or /rest/companies or /rest/batch/companies`,
+    );
+  });
+
+  it('should throw for malformed uuid in findOne request', () => {
+    const malformedUUID = 'malformed-uuid';
+    const request: any = { path: `/rest/companies/${malformedUUID}` };
+
+    expect(() => parseCorePath(request)).toThrow(
+      `'${malformedUUID}' is not a valid UUID`,
     );
   });
 
@@ -45,10 +58,10 @@ describe('parseCorePath', () => {
   });
 
   it('should throw for wrong batch request', () => {
-    const request: any = { path: '/rest/batch/companies/uuid' };
+    const request: any = { path: `/rest/batch/companies/${testUUID}` };
 
     expect(() => parseCorePath(request)).toThrow(
-      "Query path '/rest/batch/companies/uuid' invalid. Valid examples: /rest/companies/id or /rest/companies or /rest/batch/companies",
+      `Query path '/rest/batch/companies/${testUUID}' invalid. Valid examples: /rest/companies/id or /rest/companies or /rest/batch/companies`,
     );
   });
 

packages/twenty-server/src/engine/api/rest/core/query-builder/utils/path-parsers/parse-core-path.utils.ts

@@ -1,6 +1,7 @@
 import { BadRequestException } from '@nestjs/common';
 
 import { Request } from 'express';
+import { isValidUuid } from 'twenty-shared/utils';
 
 export const parseCorePath = (
   request: Request,
@@ -35,5 +36,11 @@ export const parseCorePath = (
     return { object: queryAction[0] };
   }
 
-  return { object: queryAction[0], id: queryAction[1] };
+  const recordId = queryAction[1];
+
+  if (!isValidUuid(recordId)) {
+    throw new BadRequestException(`'${recordId}' is not a valid UUID`);
+  }
+
+  return { object: queryAction[0], id: recordId };
 };

packages/twenty-server/test/integration/rest/suites/rest-api-core-find-one.integration-spec.ts

@@ -66,6 +66,20 @@ describe('Core REST API Find One endpoint', () => {
       });
   });
 
+  it('should return 400 error when trying to retrieve with malformed uuid', async () => {
+    await makeRestAPIRequest({
+      method: 'get',
+      path: `/people/malformed-uuid`,
+    })
+      .expect(400)
+      .expect((res) => {
+        expect(res.body.messages[0]).toContain(
+          "'malformed-uuid' is not a valid UUID",
+        );
+        expect(res.body.error).toBe('BadRequestException');
+      });
+  });
+
   it('should support depth 0 parameter', async () => {
     await makeRestAPIRequest({
       method: 'get',