fix: numero string in changes requested #31
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR fixes an issue where address numbers stored as strings were causing 400 errors during validation in mes-adresses. The fix ensures all numbers are properly converted to numeric types.
- Enables class-transformer's automatic type transformation globally by adding
transform: trueto ValidationPipe - Adds explicit number validation and transformation to the
NumeroChangesRequestedDTO - Includes a database migration to convert existing string numbers to integers in pending signalements
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/main.ts | Enables global transformation in ValidationPipe for production |
| src/tests/*.spec.ts | Updates test configurations to match production ValidationPipe settings |
| src/modules/signalement/dto/changes-requested.dto.ts | Adds number validation and transformation decorators to numero field |
| src/migrations/1753283848477-fix-numero-string-in-changes-requested.ts | Migration to convert existing string numbers to integers in database |
| src/migrations/index.ts | Registers the new migration |
| ); | ||
|
|
||
| return queryRunner.query( | ||
| `UPDATE "signalements" SET "changes_requested" = jsonb_set("changes_requested", '{numero}', '${parseInt(numero, 10)}') WHERE id = '${id}'`, |
There was a problem hiding this comment.
This query is vulnerable to SQL injection. The id variable is interpolated directly into the SQL string without parameterization. Use parameterized queries instead: queryRunner.query('UPDATE "signalements" SET "changes_requested" = jsonb_set("changes_requested", '{numero}', $1) WHERE id = $2', [parseInt(numero, 10), id])
| `UPDATE "signalements" SET "changes_requested" = jsonb_set("changes_requested", '{numero}', '${parseInt(numero, 10)}') WHERE id = '${id}'`, | |
| `UPDATE "signalements" SET "changes_requested" = jsonb_set("changes_requested", '{numero}', $1) WHERE id = $2`, | |
| [parseInt(numero, 10), id], |
Copilot uses AI. Check for mistakes.
| signalements.map(({ id, changesRequested }) => { | ||
| const { numero } = changesRequested as any; |
There was a problem hiding this comment.
Using as any bypasses type safety. Consider defining a proper interface for changesRequested or add proper type checking before destructuring.
| signalements.map(({ id, changesRequested }) => { | |
| const { numero } = changesRequested as any; | |
| signalements.map(({ id, changesRequested }: { id: string; changesRequested: ChangesRequested }) => { | |
| const { numero } = changesRequested; |
Copilot uses AI. Check for mistakes.
| } | ||
| }), |
There was a problem hiding this comment.
The map function returns undefined for signalements that don't need updating, which will be passed to Promise.all. Filter out undefined values or use a different approach: signalements.filter(({changesRequested}) => {...}).map(...) or handle the undefined case explicitly.
| } | |
| }), | |
| }), |
Copilot uses AI. Check for mistakes.
Parfois quand un numéro d'adresse est stocké sous forme de string, on récupère des erreurs 400 sur mes-adresses à la validation du signalement.
Cette PR s'assure que tous les numéros sont des numbers