Allow arbitrary suffix

compulim · compulim · commit 5312d523bfae · 2025-06-03T06:27:36.000Z
diff --git a/packages/core/src/actions/postActivity.ts b/packages/core/src/actions/postActivity.ts
@@ -16,19 +16,20 @@ const postActivityActionSchema = pipe(
 
 const middlewareActionSchemas = createMiddlewareActionSchemas(
   POST_ACTIVITY,
+  ['FULFILLED', 'IMPEDED', 'PENDING'],
   pipe(object({ activity: custom<WebChatActivity>(() => true) }), readonly()),
   pipe(object({ clientActivityID: string(), method: string() }), readonly())
 );
 
-const POST_ACTIVITY_FULFILLED = middlewareActionSchemas.fulfilled.name;
-const POST_ACTIVITY_IMPEDED = middlewareActionSchemas.impeded.name;
-const POST_ACTIVITY_PENDING = middlewareActionSchemas.pending.name;
-const POST_ACTIVITY_REJECTED = middlewareActionSchemas.rejected.name;
+const POST_ACTIVITY_FULFILLED = middlewareActionSchemas.FULFILLED.name;
+const POST_ACTIVITY_IMPEDED = middlewareActionSchemas.IMPEDED.name;
+const POST_ACTIVITY_PENDING = middlewareActionSchemas.PENDING.name;
+const POST_ACTIVITY_REJECTED = middlewareActionSchemas.REJECTED.name;
 
-const postActivityFulfilledActionSchema = middlewareActionSchemas.fulfilled.schema;
-const postActivityImpededActionSchema = middlewareActionSchemas.impeded.schema;
-const postActivityPendingActionSchema = middlewareActionSchemas.pending.schema;
-const postActivityRejectedActionSchema = middlewareActionSchemas.rejected.schema;
+const postActivityFulfilledActionSchema = middlewareActionSchemas.FULFILLED.schema;
+const postActivityImpededActionSchema = middlewareActionSchemas.IMPEDED.schema;
+const postActivityPendingActionSchema = middlewareActionSchemas.PENDING.schema;
+const postActivityRejectedActionSchema = middlewareActionSchemas.REJECTED.schema;
 
 type PostActivityAction = InferOutput<typeof postActivityActionSchema>;
 type PostActivityFulfilledAction = InferOutput<typeof postActivityFulfilledActionSchema>;
diff --git a/packages/core/src/actions/private/createMiddlewareActionSchemas.ts b/packages/core/src/actions/private/createMiddlewareActionSchemas.ts
@@ -1,52 +1,71 @@
-import { instance, literal, object, pipe, readonly, type BaseIssue, type BaseSchema } from 'valibot';
+import {
+  array,
+  instance,
+  literal,
+  object,
+  parse,
+  picklist,
+  pipe,
+  readonly,
+  type BaseIssue,
+  type BaseSchema,
+  type InferOutput
+} from 'valibot';
+
+// No dangerous value such as: constructor, prototype, etc.
+const allowedSuffixSchema = picklist(['FULFILLED', 'IMPEDED', 'PENDING']);
+
+type AllowedSuffix = InferOutput<typeof allowedSuffixSchema>;
+
+const suffixesSchema = array(allowedSuffixSchema);
 
 export default function createMiddlewareActionSchemas<
   const TName extends string,
   const TPayloadSchema extends BaseSchema<unknown, unknown, BaseIssue<unknown>>,
-  const TMetaSchema extends BaseSchema<unknown, unknown, BaseIssue<unknown>>
->(actionName: TName, payloadSchema: TPayloadSchema, metaSchema: TMetaSchema) {
-  return Object.freeze({
-    fulfilled: {
-      name: `${actionName}_FULFILLED` as const,
-      schema: pipe(
-        object({
-          meta: metaSchema,
-          payload: payloadSchema,
-          type: literal(`${actionName}_FULFILLED`)
-        }),
-        readonly()
-      )
-    },
-    impeded: {
-      name: `${actionName}_IMPEDED` as const,
-      schema: pipe(
-        object({
-          meta: metaSchema,
-          payload: payloadSchema,
-          type: literal(`${actionName}_IMPEDED`)
-        }),
-        readonly()
-      )
-    },
-    pending: {
-      name: `${actionName}_PENDING` as const,
+  const TMetaSchema extends BaseSchema<unknown, unknown, BaseIssue<unknown>>,
+  const TSuffix extends AllowedSuffix
+>(prefix: TName, suffixes: readonly TSuffix[], payloadSchema: TPayloadSchema, metaSchema: TMetaSchema) {
+  const result: {
+    [K in TSuffix]: Readonly<{
+      name: `${TName}_${K}`;
+      schema: BaseSchema<
+        unknown,
+        {
+          meta: InferOutput<typeof metaSchema>;
+          payload: InferOutput<typeof payloadSchema>;
+          type: `${TName}_${K}`;
+        },
+        BaseIssue<unknown>
+      >;
+    }>;
+  } = {} as any;
+
+  for (const suffix of parse(suffixesSchema, suffixes)) {
+    // We use allowlist to filter the suffix.
+    // eslint-disable-next-line security/detect-object-injection
+    result[suffix] = {
+      name: `${prefix}_${suffix}` as const,
       schema: pipe(
         object({
           meta: metaSchema,
           payload: payloadSchema,
-          type: literal(`${actionName}_PENDING`)
+          type: literal(`${prefix}_${suffix}`)
         }),
         readonly()
       )
-    },
-    rejected: {
-      name: `${actionName}_REJECTED` as const,
+    };
+  }
+
+  return Object.freeze({
+    ...result,
+    REJECTED: {
+      name: `${prefix}_REJECTED` as const,
       schema: pipe(
         object({
           error: literal(true),
           meta: metaSchema,
           payload: instance(Error),
-          type: literal(`${actionName}_REJECTED`)
+          type: literal(`${prefix}_REJECTED`)
         }),
         readonly()
       )
