fix: security patches (#654)

lunary-ai · Nov 16, 2024 · 79dc370 · 79dc370
1 parent a46fcf4
commit 79dc370
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/packages/backend/src/api/v1/template-versions.ts b/packages/backend/src/api/v1/template-versions.ts
@@ -96,16 +96,18 @@ versions.get("/latest", async (ctx: Context) => {
 versions.get("/:id", async (ctx: Context) => {
   const { id: versionId } = ctx.params;
   const { projectId } = ctx.state;
+  console.log("projectId", projectId);
 
   const [version] = await sql`
     select
       tv.*
     from
       template_version tv
       left join template t on tv.template_id = t.id
-      left join project p on t.project_id = p.id and p.id = ${projectId}
+      left join project p on t.project_id = p.id 
     where
       tv.id = ${versionId}
+      and p.id = ${projectId}
   `;
   if (!version) {
     ctx.throw(401, "You do not have access to this ressource.");

diff --git a/packages/db/0051.sql b/packages/db/0051.sql
@@ -0,0 +1 @@
+alter table evaluator add constraint evaluator_project_id_slug_unique unique (project_id, slug);
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		alter table evaluator add constraint evaluator_project_id_slug_unique unique (project_id, slug);