From 65e970424fe02aeaf73b15e0f2583ea296cca29a Mon Sep 17 00:00:00 2001
From: giancarlo <giancarlopsk@gmail.com>
Date: Fri, 29 Mar 2024 18:21:12 +0800
Subject: [PATCH] Refactor schemas, enhance data validation

Implemented improvements in the data validation methods used in Stripe and Team Account features by refining the schemas. Adapted string types to UUID for accountId attributes in various services and ensured that Stripe keys follow appropriate prefixes. Autocomplete was turned off for destructive actions for enhanced security.
---
 .../invitations/update-invitation-dialog.tsx  |  2 +-
 .../members/update-member-role-dialog.tsx     |  2 +-
 .../update-team-account-name-form.tsx         |  8 ++-----
 .../src/schema/renew-invitation.schema.ts     |  5 ++++
 ...-schema.ts => update-invitation.schema.ts} |  0
 ...schema.ts => update-member-role.schema.ts} |  0
 .../src/schema/update-team-name.schema.ts     | 12 ++++++++++
 .../leave-team-account-server-actions.ts      |  2 +-
 .../actions/team-details-server-actions.ts    | 23 +++++++++++--------
 .../team-invitations-server-actions.ts        |  9 +++++---
 .../actions/team-members-server-actions.ts    |  2 +-
 .../services/account-invitations.service.ts   |  2 +-
 .../services/account-members.service.ts       |  2 +-
 13 files changed, 44 insertions(+), 25 deletions(-)
 create mode 100644 packages/features/team-accounts/src/schema/renew-invitation.schema.ts
 rename packages/features/team-accounts/src/schema/{update-invitation-schema.ts => update-invitation.schema.ts} (100%)
 rename packages/features/team-accounts/src/schema/{update-member-role-schema.ts => update-member-role.schema.ts} (100%)
 create mode 100644 packages/features/team-accounts/src/schema/update-team-name.schema.ts

diff --git a/packages/features/team-accounts/src/components/invitations/update-invitation-dialog.tsx b/packages/features/team-accounts/src/components/invitations/update-invitation-dialog.tsx
index 862e413da..cb6a7ab37 100644
--- a/packages/features/team-accounts/src/components/invitations/update-invitation-dialog.tsx
+++ b/packages/features/team-accounts/src/components/invitations/update-invitation-dialog.tsx
@@ -25,7 +25,7 @@ import {
 import { If } from '@kit/ui/if';
 import { Trans } from '@kit/ui/trans';
 
-import { UpdateMemberRoleSchema } from '../../schema/update-member-role-schema';
+import { UpdateMemberRoleSchema } from '../../schema/update-member-role.schema';
 import { updateInvitationAction } from '../../server/actions/team-invitations-server-actions';
 import { MembershipRoleSelector } from '../members/membership-role-selector';
 import { RolesDataProvider } from '../members/roles-data-provider';
diff --git a/packages/features/team-accounts/src/components/members/update-member-role-dialog.tsx b/packages/features/team-accounts/src/components/members/update-member-role-dialog.tsx
index bc7b90a6a..52f5351cc 100644
--- a/packages/features/team-accounts/src/components/members/update-member-role-dialog.tsx
+++ b/packages/features/team-accounts/src/components/members/update-member-role-dialog.tsx
@@ -25,7 +25,7 @@ import {
 import { If } from '@kit/ui/if';
 import { Trans } from '@kit/ui/trans';
 
-import { RoleSchema } from '../../schema/update-member-role-schema';
+import { RoleSchema } from '../../schema/update-member-role.schema';
 import { updateMemberRoleAction } from '../../server/actions/team-members-server-actions';
 import { MembershipRoleSelector } from './membership-role-selector';
 import { RolesDataProvider } from './roles-data-provider';
diff --git a/packages/features/team-accounts/src/components/settings/update-team-account-name-form.tsx b/packages/features/team-accounts/src/components/settings/update-team-account-name-form.tsx
index 78f8f1f16..92d435311 100644
--- a/packages/features/team-accounts/src/components/settings/update-team-account-name-form.tsx
+++ b/packages/features/team-accounts/src/components/settings/update-team-account-name-form.tsx
@@ -4,7 +4,6 @@ import { useTransition } from 'react';
 
 import { zodResolver } from '@hookform/resolvers/zod';
 import { useForm } from 'react-hook-form';
-import { z } from 'zod';
 
 import { Button } from '@kit/ui/button';
 import {
@@ -17,12 +16,9 @@ import {
 import { Input } from '@kit/ui/input';
 import { Trans } from '@kit/ui/trans';
 
