diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml index d73ded5a..4997ea79 100644 --- a/.github/workflows/backend.yml +++ b/.github/workflows/backend.yml @@ -8,6 +8,9 @@ on: branches: - main +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/docker-compose.yml b/.github/workflows/docker-compose.yml index b6966080..816fa3d7 100644 --- a/.github/workflows/docker-compose.yml +++ b/.github/workflows/docker-compose.yml @@ -8,6 +8,9 @@ on: branches: - main +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index c2c41f23..85e14d21 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,5 +1,9 @@ name: Docker Deploy GHCR +permissions: + contents: read + packages: write + on: push: branches: diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml index 3cc20b57..00ab67a6 100644 --- a/.github/workflows/frontend.yml +++ b/.github/workflows/frontend.yml @@ -1,5 +1,8 @@ name: Frontend +permissions: + contents: read + on: push: branches: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c6c6a317..fef8d7b1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,5 +1,8 @@ name: Lint +permissions: + contents: read + on: push: branches: diff --git a/backend/src/controllers/survey.controller.ts b/backend/src/controllers/survey.controller.ts index da6b8fe5..23a17469 100644 --- a/backend/src/controllers/survey.controller.ts +++ b/backend/src/controllers/survey.controller.ts @@ -9,11 +9,21 @@ class SurveyController { async updateSurveyGitHub(req: Request, res: Response): Promise { let survey: SurveyType; try { - const _survey = await surveyService.updateSurvey({ - ...req.body, + const sanitizedBody = { + id: req.body.id, + userId: req.body.userId, + org: req.body.org, + repo: req.body.repo, + prNumber: req.body.prNumber, + usedCopilot: req.body.usedCopilot, + percentTimeSaved: req.body.percentTimeSaved, + reason: req.body.reason, + timeUsedFor: req.body.timeUsedFor, + kudos: req.body.kudos, hits: 0, status: 'completed' - }); + }; + const _survey = await surveyService.updateSurvey(sanitizedBody); if (!_survey) throw new Error('Survey not found'); survey = _survey; res.status(201).json(survey); diff --git a/backend/src/services/survey.service.ts b/backend/src/services/survey.service.ts index 6ad11278..de08fed9 100644 --- a/backend/src/services/survey.service.ts +++ b/backend/src/services/survey.service.ts @@ -33,7 +33,7 @@ class SurveyService { throw new Error('Invalid survey data provided'); } const Survey = mongoose.model('Survey'); - const result = await Survey.updateOne({ id: survey.id }, { $set: survey }); + const result = await Survey.updateOne({ id: { $eq: survey.id } }, { $set: survey }); // Check if the update modified any document. if (result.modifiedCount === 0) {