fix: restrict id routes

2025-06-05 02:29:19 -06:00
parent db91734106
commit 85c51e7355
4 changed files with 11 additions and 11 deletions
--- a/api/routes/asistencias/asistencias.js
+++ b/api/routes/asistencias/asistencias.js
@@ -15,7 +15,7 @@ router.get('/', async (req, res) => {
 });

 // GET asistencia by ID
-router.get('/:id', async (req, res) => {
+router.get('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  try {
    const asistencia = await prisma.asistencia.findUnique({
@@ -79,7 +79,7 @@ router.post('/', async (req, res) => {
 });

 // PUT actualizar asistencia
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  const {
    empleado_id,
@@ -131,7 +131,7 @@ router.put('/:id', async (req, res) => {
 });

 // DELETE asistencia
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  try {
    await prisma.asistencia.delete({
--- a/api/routes/empleados/empleados.js
+++ b/api/routes/empleados/empleados.js
@@ -19,7 +19,7 @@ router.get('/', async (_req, res) => {
 })

 // ───── GET empleado por ID ─────
-router.get('/:id', async (req, res) => {
+router.get('/:id(\\d+)', async (req, res) => {
  const id = BigInt(req.params.id)
  try {
    const empleado = await prisma.cliente.findFirst({ where: { id, empleado: true } })
@@ -70,7 +70,7 @@ router.post('/', async (req, res) => {
 })

 // ───── PUT actualizar empleado ─────
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
  const id = BigInt(req.params.id)
  const {
    name,
@@ -115,7 +115,7 @@ router.put('/:id', async (req, res) => {
 })

 // ───── DELETE eliminar empleado ─────
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
  const id = BigInt(req.params.id)
  try {
    const existe = await prisma.cliente.findFirst({ where: { id, empleado: true } })
--- a/api/routes/planillas/planillas.js
+++ b/api/routes/planillas/planillas.js
@@ -151,7 +151,7 @@ router.post('/', async (req, res) => {
 });

 // PUT update planilla by ID
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  const {
    empleado_id,
@@ -195,7 +195,7 @@ router.put('/:id', async (req, res) => {
 });

 // DELETE planilla by ID
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  try {
    log('delete planilla', id);
--- a/api/routes/tareas/tareas.js
+++ b/api/routes/tareas/tareas.js
@@ -15,7 +15,7 @@ router.get('/', async (req, res) => {
 });

 // GET tarea by ID
-router.get('/:id', async (req, res) => {
+router.get('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  try {
    const tarea = await prisma.tareaRealizada.findUnique({
@@ -89,7 +89,7 @@ router.post('/', async (req, res) => {
 });

 // PUT update tarea by ID
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  const {
    empleado_id,
@@ -143,7 +143,7 @@ router.put('/:id', async (req, res) => {
 });

 // DELETE tarea by ID
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
  const { id } = req.params;
  try {
    await prisma.tareaRealizada.delete({