feat(tags): add input validation for tag and entity operations

Added validation checks for tagId, personId, and projectId across tag-related operations. Introduced `BadRequestException` for invalid or missing inputs. Replaced generic errors with more descriptive exceptions.
2025-05-16 23:52:30 +02:00
parent d48b6fa48b
commit 5abd33e648
1 changed files with 72 additions and 30 deletions
--- a/backend/src/modules/tags/services/tags.service.ts
+++ b/backend/src/modules/tags/services/tags.service.ts
@@ -1,4 +1,4 @@
-import { Injectable, NotFoundException, Inject } from '@nestjs/common';
+import { Injectable, NotFoundException, Inject, BadRequestException } from '@nestjs/common';
 import { eq, and } from 'drizzle-orm';
 import { DRIZZLE } from '../../../database/database.module';
 import * as schema from '../../../database/schema';
@@ -95,10 +95,18 @@ export class TagsService {
   * Add a tag to a person
   */
  async addTagToPerson(tagId: string, personId: string) {
+    // Validate tagId and personId
+    if (!tagId) {
+      throw new BadRequestException('Tag ID is required');
+    }
+    if (!personId) {
+      throw new BadRequestException('Person ID is required');
+    }
+
    // Check if the tag exists and is of type PERSON
    const tag = await this.findById(tagId);
    if (tag.type !== 'PERSON') {
-      throw new Error(`Tag with ID ${tagId} is not of type PERSON`);
+      throw new BadRequestException(`Tag with ID ${tagId} is not of type PERSON`);
    }

    // Check if the person exists
@@ -142,6 +150,14 @@ export class TagsService {
   * Remove a tag from a person
   */
  async removeTagFromPerson(tagId: string, personId: string) {
+    // Validate tagId and personId
+    if (!tagId) {
+      throw new BadRequestException('Tag ID is required');
+    }
+    if (!personId) {
+      throw new BadRequestException('Person ID is required');
+    }
+
    const [relation] = await this.db
      .delete(schema.personToTag)
      .where(
@@ -163,10 +179,18 @@ export class TagsService {
   * Add a tag to a project
   */
  async addTagToProject(tagId: string, projectId: string) {
+    // Validate tagId and projectId
+    if (!tagId) {
+      throw new BadRequestException('Tag ID is required');
+    }
+    if (!projectId) {
+      throw new BadRequestException('Project ID is required');
+    }
+
    // Check if the tag exists and is of type PROJECT
    const tag = await this.findById(tagId);
    if (tag.type !== 'PROJECT') {
-      throw new Error(`Tag with ID ${tagId} is not of type PROJECT`);
+      throw new BadRequestException(`Tag with ID ${tagId} is not of type PROJECT`);
    }

    // Check if the project exists
@@ -210,6 +234,14 @@ export class TagsService {
   * Remove a tag from a project
   */
  async removeTagFromProject(tagId: string, projectId: string) {
+    // Validate tagId and projectId
+    if (!tagId) {
+      throw new BadRequestException('Tag ID is required');
+    }
+    if (!projectId) {
+      throw new BadRequestException('Project ID is required');
+    }
+
    const [relation] = await this.db
      .delete(schema.projectToTag)
      .where(
@@ -231,6 +263,11 @@ export class TagsService {
   * Get all tags for a person
   */
  async getTagsForPerson(personId: string) {
+    // Validate personId
+    if (!personId) {
+      throw new BadRequestException('Person ID is required');
+    }
+
    // Check if the person exists
    const [person] = await this.db
      .select()
@@ -255,6 +292,11 @@ export class TagsService {
   * Get all tags for a project
   */
  async getTagsForProject(projectId: string) {
+    // Validate projectId
+    if (!projectId) {
+      throw new BadRequestException('Project ID is required');
+    }
+
    // Check if the project exists
    const [project] = await this.db
      .select()