From 579b64f5b7329784ae7b911dcb3e1c8d1785a655 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 16 Apr 2024 07:14:19 +0000
Subject: [PATCH] feat: ajv validation

---
 .../nocodb/src/models/GalleryViewColumn.ts    | 10 +----
 .../nocodb/src/models/KanbanViewColumn.ts     |  6 +--
 .../src/services/view-columns.service.ts      | 39 ++++++++++++++++---
 3 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/packages/nocodb/src/models/GalleryViewColumn.ts b/packages/nocodb/src/models/GalleryViewColumn.ts
index 7ae92b2d44..cefaa10132 100644
--- a/packages/nocodb/src/models/GalleryViewColumn.ts
+++ b/packages/nocodb/src/models/GalleryViewColumn.ts
@@ -122,20 +122,12 @@ export default class GalleryViewColumn {
     return views?.map((v) => new GalleryViewColumn(v));
   }
 
-  // todo: update prop names
   static async update(
     columnId: string,
     body: Partial<GalleryViewColumn>,
     ncMeta = Noco.ncMeta,
   ) {
-    const updateObj = extractProps(body, [
-      'order',
-      'show',
-      'width',
-      'group_by',
-      'group_by_order',
-      'group_by_sort',
-    ]);
+    const updateObj = extractProps(body, ['order', 'show']);
     // get existing cache
     const key = `${CacheScope.GALLERY_VIEW_COLUMN}:${columnId}`;
     let o = await NocoCache.get(key, CacheGetType.TYPE_OBJECT);
diff --git a/packages/nocodb/src/models/KanbanViewColumn.ts b/packages/nocodb/src/models/KanbanViewColumn.ts
index b5af69dddd..c739a74462 100644
--- a/packages/nocodb/src/models/KanbanViewColumn.ts
+++ b/packages/nocodb/src/models/KanbanViewColumn.ts
@@ -121,11 +121,7 @@ export default class KanbanViewColumn implements KanbanColumnType {
   ) {
     const updateObj = extractProps(body, [
       'order',
-      'show',
-      'width',
-      'group_by',
-      'group_by_order',
-      'group_by_sort',
+      'show'
     ]);
     // get existing cache
     const key = `${CacheScope.KANBAN_VIEW_COLUMN}:${columnId}`;
diff --git a/packages/nocodb/src/services/view-columns.service.ts b/packages/nocodb/src/services/view-columns.service.ts
index 3ff20c2f8e..56649d2b7b 100644
--- a/packages/nocodb/src/services/view-columns.service.ts
+++ b/packages/nocodb/src/services/view-columns.service.ts
@@ -105,7 +105,11 @@ export class ViewColumnsService {
 
     const columns = Array.isArray(param.columns)
       ? param.columns
-      : param.columns[APIContext.VIEW_COLUMNS];
+      : param.columns?.[APIContext.VIEW_COLUMNS];
+
+    if (!columns) {
+      NcError.badRequest('Invalid request - fields not found');
+    }
 
     const view = await View.get(viewId);
 
@@ -113,11 +117,12 @@ export class ViewColumnsService {
 
     let result: any;
     const ncMeta = await Noco.ncMeta.startTransaction();
-    try {
-      if (!view) {
-        NcError.notFound('View not found');
-      }
 
+    if (!view) {
+      NcError.notFound('View not found');
+    }
+
+    try {
       const table = View.extractViewColumnsTableName(view);
 
       // iterate over view columns and update/insert accordingly
@@ -132,6 +137,10 @@ export class ViewColumnsService {
 
         switch (view.type) {
           case ViewTypes.GRID:
+            validatePayload(
+              'swagger.json#/components/schemas/GridColumnReq',
+              column,
+            );
             if (existingCol) {
               updateOrInsertOptions.push(
                 GridViewColumn.update(existingCol.id, column, ncMeta),
@@ -150,6 +159,10 @@ export class ViewColumnsService {
             }
             break;
           case ViewTypes.GALLERY:
+            validatePayload(
+              'swagger.json#/components/schemas/GalleryColumnReq',
+              column,
+            );
             if (existingCol) {
               updateOrInsertOptions.push(
                 GalleryViewColumn.update(existingCol.id, column, ncMeta),
@@ -168,6 +181,10 @@ export class ViewColumnsService {
             }
             break;
           case ViewTypes.KANBAN:
+            validatePayload(
+              'swagger.json#/components/schemas/KanbanColumnReq',
+              column,
+            );
             if (existingCol) {
               updateOrInsertOptions.push(
                 KanbanViewColumn.update(existingCol.id, column, ncMeta),
@@ -186,6 +203,10 @@ export class ViewColumnsService {
             }
             break;
           case ViewTypes.MAP:
+            validatePayload(
+              'swagger.json#/components/schemas/MapColumn',
+              column,
+            );
             if (existingCol) {
               updateOrInsertOptions.push(
                 MapViewColumn.update(existingCol.id, column, ncMeta),
@@ -204,6 +225,10 @@ export class ViewColumnsService {
             }
             break;
           case ViewTypes.FORM:
+            validatePayload(
+              'swagger.json#/components/schemas/FormColumnReq',
+              column,
+            );
             if (existingCol) {
               updateOrInsertOptions.push(
                 FormViewColumn.update(existingCol.id, column, ncMeta),
@@ -222,6 +247,10 @@ export class ViewColumnsService {
             }
             break;
           case ViewTypes.CALENDAR:
+            validatePayload(
+              'swagger.json#/components/schemas/CalendarColumnReq',
+              column,
+            );
             if (existingCol) {
               updateOrInsertOptions.push(
                 CalendarViewColumn.update(existingCol.id, column, ncMeta),