maaz519/tower
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): escape filter values, clamp pagination, remove redundant ConfigModule import

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Maaz Ahamed
2026-05-28 00:31:43 +05:30
parent 8ad5f737bd
commit e73d39b798
3 changed files with 34 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/src/modules/search/search.service.spec.ts
+18
View File
@@ -85,4 +85,22 @@ describe('SearchService', () => {
expect.objectContaining({ page: 1, hitsPerPage: 20 }),
);
});
it('escapes double-quotes in groupId to prevent filter injection', async () => {
mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
await service.search('hello', 'grp"1"OR id EXISTS');
expect(mockSearch).toHaveBeenCalledWith(
'hello',
expect.objectContaining({ filter: 'sourceGroupId = "grp\\"1\\"OR id EXISTS"' }),
);
});
it('clamps page to minimum 1 and limit to maximum 100', async () => {
mockSearch.mockResolvedValue({ hits: [], totalHits: 0 });
await service.search('hello', undefined, undefined, 0, 999);
expect(mockSearch).toHaveBeenCalledWith(
'hello',
expect.objectContaining({ page: 1, hitsPerPage: 100 }),
);
});
});