feat(api): add slug parser in the api requests #6705

djabarovgeorge · 2024-10-16T14:21:32Z

What changed? Why was the change needed?

The PR is not ready please do not review

Screenshots

Expand for optional sections

Related enterprise PR

EE-PR

Special notes for your reviewer

…s crud

linear · 2024-10-16T14:21:36Z

NV-4494 add slug parser in the api requests

netlify · 2024-10-16T15:36:26Z

✅ Deploy Preview for novu-stg-vite-dashboard-poc ready!

Name	Link
🔨 Latest commit	`5d27235`
🔍 Latest deploy log	https://app.netlify.com/sites/novu-stg-vite-dashboard-poc/deploys/6718be6e63efe600081a9eb6
😎 Deploy Preview	https://deploy-preview-6705--novu-stg-vite-dashboard-poc.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

pkg-pr-new · 2024-10-16T16:01:56Z

Open in Stackblitz

@novu/client

pnpm add https://pkg.pr.new/novuhq/novu/@novu/client@6705

@novu/framework

pnpm add https://pkg.pr.new/novuhq/novu/@novu/framework@6705

@novu/headless

pnpm add https://pkg.pr.new/novuhq/novu/@novu/headless@6705

@novu/js

pnpm add https://pkg.pr.new/novuhq/novu/@novu/js@6705

@novu/nextjs

pnpm add https://pkg.pr.new/novuhq/novu/@novu/nextjs@6705

@novu/nest

pnpm add https://pkg.pr.new/novuhq/novu/@novu/nest@6705

@novu/node

pnpm add https://pkg.pr.new/novuhq/novu/@novu/node@6705

@novu/notification-center

pnpm add https://pkg.pr.new/novuhq/novu/@novu/notification-center@6705

novu

pnpm add https://pkg.pr.new/novuhq/novu@6705

@novu/providers

pnpm add https://pkg.pr.new/novuhq/novu/@novu/providers@6705

@novu/react

pnpm add https://pkg.pr.new/novuhq/novu/@novu/react@6705

@novu/react-native

pnpm add https://pkg.pr.new/novuhq/novu/@novu/react-native@6705

@novu/shared

pnpm add https://pkg.pr.new/novuhq/novu/@novu/shared@6705

@novu/stateless

pnpm add https://pkg.pr.new/novuhq/novu/@novu/stateless@6705

commit: 5d27235

djabarovgeorge · 2024-10-16T16:05:04Z

apps/api/src/app/workflows-v2/pipes/parse-slug-Id.pipe.ts

+  try {
+    decodedValue = decodeBase62(encodedValue);
+  } catch (error) {
+    return value;


if not base 62

rifont · 2024-10-16T16:15:49Z

apps/api/package.json

@@ -57,6 +57,7 @@
    "@types/newrelic": "^9.14.0",
    "@upstash/ratelimit": "^0.4.4",
    "axios": "^1.6.8",
+    "base-x": "^5.0.0",


⚠ issue: Can we write our own base62 encoder from scratch? The pipe logic is effectively using unvalidated data. I'm concerned that any vulnerabilities (intentionally or maliciously) added to the base-x package could expose us‏ to an attack vector

What do you think if will have fixed version 5.0.0? Will it solve the concern for us? Then, we could upgrade the version if needed and only to a stable and secure version.

Is there a know security issue with the package?

The truth is that a custom implementation with two functions, encodeBase62, decodeBase62 would be much much simpler, no need for pipes, no need to worry about potential issues.

⚠ issue: Can we write our own base62 encoder from scratch? The pipe logic is effectively using unvalidated data. I'm concerned that any vulnerabilities (intentionally or maliciously) added to the base-x package could expose us‏ to an attack vector

i had a hard time implementing the code from scratch, i added up comping the code from base-x so we won't get any vulnerabilities by mistake.

Is there a know security issue with the package?

not at the moment.

The truth is that a custom implementation with two functions, encodeBase62, decodeBase62 would be much much simpler, no need for pipes, no need to worry about potential issues.

i implemented encodeBase62, decodeBase62 based on base-x, pipes are actually a nice touch of nest js making the boundaries of controller and use case responsibility cleaner

apps/api/src/app/shared/helpers/base62.ts

…er-in-the-api-requests # Conflicts: # .source # apps/api/src/app/workflows-v2/usecases/delete-workflow/delete-workflow.command.ts # apps/api/src/app/workflows-v2/usecases/delete-workflow/delete-workflow.usecase.ts # apps/api/src/app/workflows-v2/usecases/get-workflow-by-ids/get-workflow-by-ids.command.ts # apps/api/src/app/workflows-v2/usecases/get-workflow-by-ids/get-workflow-by-ids.usecase.ts # apps/api/src/app/workflows-v2/usecases/get-workflow/get-workflow.command.ts # apps/api/src/app/workflows-v2/usecases/get-workflow/get-workflow.usecase.ts # apps/api/src/app/workflows-v2/usecases/upsert-workflow/upsert-workflow.command.ts # apps/api/src/app/workflows-v2/usecases/upsert-workflow/upsert-workflow.usecase.ts # apps/api/src/app/workflows-v2/workflow.controller.e2e.ts # apps/api/src/app/workflows-v2/workflow.controller.ts

…er-in-the-api-requests # Conflicts: # apps/api/package.json # apps/api/src/app/step-schemas/e2e/get-step-schema.e2e.ts # apps/api/src/app/workflows-v2/mappers/notification-template-mapper.ts # apps/api/src/app/workflows-v2/workflow.controller.e2e.ts # apps/api/src/app/workflows-v2/workflow.controller.ts # packages/shared/src/dto/workflows/workflow-response-dto.ts

