3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-05 09:51:38 +02:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize uuid on the rest of code

Browse source
This commit is contained in:
Andrey Antukh 2025-04-11 13:05:22 +02:00
parent 422a9db07b
commit fa3fc12594
18 changed files with 70 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/src/app/common/uuid.cljc
View file

@ -40,6 +40,14 @@
(throw #?(:clj (IllegalArgumentException. message) (throw #?(:clj (IllegalArgumentException. message)
:cljs (js/Error. message)))))) :cljs (js/Error. message))))))
(defn parse*
"Exception safe version of `parse`."
[s]
(try
(parse s)
(catch #?(:clj Exception :cljs :default) _cause
nil)))
(defn next (defn next
[] []
#?(:clj (UUIDv8/create) #?(:clj (UUIDv8/create)

6
frontend/src/app/libs/file_builder.cljs
View file

@ -239,15 +239,15 @@
(str (:last-id file))) (str (:last-id file)))
(lookupShape [_ shape-id] (lookupShape [_ shape-id]
(clj->js (fb/lookup-shape file (uuid/uuid shape-id)))) (clj->js (fb/lookup-shape file (uuid/parse shape-id))))
(updateObject [_ id new-obj] (updateObject [_ id new-obj]
(let [old-obj (fb/lookup-shape file (uuid/uuid id)) (let [old-obj (fb/lookup-shape file (uuid/parse id))
new-obj (d/deep-merge old-obj (parse-data new-obj))] new-obj (d/deep-merge old-obj (parse-data new-obj))]
(set! file (fb/update-object file old-obj new-obj)))) (set! file (fb/update-object file old-obj new-obj))))
(deleteObject [_ id] (deleteObject [_ id]
(set! file (fb/delete-object file (uuid/uuid id)))) (set! file (fb/delete-object file (uuid/parse id))))
(getId [_] (getId [_]
(:id file)) (:id file))

2
frontend/src/app/libs/render.cljs
View file

@ -15,7 +15,7 @@
[file ^string page-id] [file ^string page-id]
;; Better to expose the api as a promise to be consumed from JS ;; Better to expose the api as a promise to be consumed from JS
(let [page-id (uuid/uuid page-id) (let [page-id (uuid/parse page-id)
file-data (.-file file) file-data (.-file file)
data (get-in file-data [:data :pages-index page-id])] data (get-in file-data [:data :pages-index page-id])]
(p/create (p/create

2
frontend/src/app/main/data/comments.cljs
View file

@ -69,7 +69,7 @@
"Retrieves the mentions in the content as an array of uuids" "Retrieves the mentions in the content as an array of uuids"
[content] [content]
(->> (re-seq r-mentions content) (->> (re-seq r-mentions content)
(mapv (fn [[_ _ id]] (uuid/uuid id))))) (mapv (fn [[_ _ id]] (uuid/parse id)))))
(defn update-mentions (defn update-mentions
"Updates the params object with the mentiosn" "Updates the params object with the mentiosn"

4
frontend/src/app/main/data/viewer.cljs
View file

@ -248,7 +248,7 @@
(defn fetch-comments (defn fetch-comments
[{:keys [thread-id]}] [{:keys [thread-id]}]
(dm/assert! (uuid thread-id)) (assert (uuid? thread-id))
(letfn [(fetched [comments state] (letfn [(fetched [comments state]
(update state :comments assoc thread-id (d/index-by :id comments)))] (update state :comments assoc thread-id (d/index-by :id comments)))]
(ptk/reify ::retrieve-comments (ptk/reify ::retrieve-comments
@ -413,7 +413,7 @@
(watch [_ state _] (watch [_ state _]
(let [params (rt/get-params state) (let [params (rt/get-params state)
index (some-> params :index parse-long) index (some-> params :index parse-long)
page-id (some-> params :page-id parse-uuid) page-id (some-> params :page-id uuid/parse)
total (count (get-in state [:viewer :pages page-id :frames]))] total (count (get-in state [:viewer :pages page-id :frames]))]

