gib/GibSend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: enforce team scoping for campaign, contacts, and invites (#356)

Browse Source 
* fix: enforce team-scoped lookups for campaign contacts and invites

* fix(test): mock domain service in campaign security test
This commit is contained in:
KM Koushik
2026-02-23 11:30:05 +11:00
committed by GitHub
parent f7a0d11758
commit 61dfcee67d
8 changed files with 319 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/web/src/server/public-api/api/contacts/get-contact.ts
+3 -2
View File
@@ -52,13 +52,14 @@ function getContact(app: PublicAPIApp) {
app.openapi(route, async (c) => {
const team = c.var.team;
await getContactBook(c, team.id);
const contactBook = await getContactBook(c, team.id);
const contactId = c.req.param("contactId");
const contact = await db.contact.findUnique({
const contact = await db.contact.findFirst({
where: {
id: contactId,
contactBookId: contactBook.id,
},
});