From 12bb3fd8a9e80d7f4341fa394138c5936fa547e6 Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Wed, 4 Oct 2023 14:20:21 +0000 Subject: [PATCH] api/graph: validate OAuth grants when submitting build An OAuth grants string can be supplied when submitting a build manifest. Validate it to make sure it's well-formed. --- api/graph/schema.resolvers.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/api/graph/schema.resolvers.go b/api/graph/schema.resolvers.go index d595825..fbff10b 100644 --- a/api/graph/schema.resolvers.go +++ b/api/graph/schema.resolvers.go @@ -299,6 +299,13 @@ func (r *mutationResolver) Submit(ctx context.Context, manifest string, tags []s return nil, secretsErr } + if man.OAuth != "" { + _, err := auth.DecodeGrants(ctx, man.OAuth) + if err != nil { + return nil, err + } + } + var job model.Job if err := database.WithTx(ctx, nil, func(tx *sql.Tx) error { tags := strings.Join(tags, "/") -- 2.38.5