11
frontend/src/app/main/data/workspace.cljs
View file

@ -369,7 +369,7 @@
(rx/take 1) (rx/take 1)
(rx/map dwc/set-workspace-visited)) (rx/map dwc/set-workspace-visited))
(when-let [component-id (some-> rparams :component-id parse-uuid)] (when-let [component-id (some-> rparams :component-id uuid/parse)]
(->> stream (->> stream
(rx/filter (ptk/type? ::workspace-initialized)) (rx/filter (ptk/type? ::workspace-initialized))
(rx/observe-on :async) (rx/observe-on :async)
@ -382,7 +382,7 @@
(rx/take 1) (rx/take 1)
(rx/map zoom-to-frame))) (rx/map zoom-to-frame)))
(when-let [comment-id (some-> rparams :comment-id parse-uuid)] (when-let [comment-id (some-> rparams :comment-id uuid/parse)]
(->> stream (->> stream
(rx/filter (ptk/type? ::workspace-initialized)) (rx/filter (ptk/type? ::workspace-initialized))
(rx/observe-on :async) (rx/observe-on :async)
@ -2445,13 +2445,6 @@
(js/console.log "Copies no ref" (count copies-no-ref) (clj->js copies-no-ref)) (js/console.log "Copies no ref" (count copies-no-ref) (clj->js copies-no-ref))
(js/console.log "Childs no ref" (count childs-no-ref) (clj->js childs-no-ref)))))) (js/console.log "Childs no ref" (count childs-no-ref) (clj->js childs-no-ref))))))
(defn set-shape-ref
[id shape-ref]
(ptk/reify ::set-shape-ref
ptk/WatchEvent
(watch [_ _ _]
(rx/of (update-shape (uuid/uuid id) {:shape-ref (uuid/uuid shape-ref)})))))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Exports ;; Exports
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

29
frontend/src/app/main/ui.cljs
View file

@ -7,6 +7,7 @@
(ns app.main.ui (ns app.main.ui
(:require (:require
[app.common.data :as d] [app.common.data :as d]
[app.common.uuid :as uuid]
[app.config :as cf] [app.config :as cf]
[app.main.data.common :as dcm] [app.main.data.common :as dcm]
[app.main.data.team :as dtm] [app.main.data.team :as dtm]
@ -212,8 +213,8 @@
:dashboard-webhooks :dashboard-webhooks
:dashboard-settings) :dashboard-settings)
(let [params (get params :query) (let [params (get params :query)
team-id (some-> params :team-id uuid) team-id (some-> params :team-id uuid/parse*)
project-id (some-> params :project-id uuid) project-id (some-> params :project-id uuid/parse*)
search-term (some-> params :search-term) search-term (some-> params :search-term)
plugin-url (some-> params :plugin) plugin-url (some-> params :plugin)
template-url (some-> params :template)] template-url (some-> params :template)]
@ -247,9 +248,9 @@
:workspace :workspace
(let [params (get params :query) (let [params (get params :query)
team-id (some-> params :team-id uuid) team-id (some-> params :team-id uuid/parse*)
file-id (some-> params :file-id uuid) file-id (some-> params :file-id uuid/parse*)
page-id (some-> params :page-id uuid) page-id (some-> params :page-id uuid/parse*)
layout (some-> params :layout keyword)] layout (some-> params :layout keyword)]
[:? {} [:? {}
(when (cf/external-feature-flag "onboarding-03" "test") (when (cf/external-feature-flag "onboarding-03" "test")
@ -276,15 +277,15 @@
:viewer :viewer
(let [params (get params :query) (let [params (get params :query)
index (some-> (:index params) parse-long) index (some-> (:index params) parse-long)
share-id (some-> (:share-id params) parse-uuid) share-id (some-> (:share-id params) uuid/parse*)
section (or (some-> (:section params) keyword) section (or (some-> (:section params) keyword)
:interactions) :interactions)
file-id (some-> (:file-id params) parse-uuid) file-id (some-> (:file-id params) uuid/parse*)
page-id (some-> (:page-id params) parse-uuid) page-id (some-> (:page-id params) uuid/parse*)
imode (or (some-> (:interactions-mode params) keyword) imode (or (some-> (:interactions-mode params) keyword)
:show-on-click) :show-on-click)
frame-id (some-> (:frame-id params) parse-uuid) frame-id (some-> (:frame-id params) uuid/parse*)
share (:share params)] share (:share params)]
[:? {} [:? {}
@ -300,9 +301,9 @@
:workspace-legacy :workspace-legacy
(let [project-id (some-> params :path :project-id uuid) (let [project-id (some-> params :path :project-id uuid/parse*)
file-id (some-> params :path :file-id uuid) file-id (some-> params :path :file-id uuid/parse*)
page-id (some-> params :query :page-id uuid) page-id (some-> params :query :page-id uuid/parse*)
layout (some-> params :query :layout keyword)] layout (some-> params :query :layout keyword)]
[:> workspace-legacy-redirect* [:> workspace-legacy-redirect*
@ -321,8 +322,8 @@
:dashboard-legacy-team-invitations :dashboard-legacy-team-invitations
:dashboard-legacy-team-webhooks :dashboard-legacy-team-webhooks
:dashboard-legacy-team-settings) :dashboard-legacy-team-settings)
(let [team-id (some-> params :path :team-id uuid) (let [team-id (some-> params :path :team-id uuid/parse*)
project-id (some-> params :path :project-id uuid) project-id (some-> params :path :project-id uuid/parse*)
search-term (some-> params :query :search-term) search-term (some-> params :query :search-term)
plugin-url (some-> params :query :plugin) plugin-url (some-> params :query :plugin)
template-url (some-> params :template)] template-url (some-> params :template)]

