add hostedDatabaseId to CreateConnectionForHostedDbDto and update use case implementation#1701
Conversation
… case implementation
There was a problem hiding this comment.
Pull request overview
This PR updates the SaaS “create hosted DB connection” flow to accept an externally supplied identifier and use it as the persisted connection primary key, enabling stable mapping between the hosted DB entity and the created ConnectionEntity.
Changes:
- Added
hostedDatabaseIdtoCreateConnectionForHostedDbDto. - Updated
CreateConnectionForHostedDbUseCaseto readhostedDatabaseIdand assign it toconnection.idbefore persisting.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| backend/src/microservices/saas-microservice/use-cases/create-connection-for-hosted-db.use.case.ts | Uses hostedDatabaseId from input as the saved ConnectionEntity.id. |
| backend/src/microservices/saas-microservice/data-structures/create-connecttion-for-selfhosted-db.dto.ts | Extends the hosted-DB create DTO with a required hostedDatabaseId field. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const connection = new ConnectionEntity(); | ||
| connection.id = hostedDatabaseId; | ||
| connection.type = ConnectionTypesEnum.postgres; |
There was a problem hiding this comment.
Setting connection.id from untrusted request data and then calling connectionRepository.saveNewConnection() (which uses TypeORM save) can turn this "create" endpoint into an implicit update: if a connection with the same id already exists, TypeORM will update that row instead of failing. This can lead to accidental overwrites/collisions and potentially cross-company data corruption. Add an explicit uniqueness check (e.g., query by id and throw a Conflict/BadRequest if it exists) or use an insert-only repository method that fails on duplicate ids; alternatively persist hostedDatabaseId in a dedicated column instead of overriding the primary key.
| @ApiProperty() | ||
| @IsString() | ||
| @IsNotEmpty() | ||
| hostedDatabaseId: string; |
There was a problem hiding this comment.
hostedDatabaseId is persisted as ConnectionEntity.id, which is a varchar with length 38 (ConnectionEntity uses @PrimaryColumn('varchar', { length: 38 })). The DTO currently only validates non-empty string, so oversized values can cause DB errors. Add an explicit length constraint (e.g., @MaxLength(38) / @Length(...)) and document the expected format in @ApiProperty (description/example), so callers know what to send.
No description provided.