diff --git a/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/feature/src/modules/auth/auth.service.ts b/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/feature/src/modules/auth/auth.service.ts index 56e9b3c9..81a4dccb 100644 --- a/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/feature/src/modules/auth/auth.service.ts +++ b/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/feature/src/modules/auth/auth.service.ts @@ -120,7 +120,13 @@ export class AuthService { throw ApiError.badRequest("Invalid or expired otp"); } - const { name, email: userEmail, role, password } = JSON.parse(userData); + let parsedData; + try { + parsedData = JSON.parse(userData); + } catch { + throw ApiError.badRequest("Invalid user data format"); + } + const { name, email: userEmail, role, password } = parsedData; const user = await User.create({ name, diff --git a/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/mvc/src/services/auth.service.ts b/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/mvc/src/services/auth.service.ts index 227bd52a..33a6ae93 100644 --- a/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/mvc/src/services/auth.service.ts +++ b/packages/templates/node/express/blueprint/hybrid-auth/mongodb/mongoose/mvc/src/services/auth.service.ts @@ -120,7 +120,13 @@ export class AuthService { throw ApiError.badRequest("Invalid or expired otp"); } - const { name, email: userEmail, role, password } = JSON.parse(userData); + let parsedData; + try { + parsedData = JSON.parse(userData); + } catch { + throw ApiError.badRequest("Invalid user data format"); + } + const { name, email: userEmail, role, password } = parsedData; const user = await User.create({ name, diff --git a/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/feature/src/modules/auth/auth.service.ts b/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/feature/src/modules/auth/auth.service.ts index 31c68815..accc8fa6 100644 --- a/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/feature/src/modules/auth/auth.service.ts +++ b/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/feature/src/modules/auth/auth.service.ts @@ -124,7 +124,13 @@ export class AuthService { throw ApiError.badRequest("Invalid or expired otp"); } - const { name, email: userEmail, role, password } = JSON.parse(userData); + let parsedData; + try { + parsedData = JSON.parse(userData); + } catch { + throw ApiError.badRequest("Invalid user data format"); + } + const { name, email: userEmail, role, password } = parsedData; const enforcedRole = "user" as const; if (role && role !== enforcedRole) { diff --git a/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/mvc/src/services/auth.service.ts b/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/mvc/src/services/auth.service.ts index fb480684..4e74772c 100644 --- a/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/mvc/src/services/auth.service.ts +++ b/packages/templates/node/express/blueprint/hybrid-auth/postgresql/drizzle/mvc/src/services/auth.service.ts @@ -134,7 +134,13 @@ export class AuthService { throw ApiError.badRequest("Invalid or expired otp"); } - const { name, email: userEmail, role, password } = JSON.parse(userData); + let parsedData; + try { + parsedData = JSON.parse(userData); + } catch { + throw ApiError.badRequest("Invalid user data format"); + } + const { name, email: userEmail, role, password } = parsedData; const [user] = await db.insert(users).values({ name, diff --git a/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/feature/src/modules/auth/auth.service.ts b/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/feature/src/modules/auth/auth.service.ts index 3a49dfc5..60c944fa 100644 --- a/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/feature/src/modules/auth/auth.service.ts +++ b/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/feature/src/modules/auth/auth.service.ts @@ -93,7 +93,13 @@ export class AuthService { throw ApiError.badRequest("Invalid or expired otp"); } - const { name, email: userEmail, role, password } = JSON.parse(userData); + let parsedData; + try { + parsedData = JSON.parse(userData); + } catch { + throw ApiError.badRequest("Invalid user data format"); + } + const { name, email: userEmail, role, password } = parsedData; const [existingUser] = await db .insert(users) diff --git a/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/mvc/src/services/auth.service.ts b/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/mvc/src/services/auth.service.ts index 26c0f8cc..0485458d 100644 --- a/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/mvc/src/services/auth.service.ts +++ b/packages/templates/node/express/blueprint/stateless-auth/mysql/drizzle/mvc/src/services/auth.service.ts @@ -90,7 +90,13 @@ export class AuthService { throw ApiError.badRequest("Invalid or expired otp"); } - const { name, email: userEmail, role, password } = JSON.parse(userData); + let parsedData; + try { + parsedData = JSON.parse(userData); + } catch { + throw ApiError.badRequest("Invalid user data format"); + } + const { name, email: userEmail, role, password } = parsedData; const [existingUser] = await db .insert(users)