2
frontend/src/app/main/ui/comments.cljs
View file

@ -487,7 +487,7 @@
(dom/stop-propagation event) (dom/stop-propagation event)
(let [id (-> (dom/get-current-target event) (let [id (-> (dom/get-current-target event)
(dom/get-data "user-id") (dom/get-data "user-id")
(uuid/uuid)) (uuid/parse))
user (d/seek #(= (:id %) id) members)] user (d/seek #(= (:id %) id) members)]

11
frontend/src/app/main/ui/dashboard/fonts.cljs
View file

@ -9,6 +9,7 @@
(:require (:require
[app.common.data.macros :as dm] [app.common.data.macros :as dm]
[app.common.media :as cm] [app.common.media :as cm]
[app.common.uuid :as uuid]
[app.config :as cf] [app.config :as cf]
[app.main.data.fonts :as df] [app.main.data.fonts :as df]
[app.main.data.modal :as modal] [app.main.data.modal :as modal]
@ -121,7 +122,7 @@
(fn [event] (fn [event]
(let [id (-> (dom/get-current-target event) (let [id (-> (dom/get-current-target event)
(dom/get-data "id") (dom/get-data "id")
(parse-uuid)) (uuid/parse))
item (get fonts id)] item (get fonts id)]
(on-upload* item)))) (on-upload* item))))
@ -132,7 +133,7 @@
(let [target (dom/get-current-target event) (let [target (dom/get-current-target event)
id (-> target id (-> target
(dom/get-data "id") (dom/get-data "id")
(parse-uuid)) (uuid/parse))
name (dom/get-value target)] name (dom/get-value target)]
(when-not (str/blank? name) (when-not (str/blank? name)
(swap! fonts* df/rename-and-regroup id name installed-fonts))))) (swap! fonts* df/rename-and-regroup id name installed-fonts)))))
@ -143,7 +144,7 @@
(let [target (dom/get-current-target event) (let [target (dom/get-current-target event)
id (-> target id (-> target
(dom/get-data "id") (dom/get-data "id")
(parse-uuid)) (uuid/parse))
name (dom/get-value target)] name (dom/get-value target)]
(swap! fonts* update id assoc :font-family-tmp name)))) (swap! fonts* update id assoc :font-family-tmp name))))
@ -153,7 +154,7 @@
(fn [event] (fn [event]
(let [id (-> (dom/get-current-target event) (let [id (-> (dom/get-current-target event)
(dom/get-data "id") (dom/get-data "id")
(parse-uuid))] (uuid/parse))]
(swap! fonts* dissoc id)))) (swap! fonts* dissoc id))))
on-upload-all on-upload-all
@ -344,7 +345,7 @@
(fn [event] (fn [event]
(let [id (-> (dom/get-current-target event) (let [id (-> (dom/get-current-target event)
(dom/get-data "id") (dom/get-data "id")
(parse-uuid)) (uuid/parse))
options {:type :confirm options {:type :confirm
:title (tr "modals.delete-font-variant.title") :title (tr "modals.delete-font-variant.title")
:message (tr "modals.delete-font-variant.message") :message (tr "modals.delete-font-variant.message")