+import { TeamNameFormSchema } from '../../schema/update-team-name.schema';
 import { updateTeamAccountName } from '../../server/actions/team-details-server-actions';
 
-const Schema = z.object({
-  name: z.string().min(1).max(255),
-});
-
 export const UpdateTeamAccountNameForm = (props: {
   account: {
     name: string;
@@ -34,7 +30,7 @@ export const UpdateTeamAccountNameForm = (props: {
   const [pending, startTransition] = useTransition();
 
   const form = useForm({
-    resolver: zodResolver(Schema),
+    resolver: zodResolver(TeamNameFormSchema),
     defaultValues: {
       name: props.account.name,
     },
diff --git a/packages/features/team-accounts/src/schema/renew-invitation.schema.ts b/packages/features/team-accounts/src/schema/renew-invitation.schema.ts
new file mode 100644
index 000000000..340fc7071
--- /dev/null
+++ b/packages/features/team-accounts/src/schema/renew-invitation.schema.ts
@@ -0,0 +1,5 @@
+import { z } from 'zod';
+
+export const RenewInvitationSchema = z.object({
+  invitationId: z.number().positive(),
+});
diff --git a/packages/features/team-accounts/src/schema/update-invitation-schema.ts b/packages/features/team-accounts/src/schema/update-invitation.schema.ts
similarity index 100%
rename from packages/features/team-accounts/src/schema/update-invitation-schema.ts
rename to packages/features/team-accounts/src/schema/update-invitation.schema.ts
diff --git a/packages/features/team-accounts/src/schema/update-member-role-schema.ts b/packages/features/team-accounts/src/schema/update-member-role.schema.ts
similarity index 100%
rename from packages/features/team-accounts/src/schema/update-member-role-schema.ts
rename to packages/features/team-accounts/src/schema/update-member-role.schema.ts
diff --git a/packages/features/team-accounts/src/schema/update-team-name.schema.ts b/packages/features/team-accounts/src/schema/update-team-name.schema.ts
new file mode 100644
index 000000000..413092377
--- /dev/null
+++ b/packages/features/team-accounts/src/schema/update-team-name.schema.ts
@@ -0,0 +1,12 @@
+import { z } from 'zod';
+
+export const TeamNameFormSchema = z.object({
+  name: z.string().min(1).max(255),
+});
+
+export const UpdateTeamNameSchema = TeamNameFormSchema.merge(
+  z.object({
+    slug: z.string().min(1).max(255),
+    path: z.string().min(1).max(255),
+  }),
+);
diff --git a/packages/features/team-accounts/src/server/actions/leave-team-account-server-actions.ts b/packages/features/team-accounts/src/server/actions/leave-team-account-server-actions.ts
index 23548471f..ab788e85e 100644
--- a/packages/features/team-accounts/src/server/actions/leave-team-account-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/leave-team-account-server-actions.ts
@@ -12,8 +12,8 @@ import { LeaveTeamAccountService } from '../services/leave-team-account.service'
 export async function leaveTeamAccountAction(formData: FormData) {
   const body = Object.fromEntries(formData.entries());
   const params = LeaveTeamAccountSchema.parse(body);
-  const client = getSupabaseServerActionClient();
 
+  const client = getSupabaseServerActionClient();
   const auth = await requireUser(client);
 
   if (auth.error) {
diff --git a/packages/features/team-accounts/src/server/actions/team-details-server-actions.ts b/packages/features/team-accounts/src/server/actions/team-details-server-actions.ts
index 97bb0cfcd..a05686f8d 100644
--- a/packages/features/team-accounts/src/server/actions/team-details-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/team-details-server-actions.ts
@@ -2,23 +2,26 @@
 
 import { redirect } from 'next/navigation';
 
+import { z } from 'zod';
+
 import { getSupabaseServerComponentClient } from '@kit/supabase/server-component-client';
 
-export async function updateTeamAccountName(params: {
-  name: string;
-  slug: string;
-  path: string;
-}) {
+import { UpdateTeamNameSchema } from '../../schema/update-team-name.schema';
+
+export async function updateTeamAccountName(
+  params: z.infer<typeof UpdateTeamNameSchema>,
+) {
   const client = getSupabaseServerComponentClient();
+  const { name, slug, path } = UpdateTeamNameSchema.parse(params);
 
   const { error, data } = await client
     .from('accounts')
     .update({
-      name: params.name,
-      slug: params.slug,
+      name,
+      slug,
     })
     .match({
-      slug: params.slug,
+      slug,
     })
     .select('slug')
     .single();
@@ -30,9 +33,9 @@ export async function updateTeamAccountName(params: {
   const newSlug = data.slug;
 
   if (newSlug) {
-    const path = params.path.replace('[account]', newSlug);
+    const nextPath = path.replace('[account]', newSlug);
 
