Skip to content

Commit 1fdc5e3

Browse files
myftijamyftija
committed
Sanitize trigger source
1 parent 032bfae commit 1fdc5e3

File tree

3 files changed

+14
-5
lines changed

3 files changed

+14
-5
lines changed

apps/webapp/app/routes/api.v1.tasks.$taskId.trigger.ts

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,15 @@ import {
2222
import { ServiceValidationError } from "~/v3/services/baseService.server";
2323
import { OutOfEntitlementError, TriggerTaskService } from "~/v3/services/triggerTask.server";
2424

25+
const ALLOWED_TRIGGER_SOURCES = new Set(["sdk", "cli", "mcp"]);
26+
27+
export function sanitizeTriggerSource(value: string | null | undefined): string | undefined {
28+
if (value && ALLOWED_TRIGGER_SOURCES.has(value)) {
29+
return value;
30+
}
31+
return undefined;
32+
}
33+
2534
const ParamsSchema = z.object({
2635
taskId: z.string(),
2736
});
@@ -121,7 +130,7 @@ const { action, loader } = createActionApiRoute(
121130
realtimeStreamsVersion: determineRealtimeStreamsVersion(
122131
realtimeStreamsVersion ?? undefined
123132
),
124-
triggerSource: isFromWorker ? "sdk" : triggerSourceHeader ?? "api",
133+
triggerSource: isFromWorker ? "sdk" : sanitizeTriggerSource(triggerSourceHeader) ?? "api",
125134
triggerAction: "trigger",
126135
},
127136
engineVersion ?? undefined

apps/webapp/app/routes/api.v1.tasks.batch.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import {
1515
BatchTriggerV3Service,
1616
} from "~/v3/services/batchTriggerV3.server";
1717
import { OutOfEntitlementError } from "~/v3/services/triggerTask.server";
18-
import { HeadersSchema } from "./api.v1.tasks.$taskId.trigger";
18+
import { HeadersSchema, sanitizeTriggerSource } from "./api.v1.tasks.$taskId.trigger";
1919
import { determineRealtimeStreamsVersion } from "~/services/realtime/v1StreamsGlobal.server";
2020
import { extractJwtSigningSecretKey } from "~/services/realtime/jwtAuth.server";
2121

@@ -114,7 +114,7 @@ const { action, loader } = createActionApiRoute(
114114
realtimeStreamsVersion: determineRealtimeStreamsVersion(
115115
realtimeStreamsVersion ?? undefined
116116
),
117-
triggerSource: isFromWorker ? "sdk" : triggerSourceHeader ?? undefined,
117+
triggerSource: isFromWorker ? "sdk" : sanitizeTriggerSource(triggerSourceHeader),
118118
triggerAction: "trigger",
119119
});
120120

apps/webapp/app/routes/api.v2.tasks.batch.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ import {
1717
import { ServiceValidationError } from "~/v3/services/baseService.server";
1818
import { BatchProcessingStrategy } from "~/v3/services/batchTriggerV3.server";
1919
import { OutOfEntitlementError } from "~/v3/services/triggerTask.server";
20-
import { HeadersSchema } from "./api.v1.tasks.$taskId.trigger";
20+
import { HeadersSchema, sanitizeTriggerSource } from "./api.v1.tasks.$taskId.trigger";
2121
import { determineRealtimeStreamsVersion } from "~/services/realtime/v1StreamsGlobal.server";
2222
import { extractJwtSigningSecretKey } from "~/services/realtime/jwtAuth.server";
2323

@@ -128,7 +128,7 @@ const { action, loader } = createActionApiRoute(
128128
realtimeStreamsVersion: determineRealtimeStreamsVersion(
129129
realtimeStreamsVersion ?? undefined
130130
),
131-
triggerSource: isFromWorker ? "sdk" : triggerSourceHeader ?? undefined,
131+
triggerSource: isFromWorker ? "sdk" : sanitizeTriggerSource(triggerSourceHeader),
132132
triggerAction: "trigger",
133133
});
134134

0 commit comments

Comments
 (0)