2
frontend/src/app/main/ui/dashboard/sidebar.cljs
View file

@ -283,7 +283,7 @@
(fn [event] (fn [event]
(let [team-id (-> (dom/get-current-target event) (let [team-id (-> (dom/get-current-target event)
(dom/get-data "value") (dom/get-data "value")
(uuid/uuid))] (uuid/parse))]
(st/emit! (dcm/go-to-dashboard-recent :team-id team-id))))) (st/emit! (dcm/go-to-dashboard-recent :team-id team-id)))))
handle-select-default handle-select-default

3
frontend/src/app/main/ui/viewer/share_link.cljs
View file

@ -10,6 +10,7 @@
[app.common.data :as d] [app.common.data :as d]
[app.common.data.macros :as dm] [app.common.data.macros :as dm]
[app.common.logging :as log] [app.common.logging :as log]
[app.common.uuid :as uuid]
[app.config :as cf] [app.config :as cf]
[app.main.data.common :as dc] [app.main.data.common :as dc]
[app.main.data.event :as ev] [app.main.data.event :as ev]
@ -104,7 +105,7 @@
(fn [event] (fn [event]
(let [target (dom/get-target event) (let [target (dom/get-target event)
checked? (dom/checked? target) checked? (dom/checked? target)
page-id (parse-uuid (dom/get-data target "page-id")) page-id (uuid/parse (dom/get-data target "page-id"))
dif-pages? (not= page-id (first (:pages options))) dif-pages? (not= page-id (first (:pages options)))
no-one-page (< 1 (count (:pages options))) no-one-page (< 1 (count (:pages options)))
should-change? (or ^boolean no-one-page should-change? (or ^boolean no-one-page

3
frontend/src/app/main/ui/workspace/colorpicker/libraries.cljs
View file

@ -11,6 +11,7 @@
[app.common.data :as d] [app.common.data :as d]
[app.common.data.macros :as dm] [app.common.data.macros :as dm]
[app.common.types.color :as ctc] [app.common.types.color :as ctc]
[app.common.uuid :as uuid]
[app.main.data.event :as ev] [app.main.data.event :as ev]
[app.main.data.workspace :as dw] [app.main.data.workspace :as dw]
[app.main.data.workspace.colors :as mdc] [app.main.data.workspace.colors :as mdc]
@ -62,7 +63,7 @@
(if (or (= event "recent") (if (or (= event "recent")
(= event "file")) (= event "file"))
(keyword event) (keyword event)
(parse-uuid event))))) (uuid/parse event)))))
valid-color? valid-color?
(mf/use-fn (mf/use-fn