…er-in-the-api-requests # Conflicts: # apps/api/src/app/workflows-v2/mappers/notification-template-mapper.ts # apps/api/src/app/workflows-v2/workflow.controller.e2e.ts # packages/shared/src/dto/workflows/workflow-commons-fields.ts # packages/shared/src/dto/workflows/workflow-response-dto.ts

…pi-requests' into nv-4494-add-slug-parser-in-the-api-requests

djabarovgeorge added 2 commits October 14, 2024 18:49

feat(api): allow passing workflow identifier as id in new v2 workflow…

bd88fa6

…s crud

feat(api): add slug api parser

c0fa7d5

github-actions bot added @novu/api @novu/dal labels Oct 16, 2024

feat(api): refactor parsing

a18552c

djabarovgeorge commented Oct 16, 2024

View reviewed changes

rifont reviewed Oct 16, 2024

View reviewed changes

apps/api/src/app/shared/helpers/base62.ts Outdated Show resolved Hide resolved

djabarovgeorge added 2 commits October 17, 2024 19:20

feat(api): update submodule hash

a3236b5

djabarovgeorge temporarily deployed to Linting October 17, 2024 16:25 — with GitHub Actions Inactive

djabarovgeorge had a problem deploying to Linting October 17, 2024 16:25 — with GitHub Actions Failure

github-actions bot added @novu/web and removed @novu/dal labels Oct 17, 2024

djabarovgeorge marked this pull request as ready for review October 20, 2024 10:24

Merge branch 'next' into nv-4494-add-slug-parser-in-the-api-requests

46151b4

djabarovgeorge temporarily deployed to Linting October 20, 2024 10:25 — with GitHub Actions Inactive

djabarovgeorge had a problem deploying to Linting October 20, 2024 10:25 — with GitHub Actions Failure

github-actions bot removed the @novu/web label Oct 20, 2024

fix(api): lock file

7a321ca

djabarovgeorge had a problem deploying to Linting October 20, 2024 10:35 — with GitHub Actions Failure

djabarovgeorge temporarily deployed to Linting October 20, 2024 10:35 — with GitHub Actions Inactive

djabarovgeorge had a problem deploying to Linting October 20, 2024 10:35 — with GitHub Actions Failure

fix(api): lock file

347b7fc

djabarovgeorge temporarily deployed to Linting October 20, 2024 10:43 — with GitHub Actions Inactive

github-actions bot added the @novu/shared label Oct 22, 2024

djabarovgeorge added 2 commits October 22, 2024 20:59

fix(api): after next merge

2a64335

djabarovgeorge temporarily deployed to Linting October 22, 2024 18:17 — with GitHub Actions Inactive

fix(api): after next merge

06cbea7

djabarovgeorge temporarily deployed to Linting October 22, 2024 18:30 — with GitHub Actions Inactive

fix(api): after next merge

61c1a5d

djabarovgeorge temporarily deployed to Linting October 22, 2024 18:41 — with GitHub Actions Inactive

fix(api): after next merge

2a15a3b

djabarovgeorge temporarily deployed to Linting October 22, 2024 19:31 — with GitHub Actions Inactive

tatarco and others added 3 commits October 23, 2024 08:59

fix(api): fix id

cf9526b

Merge remote-tracking branch 'origin/nv-4494-add-slug-parser-in-the-a…

d5b30f6

…pi-requests' into nv-4494-add-slug-parser-in-the-api-requests

djabarovgeorge temporarily deployed to Linting October 23, 2024 09:05 — with GitHub Actions Inactive

feat: revert hash to next

5d27235

djabarovgeorge temporarily deployed to Linting October 23, 2024 09:14 — with GitHub Actions Inactive

djabarovgeorge merged commit 0e27b89 into next Oct 23, 2024
36 checks passed

djabarovgeorge deleted the nv-4494-add-slug-parser-in-the-api-requests branch October 23, 2024 09:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(api): add slug parser in the api requests #6705

feat(api): add slug parser in the api requests #6705

djabarovgeorge commented Oct 16, 2024 •

edited

Loading

linear bot commented Oct 16, 2024

netlify bot commented Oct 16, 2024 •

edited

Loading

pkg-pr-new bot commented Oct 16, 2024 •

edited

Loading

djabarovgeorge Oct 16, 2024

rifont Oct 16, 2024 •

edited

Loading

djabarovgeorge Oct 17, 2024

SokratisVidros Oct 21, 2024

SokratisVidros Oct 21, 2024

djabarovgeorge Oct 22, 2024

feat(api): add slug parser in the api requests #6705

feat(api): add slug parser in the api requests #6705

Conversation

djabarovgeorge commented Oct 16, 2024 • edited Loading

What changed? Why was the change needed?

Screenshots

Related enterprise PR

Special notes for your reviewer

linear bot commented Oct 16, 2024

netlify bot commented Oct 16, 2024 • edited Loading

✅ Deploy Preview for novu-stg-vite-dashboard-poc ready!

pkg-pr-new bot commented Oct 16, 2024 • edited Loading

djabarovgeorge Oct 16, 2024

Choose a reason for hiding this comment

rifont Oct 16, 2024 • edited Loading

Choose a reason for hiding this comment

djabarovgeorge Oct 17, 2024

Choose a reason for hiding this comment

SokratisVidros Oct 21, 2024

Choose a reason for hiding this comment

SokratisVidros Oct 21, 2024

Choose a reason for hiding this comment

djabarovgeorge Oct 22, 2024

Choose a reason for hiding this comment

djabarovgeorge commented Oct 16, 2024 •

edited

Loading

netlify bot commented Oct 16, 2024 •

edited

Loading

pkg-pr-new bot commented Oct 16, 2024 •

edited

Loading

rifont Oct 16, 2024 •

edited

Loading