Add blueprint validation

2026-03-02 16:56:39 +00:00 · 2025-12-20 12:06:21 -05:00
parent 13ddf30781
commit b80757a129
1 changed files with 65 additions and 5 deletions
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -72,11 +72,71 @@ export const AuthSchema = z.object({
    "auto-login-idp": z.int().positive().optional()
 });
-export const RuleSchema = z.object({
+export const RuleSchema = z
-    action: z.enum(["allow", "deny", "pass"]),
+    .object({
-    match: z.enum(["cidr", "path", "ip", "country", "asn"]),
+        action: z.enum(["allow", "deny", "pass"]),
-    value: z.string()
+        match: z.enum(["cidr", "path", "ip", "country", "asn"]),
-});
+        value: z.string()
    })
    .refine(
        (rule) => {
            if (rule.match === "ip") {
                // Check if it's a valid IP address (v4 or v6)
                return z.union([z.ipv4(), z.ipv6()]).safeParse(rule.value)
                    .success;
            }
            return true;
        },
        {
            path: ["value"],
            message: "Value must be a valid IP address when match is 'ip'"
        }
    )
    .refine(
        (rule) => {
            if (rule.match === "cidr") {
                // Check if it's a valid CIDR (v4 or v6)
                return z.union([z.cidrv4(), z.cidrv6()]).safeParse(rule.value)
                    .success;
            }
            return true;
        },
        {
            path: ["value"],
            message: "Value must be a valid CIDR notation when match is 'cidr'"
        }
    )
    .refine(
        (rule) => {
            if (rule.match === "country") {
                // Check if it's a valid 2-letter country code
                return /^[A-Z]{2}$/.test(rule.value);
            }
            return true;
        },
        {
            path: ["value"],
            message:
                "Value must be a 2-letter country code when match is 'country'"
        }
    )
    .refine(
        (rule) => {
            if (rule.match === "asn") {
                // Check if it's either AS<number> format or just a number
                const asNumberPattern = /^AS\d+$/i;
                const isASFormat = asNumberPattern.test(rule.value);
                const isNumeric = /^\d+$/.test(rule.value);
                return isASFormat || isNumeric;
            }
            return true;
        },
        {
            path: ["value"],
            message:
                "Value must be either 'AS<number>' format or a number when match is 'asn'"
        }
    );
 export const HeaderSchema = z.object({
    name: z.string().min(1),