add validation for id's

api/src/core/dto/find.one.dto.ts

@@ -0,0 +1,6 @@
+import { IsMongoId } from 'class-validator';
+
+export class FindOneDto {
+  @IsMongoId()
+  id: string;
+}

api/src/form/controllers/form.controller.ts

@@ -3,6 +3,7 @@ import { AuthGuard } from '@nestjs/passport';
 import { ApiBearerAuth, ApiImplicitQuery, ApiResponse, ApiUseTags } from "@nestjs/swagger"
 import { FormService } from "../services/form.service"
 import { FormDto } from "../dto/form.dto"
+import { FindOneDto } from "../../core/dto/find.one.dto"
 
 @ApiUseTags('forms')
 @ApiBearerAuth()
@@ -28,19 +29,19 @@ export class FormController {
   @ApiImplicitQuery({name: 'id', type: String})
   @Get(':id')
   @UseGuards(AuthGuard('jwt'))
-  async read(@Param('id') id): Promise<FormDto> {
-    return new FormDto(await this.formService.findById(id));
+  async read(@Param() params: FindOneDto): Promise<FormDto> {
+    return new FormDto(await this.formService.findById(params.id));
   }
 
   @Put(':id')
   @UseGuards(AuthGuard('jwt'))
-  async update(@Param('id') id, @Request() req): Promise<FormDto> {
+  async update(@Param() params: FindOneDto, @Request() req): Promise<FormDto> {
     throw new NotImplementedException()
   }
 
   @Delete(':id')
   @UseGuards(AuthGuard('jwt'))
-  async delete(@Param('id') id): Promise<void> {
+  async delete(@Param() params: FindOneDto): Promise<void> {
     throw new NotImplementedException()
   }
 }

api/src/form/controllers/public.controller.ts

@@ -3,6 +3,7 @@ import { ApiImplicitQuery, ApiResponse, ApiUseTags } from "@nestjs/swagger"
 import { FormService } from "../services/form.service"
 import { Form } from "../models/form.model"
 import { PublicFormDto } from "../dto/public.form.dto"
+import { FindOneDto } from "../../core/dto/find.one.dto"
 
 @ApiUseTags('forms')
 @Controller('public')
@@ -12,8 +13,8 @@ export class PublicController {
   @ApiResponse({ status: 200, description: 'Form Object', type: PublicFormDto})
   @ApiImplicitQuery({name: 'id', type: String})
   @Get(':id')
-  async read(@Param('id') id): Promise<PublicFormDto> {
-    const form:Form = await this.formService.findById(id)
+  async read(@Param() params: FindOneDto): Promise<PublicFormDto> {
+    const form:Form = await this.formService.findById(params.id)
 
     if (!form.isLive) {
       throw new NotFoundException();

api/src/user/controllers/user.controller.ts

@@ -3,7 +3,7 @@ import { AuthGuard } from '@nestjs/passport';
 import { ApiBearerAuth, ApiImplicitQuery, ApiResponse, ApiUseTags } from "@nestjs/swagger"
 import { UserService } from "../services/user.service"
 import { UserDto } from "../dto/user.dto"
-import {FormDto} from "../../form/dto/form.dto"
+import { FindOneDto } from "../../core/dto/find.one.dto"
 
 @ApiUseTags('users')
 @ApiBearerAuth()
@@ -30,15 +30,15 @@ export class UserController {
   @ApiImplicitQuery({name: 'id', type: String})
   @Get(':id')
   @UseGuards(AuthGuard('jwt'))
-  async read(@Param('id') id): Promise<UserDto> {
-    return new UserDto(await this.userService.findById(id));
+  async read(@Param() params: FindOneDto): Promise<UserDto> {
+    return new UserDto(await this.userService.findById(params.id));
   }
 
   @ApiResponse({ status: 200, description: 'User Object', type: UserDto})
   @ApiImplicitQuery({name: 'id', type: String})
   @Put(':id')
   @UseGuards(AuthGuard('jwt'))
-  async update(@Param('id') id, @Request() req): Promise<UserDto> {
+  async update(@Param() params: FindOneDto, @Request() req): Promise<UserDto> {
     throw new NotImplementedException()
   }
 
@@ -47,7 +47,7 @@ export class UserController {
   @ApiImplicitQuery({name: 'id', type: String})
   @Delete(':id')
   @UseGuards(AuthGuard('jwt'))
-  async delete(@Param('id') id): Promise<void> {
+  async delete(@Param() params: FindOneDto): Promise<void> {
     throw new NotImplementedException()
   }
 }