From 97da370301fd8e6d9fdd8062ecbda61857ce6244 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 12 Mar 2023 09:59:27 +0000
Subject: [PATCH 1/7] feat: provide clear message when app is not found

---
 packages/backend/src/helpers/get-app.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/helpers/get-app.ts b/packages/backend/src/helpers/get-app.ts
index 52f73894..436965d4 100644
--- a/packages/backend/src/helpers/get-app.ts
+++ b/packages/backend/src/helpers/get-app.ts
@@ -22,7 +22,11 @@ const apps = fs
     return apps;
   }, {} as TApps);
 
-async function getDefaultExport(appKey: string) {
+async function getAppDefaultExport(appKey: string) {
+  if (!Object.prototype.hasOwnProperty.call(apps, appKey)) {
+    throw new Error(`An application with the "${appKey}" key couldn't be found.`);
+  }
+
   return (await apps[appKey]).default;
 }
 
@@ -31,7 +35,7 @@ function stripFunctions<C>(data: C): C {
 }
 
 const getApp = async (appKey: string, stripFuncs = true) => {
-  let appData: IApp = cloneDeep(await getDefaultExport(appKey));
+  let appData: IApp = cloneDeep(await getAppDefaultExport(appKey));
 
   if (appData.auth) {
     appData = addAuthenticationSteps(appData);

From dc1002659bbc5d2f8c9f09ab7832af277f642d5c Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 12 Mar 2023 11:16:51 +0000
Subject: [PATCH 2/7] feat: validate connection input in updateStep

---
 packages/backend/src/graphql/mutations/update-step.ts | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/packages/backend/src/graphql/mutations/update-step.ts b/packages/backend/src/graphql/mutations/update-step.ts
index 0c5adbed..3a393fd9 100644
--- a/packages/backend/src/graphql/mutations/update-step.ts
+++ b/packages/backend/src/graphql/mutations/update-step.ts
@@ -32,6 +32,16 @@ const updateStep = async (
     })
     .throwIfNotFound();
 
+  if (input.connection.id) {
+    const hasConnection = await context.currentUser
+      .$relatedQuery('connections')
+      .findById(input.connection?.id);
+
+    if (!hasConnection) {
+      throw new Error('The connection does not exist!');
+    }
+  }
+
   step = await Step.query()
     .patchAndFetchById(input.id, {
       key: input.key,

From 4c4bd267d4b380e9cedcab7828151290279c15d6 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 12 Mar 2023 11:17:41 +0000
Subject: [PATCH 3/7] feat: validate action input in updateStep

---
 packages/backend/src/graphql/mutations/update-step.ts |  5 +++++
 packages/backend/src/models/app.ts                    | 10 ++++++++++
 2 files changed, 15 insertions(+)

diff --git a/packages/backend/src/graphql/mutations/update-step.ts b/packages/backend/src/graphql/mutations/update-step.ts
index 3a393fd9..d65ffecc 100644
--- a/packages/backend/src/graphql/mutations/update-step.ts
+++ b/packages/backend/src/graphql/mutations/update-step.ts
@@ -1,4 +1,5 @@
 import { IJSONObject } from '@automatisch/types';
+import App from '../../models/app';
 import Step from '../../models/step';
 import Context from '../../types/express/context';
 
@@ -42,6 +43,10 @@ const updateStep = async (
     }
   }
 
+  if (step.isAction) {
+    await App.checkAppAndAction(input.appKey, input.key);
+  }
+
   step = await Step.query()
     .patchAndFetchById(input.id, {
       key: input.key,
diff --git a/packages/backend/src/models/app.ts b/packages/backend/src/models/app.ts
index 998566a1..f5cb4b36 100644
--- a/packages/backend/src/models/app.ts
+++ b/packages/backend/src/models/app.ts
@@ -36,6 +36,16 @@ class App {
 
     return appInfoConverter(rawAppData);
   }
+
+  static async checkAppAndAction(appKey: string, actionKey: string): Promise<void> {
+    const app = await this.findOneByKey(appKey);
+
+    const hasAction = app.actions?.find(action => action.key === actionKey);
+
+    if (!hasAction) {
+      throw new Error(`${app.name} does not have an action with the "${actionKey}" key!`);
+    }
+  }
 }
 
 export default App;

From db55912f78ea7b80fbe3a40157c45c9c71809061 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 12 Mar 2023 11:18:04 +0000
Subject: [PATCH 4/7] feat: validate trigger input in updateStep

---
 packages/backend/src/graphql/mutations/update-step.ts |  4 ++++
 packages/backend/src/models/app.ts                    | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/packages/backend/src/graphql/mutations/update-step.ts b/packages/backend/src/graphql/mutations/update-step.ts
index d65ffecc..11398287 100644
--- a/packages/backend/src/graphql/mutations/update-step.ts
+++ b/packages/backend/src/graphql/mutations/update-step.ts
@@ -43,6 +43,10 @@ const updateStep = async (
     }
   }
 
