From 0a113f3b24b72b9ba34d817b59d779a12731c9e8 Mon Sep 17 00:00:00 2001 From: Flegma Date: Mon, 30 Mar 2026 18:28:36 +0200 Subject: [PATCH] fix: return actual success from checkIntoMatch and validate relay fragment params - checkIntoMatch: return success based on affected_rows instead of hardcoded false, so clients can confirm check-in succeeded - match-relay controller: use ParseIntPipe on fragment params to validate they are valid integers (returns 400 on invalid input) instead of unguarded parseInt which could produce NaN Closes 5stackgg/5stack-panel#380 --- .../match-relay/match-relay.controller.ts | 46 +++++++++++-------- src/matches/matches.controller.ts | 4 +- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/src/matches/match-relay/match-relay.controller.ts b/src/matches/match-relay/match-relay.controller.ts index feb681b3..b88d1d62 100644 --- a/src/matches/match-relay/match-relay.controller.ts +++ b/src/matches/match-relay/match-relay.controller.ts @@ -1,4 +1,12 @@ -import { Controller, Get, Post, Req, Res, Param } from "@nestjs/common"; +import { + Controller, + Get, + Post, + Req, + Res, + Param, + ParseIntPipe, +} from "@nestjs/common"; import { Request, Response } from "express"; import { MatchRelayService } from "./match-relay.service"; @@ -18,22 +26,22 @@ export class MatchRelayController { @Get(":fragment/start") public handleGetStart( @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Res() response: Response, ) { - this.matchRelayService.getStart(response, matchId, parseInt(fragment)); + this.matchRelayService.getStart(response, matchId, fragment); } @Get(":fragment/full") public handleGetFull( @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Res() response: Response, ) { this.matchRelayService.getFragment( response, matchId, - parseInt(fragment), + fragment, "full", ); } @@ -41,13 +49,13 @@ export class MatchRelayController { @Get(":fragment/delta") public handleGetDelta( @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Res() response: Response, ) { this.matchRelayService.getFragment( response, matchId, - parseInt(fragment), + fragment, "delta", ); } @@ -55,22 +63,22 @@ export class MatchRelayController { @Get(":token/:fragment/start") public handleGetStartWithToken( @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Res() response: Response, ) { - this.matchRelayService.getStart(response, matchId, parseInt(fragment)); + this.matchRelayService.getStart(response, matchId, fragment); } @Get(":token/:fragment/full") public handleGetFullWithToken( @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Res() response: Response, ) { this.matchRelayService.getFragment( response, matchId, - parseInt(fragment), + fragment, "full", ); } @@ -78,13 +86,13 @@ export class MatchRelayController { @Get(":token/:fragment/delta") public handleGetDeltaWithToken( @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Res() response: Response, ) { this.matchRelayService.getFragment( response, matchId, - parseInt(fragment), + fragment, "delta", ); } @@ -93,7 +101,7 @@ export class MatchRelayController { public async handlePostStart( @Param("token") token: string, @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Req() request: Request, @Res() response: Response, ) { @@ -103,7 +111,7 @@ export class MatchRelayController { token, "start", matchId, - parseInt(fragment), + fragment, ); } @@ -111,7 +119,7 @@ export class MatchRelayController { public async handlePostFull( @Param("token") token: string, @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Req() request: Request, @Res() response: Response, ) { @@ -121,7 +129,7 @@ export class MatchRelayController { token, "full", matchId, - parseInt(fragment), + fragment, ); } @@ -129,7 +137,7 @@ export class MatchRelayController { public async handlePostDelta( @Param("token") token: string, @Param("id") matchId: string, - @Param("fragment") fragment: string, + @Param("fragment", ParseIntPipe) fragment: number, @Req() request: Request, @Res() response: Response, ) { @@ -139,7 +147,7 @@ export class MatchRelayController { token, "delta", matchId, - parseInt(fragment), + fragment, ); } } diff --git a/src/matches/matches.controller.ts b/src/matches/matches.controller.ts index fc6cc5ac..19434a99 100644 --- a/src/matches/matches.controller.ts +++ b/src/matches/matches.controller.ts @@ -762,7 +762,7 @@ export class MatchesController { throw Error("match is not accepting check in's at this time"); } - await this.hasura.mutation({ + const { update_match_lineup_players } = await this.hasura.mutation({ update_match_lineup_players: { __args: { where: { @@ -826,7 +826,7 @@ export class MatchesController { }); return { - success: false, + success: (update_match_lineup_players?.affected_rows ?? 0) > 0, }; }