-    redirect(path);
+    redirect(nextPath);
   }
 
   return { success: true };
diff --git a/packages/features/team-accounts/src/server/actions/team-invitations-server-actions.ts b/packages/features/team-accounts/src/server/actions/team-invitations-server-actions.ts
index ba71e55f0..d1bc9b340 100644
--- a/packages/features/team-accounts/src/server/actions/team-invitations-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/team-invitations-server-actions.ts
@@ -14,7 +14,8 @@ import { getSupabaseServerActionClient } from '@kit/supabase/server-actions-clie
 import { AcceptInvitationSchema } from '../../schema/accept-invitation.schema';
 import { DeleteInvitationSchema } from '../../schema/delete-invitation.schema';
 import { InviteMembersSchema } from '../../schema/invite-members.schema';
-import { UpdateInvitationSchema } from '../../schema/update-invitation-schema';
+import { RenewInvitationSchema } from '../../schema/renew-invitation.schema';
+import { UpdateInvitationSchema } from '../../schema/update-invitation.schema';
 import { AccountInvitationsService } from '../services/account-invitations.service';
 
 /**
@@ -107,9 +108,11 @@ export async function acceptInvitationAction(data: FormData) {
   return redirect(nextPath);
 }
 
-export async function renewInvitationAction(params: { invitationId: number }) {
+export async function renewInvitationAction(
+  params: z.infer<typeof RenewInvitationSchema>,
+) {
   const client = getSupabaseServerActionClient();
-  const { invitationId } = params;
+  const { invitationId } = RenewInvitationSchema.parse(params);
 
   await assertSession(client);
 
diff --git a/packages/features/team-accounts/src/server/actions/team-members-server-actions.ts b/packages/features/team-accounts/src/server/actions/team-members-server-actions.ts
index 0cba7f97f..dadd866bc 100644
--- a/packages/features/team-accounts/src/server/actions/team-members-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/team-members-server-actions.ts
@@ -11,7 +11,7 @@ import { getSupabaseServerActionClient } from '@kit/supabase/server-actions-clie
 
 import { RemoveMemberSchema } from '../../schema/remove-member.schema';
 import { TransferOwnershipConfirmationSchema } from '../../schema/transfer-ownership-confirmation.schema';
-import { UpdateMemberRoleSchema } from '../../schema/update-member-role-schema';
+import { UpdateMemberRoleSchema } from '../../schema/update-member-role.schema';
 import { AccountMembersService } from '../services/account-members.service';
 
 export async function removeMemberFromAccountAction(
diff --git a/packages/features/team-accounts/src/server/services/account-invitations.service.ts b/packages/features/team-accounts/src/server/services/account-invitations.service.ts
index 128179218..bcc691f61 100644
--- a/packages/features/team-accounts/src/server/services/account-invitations.service.ts
+++ b/packages/features/team-accounts/src/server/services/account-invitations.service.ts
@@ -11,7 +11,7 @@ import { requireUser } from '@kit/supabase/require-user';
 
 import { DeleteInvitationSchema } from '../../schema/delete-invitation.schema';
 import { InviteMembersSchema } from '../../schema/invite-members.schema';
-import { UpdateInvitationSchema } from '../../schema/update-invitation-schema';
+import { UpdateInvitationSchema } from '../../schema/update-invitation.schema';
 
 const invitePath = process.env.INVITATION_PAGE_PATH;
 const siteURL = process.env.NEXT_PUBLIC_SITE_URL;
diff --git a/packages/features/team-accounts/src/server/services/account-members.service.ts b/packages/features/team-accounts/src/server/services/account-members.service.ts
index dbc06fc9f..9edd2a5cc 100644
--- a/packages/features/team-accounts/src/server/services/account-members.service.ts
+++ b/packages/features/team-accounts/src/server/services/account-members.service.ts
@@ -8,7 +8,7 @@ import { Database } from '@kit/supabase/database';
 
 import { RemoveMemberSchema } from '../../schema/remove-member.schema';
 import { TransferOwnershipConfirmationSchema } from '../../schema/transfer-ownership-confirmation.schema';
-import { UpdateMemberRoleSchema } from '../../schema/update-member-role-schema';
+import { UpdateMemberRoleSchema } from '../../schema/update-member-role.schema';
 
 export class AccountMembersService {
   private readonly namespace = 'account-members';