+  if (step.isTrigger) {
+    await App.checkAppAndTrigger(input.appKey, input.key);
+  }
+
   if (step.isAction) {
     await App.checkAppAndAction(input.appKey, input.key);
   }
diff --git a/packages/backend/src/models/app.ts b/packages/backend/src/models/app.ts
index f5cb4b36..d50d3426 100644
--- a/packages/backend/src/models/app.ts
+++ b/packages/backend/src/models/app.ts
@@ -46,6 +46,16 @@ class App {
       throw new Error(`${app.name} does not have an action with the "${actionKey}" key!`);
     }
   }
+
+  static async checkAppAndTrigger(appKey: string, triggerKey: string): Promise<void> {
+    const app = await this.findOneByKey(appKey);
+
+    const hasTrigger = app.triggers?.find(trigger => trigger.key === triggerKey);
+
+    if (!hasTrigger) {
+      throw new Error(`${app.name} does not have a trigger with the "${triggerKey}" key!`);
+    }
+  }
 }
 
 export default App;

From ba27fc12e85171aab723d1e5ad09f7db29bf2d25 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 12 Mar 2023 11:20:59 +0000
Subject: [PATCH 5/7] feat: validate app input in createFlow

---
 .../backend/src/graphql/mutations/create-flow.ts     | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/packages/backend/src/graphql/mutations/create-flow.ts b/packages/backend/src/graphql/mutations/create-flow.ts
index 5e015fe2..30c0968f 100644
--- a/packages/backend/src/graphql/mutations/create-flow.ts
+++ b/packages/backend/src/graphql/mutations/create-flow.ts
@@ -1,3 +1,4 @@
+import App from '../../models/app';
 import Step from '../../models/step';
 import Context from '../../types/express/context';
 
@@ -16,15 +17,20 @@ const createFlow = async (
   const connectionId = params?.input?.connectionId;
   const appKey = params?.input?.triggerAppKey;
 
+  await App.findOneByKey(appKey);
+
   const flow = await context.currentUser.$relatedQuery('flows').insert({
     name: 'Name your flow',
   });
 
   if (connectionId) {
-    await context.currentUser
+    const hasConnection = await context.currentUser
       .$relatedQuery('connections')
-      .findById(connectionId)
-      .throwIfNotFound();
+      .findById(connectionId);
+
+    if (!hasConnection) {
+      throw new Error('The connection does not exist!');
+    }
   }
 
   await Step.query().insert({

From 7b3f070973404f5d3872c3678f8e9911f2051a95 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 12 Mar 2023 11:26:50 +0000
Subject: [PATCH 6/7] feat: validate app and action input in createStep

---
 packages/backend/src/graphql/mutations/create-step.ts | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/backend/src/graphql/mutations/create-step.ts b/packages/backend/src/graphql/mutations/create-step.ts
index 80ba0a1c..7ee065d4 100644
--- a/packages/backend/src/graphql/mutations/create-step.ts
+++ b/packages/backend/src/graphql/mutations/create-step.ts
@@ -1,3 +1,4 @@
+import App from '../../models/app';
 import Context from '../../types/express/context';
 
 type Params = {
@@ -23,6 +24,14 @@ const createStep = async (
 ) => {
   const { input } = params;
 
+  if (input.appKey && input.key) {
+    await App.checkAppAndAction(input.appKey, input.key);
+  }
+
+  if (input.appKey && !input.key) {
+    await App.findOneByKey(input.appKey);
+  }
+
   const flow = await context.currentUser
     .$relatedQuery('flows')
     .findOne({

From 9b8ec9b85ec65605363b7b926829e16826c00467 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 12 Mar 2023 11:28:33 +0000
Subject: [PATCH 7/7] feat: validate step input in executeFlow

---
 packages/backend/src/graphql/mutations/execute-flow.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/graphql/mutations/execute-flow.ts b/packages/backend/src/graphql/mutations/execute-flow.ts
index 5caeaa77..6b25960b 100644
--- a/packages/backend/src/graphql/mutations/execute-flow.ts
+++ b/packages/backend/src/graphql/mutations/execute-flow.ts
@@ -13,11 +13,13 @@ const executeFlow = async (
   context: Context
 ) => {
   const { stepId } = params.input;
-  const { executionStep } = await testRun({ stepId });
 
   const untilStep = await context.currentUser
     .$relatedQuery('steps')
-    .findById(stepId);
+    .findById(stepId)
+    .throwIfNotFound();
+
+  const { executionStep } = await testRun({ stepId });
 
   if (executionStep.isFailed) {
     throw new Error(JSON.stringify(executionStep.errorDetails));