6
frontend/src/app/main/ui/workspace/libraries.cljs
View file

@ -228,7 +228,7 @@
(fn [event] (fn [event]
(let [library-id (some-> (dom/get-current-target event) (let [library-id (some-> (dom/get-current-target event)
(dom/get-data "library-id") (dom/get-data "library-id")
(parse-uuid))] (uuid/parse))]
(reset! selected library-id) (reset! selected library-id)
(st/emit! (dwl/link-file-to-library file-id library-id))))) (st/emit! (dwl/link-file-to-library file-id library-id)))))
@ -238,7 +238,7 @@
(fn [event] (fn [event]
(let [library-id (some-> (dom/get-current-target event) (let [library-id (some-> (dom/get-current-target event)
(dom/get-data "library-id") (dom/get-data "library-id")
(parse-uuid))] (uuid/parse))]
(when (= library-id @selected) (when (= library-id @selected)
(reset! selected :file)) (reset! selected :file))
(st/emit! (dwl/unlink-file-from-library file-id library-id) (st/emit! (dwl/unlink-file-from-library file-id library-id)
@ -451,7 +451,7 @@
(when-not updating? (when-not updating?
(let [library-id (some-> (dom/get-target event) (let [library-id (some-> (dom/get-target event)
(dom/get-data "library-id") (dom/get-data "library-id")
(parse-uuid))] (uuid/parse))]
(st/emit! (st/emit!
(dwl/set-updating-library true) (dwl/set-updating-library true)
(dwl/sync-file file-id library-id))))))] (dwl/sync-file file-id library-id))))))]

3
frontend/src/app/main/ui/workspace/palette.cljs
View file

@ -9,6 +9,7 @@
(:require (:require
[app.common.data :as d] [app.common.data :as d]
[app.common.data.macros :as dm] [app.common.data.macros :as dm]
[app.common.uuid :as uuid]
[app.main.data.event :as ev] [app.main.data.event :as ev]
[app.main.data.workspace :as dw] [app.main.data.workspace :as dw]
[app.main.data.workspace.colors :as mdc] [app.main.data.workspace.colors :as mdc]
@ -87,7 +88,7 @@
value (dom/get-attribute node "data-palette")] value (dom/get-attribute node "data-palette")]
(on-select (if (or (= "file" value) (= "recent" value)) (on-select (if (or (= "file" value) (= "recent" value))
(keyword value) (keyword value)
(parse-uuid value)))))) (uuid/parse value))))))
on-select-text-palette-menu on-select-text-palette-menu
(mf/use-fn (mf/use-fn

4
frontend/src/app/main/ui/workspace/sidebar/options/menus/interactions.cljs
View file

@ -251,14 +251,14 @@
(mf/deps index update-interaction) (mf/deps index update-interaction)
(fn [event] (fn [event]
(let [value event (let [value event
value (when (not= value "") (uuid/uuid value))] value (when (not= value "") (uuid/parse value))]
(update-interaction index #(ctsi/set-destination % value))))) (update-interaction index #(ctsi/set-destination % value)))))
change-position-relative-to change-position-relative-to
(mf/use-fn (mf/use-fn
(mf/deps index update-interaction) (mf/deps index update-interaction)
(fn [event] (fn [event]
(let [value (uuid/uuid event)] (let [value (uuid/parse event)]
(update-interaction index #(ctsi/set-position-relative-to % value))))) (update-interaction index #(ctsi/set-position-relative-to % value)))))
change-preserve-scroll change-preserve-scroll

4
frontend/src/app/main/ui/workspace/sidebar/versions.cljs
View file

@ -153,7 +153,7 @@
(mf/deps on-pin-snapshot) (mf/deps on-pin-snapshot)
(fn [event] (fn [event]
(let [node (dom/get-current-target event) (let [node (dom/get-current-target event)
id (-> (dom/get-data node "id") uuid/uuid)] id (-> (dom/get-data node "id") uuid/parse)]
(when on-pin-snapshot (on-pin-snapshot id))))) (when on-pin-snapshot (on-pin-snapshot id)))))
handle-restore-snapshot handle-restore-snapshot
@ -161,7 +161,7 @@
(mf/deps on-restore-snapshot) (mf/deps on-restore-snapshot)
(fn [event] (fn [event]
(let [node (dom/get-current-target event) (let [node (dom/get-current-target event)
id (-> (dom/get-data node "id") uuid/uuid)] id (-> (dom/get-data node "id") uuid/parse)]
(when on-restore-snapshot (on-restore-snapshot id))))) (when on-restore-snapshot (on-restore-snapshot id)))))

