From 1bccba572a1bed106126abfb4ebbdf702b069ff0 Mon Sep 17 00:00:00 2001 From: Ahmed Bouhuolia Date: Sat, 25 Oct 2025 15:15:13 +0200 Subject: [PATCH] fix: validate request org id existance in guards --- .../Tenancy/EnsureTenantIsInitialized.guard.ts | 8 +++++++- .../modules/Tenancy/EnsureTenantIsSeeded.guards.ts | 8 +++++++- .../src/modules/Tenancy/TenancyContext.service.ts | 12 +++++++++--- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/packages/server/src/modules/Tenancy/EnsureTenantIsInitialized.guard.ts b/packages/server/src/modules/Tenancy/EnsureTenantIsInitialized.guard.ts index eca9b58a0..01333e2a3 100644 --- a/packages/server/src/modules/Tenancy/EnsureTenantIsInitialized.guard.ts +++ b/packages/server/src/modules/Tenancy/EnsureTenantIsInitialized.guard.ts @@ -18,7 +18,7 @@ export class EnsureTenantIsInitializedGuard implements CanActivate { constructor( private readonly tenancyContext: TenancyContext, private reflector: Reflector, - ) {} + ) { } /** * Validate the tenant of the current request is initialized.. @@ -41,6 +41,12 @@ export class EnsureTenantIsInitializedGuard implements CanActivate { } const tenant = await this.tenancyContext.getTenant(); + if (!tenant) { + throw new UnauthorizedException({ + message: 'Tenant not found.', + errors: [{ type: 'TENANT.NOT.FOUND' }], + }); + } if (!tenant?.initializedAt) { throw new UnauthorizedException({ statusCode: 400, diff --git a/packages/server/src/modules/Tenancy/EnsureTenantIsSeeded.guards.ts b/packages/server/src/modules/Tenancy/EnsureTenantIsSeeded.guards.ts index 17a1e2e76..8149179bc 100644 --- a/packages/server/src/modules/Tenancy/EnsureTenantIsSeeded.guards.ts +++ b/packages/server/src/modules/Tenancy/EnsureTenantIsSeeded.guards.ts @@ -19,7 +19,7 @@ export class EnsureTenantIsSeededGuard implements CanActivate { constructor( private readonly tenancyContext: TenancyContext, private reflector: Reflector, - ) {} + ) { } /** * Validate the tenant of the current request is seeded. @@ -41,6 +41,12 @@ export class EnsureTenantIsSeededGuard implements CanActivate { } const tenant = await this.tenancyContext.getTenant(); + if (!tenant) { + throw new UnauthorizedException({ + message: 'Tenant not found.', + errors: [{ type: 'TENANT.NOT.FOUND' }], + }); + } if (!tenant.seededAt) { throw new UnauthorizedException({ message: 'Tenant database is not seeded with initial data yet.', diff --git a/packages/server/src/modules/Tenancy/TenancyContext.service.ts b/packages/server/src/modules/Tenancy/TenancyContext.service.ts index 02b13a431..8f1f5a606 100644 --- a/packages/server/src/modules/Tenancy/TenancyContext.service.ts +++ b/packages/server/src/modules/Tenancy/TenancyContext.service.ts @@ -2,6 +2,7 @@ import { Inject, Injectable } from '@nestjs/common'; import { ClsService } from 'nestjs-cls'; import { SystemUser } from '../System/models/SystemUser'; import { TenantModel } from '../System/models/TenantModel'; +import { ServiceError } from '../Items/ServiceError'; @Injectable() export class TenancyContext { @@ -13,14 +14,14 @@ export class TenancyContext { @Inject(TenantModel.name) private readonly systemTenantModel: typeof TenantModel, - ) {} + ) { } /** * Get the current tenant. * @param {boolean} withMetadata - If true, the tenant metadata will be fetched. * @returns */ - getTenant(withMetadata: boolean = false) { + async getTenant(withMetadata: boolean = false) { // Get the tenant from the request headers. const organizationId = this.cls.get('organizationId'); @@ -32,7 +33,12 @@ export class TenancyContext { if (withMetadata) { query.withGraphFetched('metadata'); } - return query; + const queryResult = await query; + + if (!queryResult) { + throw new ServiceError('TENANT_NOT_FOUND', 'Tenant not found'); + } + return queryResult; } async getTenantMetadata() {