2
frontend/src/app/main/ui/workspace/viewport/actions.cljs
View file

@ -469,7 +469,7 @@
(dom/prevent-default event) (dom/prevent-default event)
(let [point (gpt/point (.-clientX event) (.-clientY event)) (let [point (gpt/point (.-clientX event) (.-clientY event))
viewport-coord (uwvv/point->viewport point) viewport-coord (uwvv/point->viewport point)
asset-id (-> (dnd/get-data event "text/asset-id") uuid/uuid) asset-id (-> (dnd/get-data event "text/asset-id") uuid/parse)
asset-name (dnd/get-data event "text/asset-name") asset-name (dnd/get-data event "text/asset-name")
asset-type (dnd/get-data event "text/asset-type")] asset-type (dnd/get-data event "text/asset-type")]
(cond (cond

23
frontend/src/debug.cljs
View file

@ -179,7 +179,7 @@
[state name] [state name]
(let [objects (dsh/lookup-page-objects state) (let [objects (dsh/lookup-page-objects state)
result (or (d/seek (fn [shape] (= name (:name shape))) (vals objects)) result (or (d/seek (fn [shape] (= name (:name shape))) (vals objects))
(get objects (uuid/uuid name)))] (get objects (uuid/parse name)))]
result)) result))
(defn ^:export dump-object (defn ^:export dump-object
@ -222,12 +222,12 @@
(defn ^:export select-by-object-id (defn ^:export select-by-object-id
[object-id] [object-id]
(let [[_ page-id shape-id _] (str/split object-id #"/")] (let [[_ page-id shape-id _] (str/split object-id #"/")]
(st/emit! (dcm/go-to-workspace :page-id (uuid/uuid page-id))) (st/emit! (dcm/go-to-workspace :page-id (uuid/parse page-id)))
(st/emit! (dws/select-shape (uuid/uuid shape-id))))) (st/emit! (dws/select-shape (uuid/parse shape-id)))))
(defn ^:export select-by-id (defn ^:export select-by-id
[shape-id] [shape-id]
(st/emit! (dws/select-shape (uuid/uuid shape-id)))) (st/emit! (dws/select-shape (uuid/parse shape-id))))
(defn dump-tree' (defn dump-tree'
([state] (dump-tree' state false false false)) ([state] (dump-tree' state false false false))
@ -255,7 +255,7 @@
file (dsh/lookup-file state) file (dsh/lookup-file state)
libraries (get state :files) libraries (get state :files)
shape-id (if (some? shape-id) shape-id (if (some? shape-id)
(uuid/uuid shape-id) (uuid/parse shape-id)
(first (dsh/lookup-selected state)))] (first (dsh/lookup-selected state)))]
(if (some? shape-id) (if (some? shape-id)
(ctf/dump-subtree file page-id shape-id libraries {:show-ids show-ids (ctf/dump-subtree file page-id shape-id libraries {:show-ids show-ids
@ -369,7 +369,7 @@
(let [file (dsh/lookup-file @st/state) (let [file (dsh/lookup-file @st/state)
libraries (get @st/state :files)] libraries (get @st/state :files)]
(try (try
(->> (if-let [shape-id (some-> shape-id parse-uuid)] (->> (if-let [shape-id (some-> shape-id uuid/parse)]
(let [page (dm/get-in file [:data :pages-index (get @st/state :current-page-id)])] (let [page (dm/get-in file [:data :pages-index (get @st/state :current-page-id)])]
(cfv/validate-shape shape-id file page libraries)) (cfv/validate-shape shape-id file page libraries))
(cfv/validate-file file libraries)) (cfv/validate-file file libraries))
@ -426,6 +426,15 @@
[] []
(st/emit! (dw/find-components-norefs))) (st/emit! (dw/find-components-norefs)))
(defn- set-shape-ref*
[id shape-ref]
(ptk/reify ::set-shape-ref
ptk/WatchEvent
(watch [_ _ _]
(let [shape-id (uuid/parse id)
shape-ref (uuid/parse shape-ref)]
(rx/of (dw/update-shape shape-id {:shape-ref shape-ref}))))))
(defn ^:export set-shape-ref (defn ^:export set-shape-ref
[id shape-ref] [id shape-ref]
(st/emit! (dw/set-shape-ref id shape-ref))) (st/emit! (set-shape-ref* id shape-ref)))