Anbieter: Kontakt + Kündigung als Stammdaten
Sieben neue optionale Felder am Provider (contactEmail, contactPhone, contactFax, contactAddress, cancellationEmail, cancellationFax, cancellationAddress). Postadressen TEXT, Rest VARCHAR(191). Migration mit IF NOT EXISTS. Modal "Anbieter bearbeiten" bekommt neue Sektion "Kontakt & Kündigung" mit zwei Untergruppen. Backend validiert Emails gegen isValidEmail (Header-Injection-Schutz), Telefon/Fax gegen sanitizePhoneField (kein CRLF), Postadressen via sanitizeNotes mit 500-Cap. Factory-Defaults Export/Import mitgezogen. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -46,6 +46,13 @@ export interface ProviderExport {
|
||||
portalUrl: string | null;
|
||||
usernameFieldName: string | null;
|
||||
passwordFieldName: string | null;
|
||||
contactEmail: string | null;
|
||||
contactPhone: string | null;
|
||||
contactFax: string | null;
|
||||
contactAddress: string | null;
|
||||
cancellationEmail: string | null;
|
||||
cancellationFax: string | null;
|
||||
cancellationAddress: string | null;
|
||||
isActive: boolean;
|
||||
tariffs: { name: string; isActive: boolean }[];
|
||||
}
|
||||
@@ -90,6 +97,13 @@ export async function collectFactoryDefaults() {
|
||||
portalUrl: p.portalUrl,
|
||||
usernameFieldName: p.usernameFieldName,
|
||||
passwordFieldName: p.passwordFieldName,
|
||||
contactEmail: p.contactEmail,
|
||||
contactPhone: p.contactPhone,
|
||||
contactFax: p.contactFax,
|
||||
contactAddress: p.contactAddress,
|
||||
cancellationEmail: p.cancellationEmail,
|
||||
cancellationFax: p.cancellationFax,
|
||||
cancellationAddress: p.cancellationAddress,
|
||||
isActive: p.isActive,
|
||||
tariffs: p.tariffs.map((t) => ({ name: t.name, isActive: t.isActive })),
|
||||
})),
|
||||
@@ -284,6 +298,13 @@ export async function importFactoryDefaults(
|
||||
portalUrl: p.portalUrl ?? null,
|
||||
usernameFieldName: p.usernameFieldName ?? null,
|
||||
passwordFieldName: p.passwordFieldName ?? null,
|
||||
contactEmail: p.contactEmail ?? null,
|
||||
contactPhone: p.contactPhone ?? null,
|
||||
contactFax: p.contactFax ?? null,
|
||||
contactAddress: p.contactAddress ?? null,
|
||||
cancellationEmail: p.cancellationEmail ?? null,
|
||||
cancellationFax: p.cancellationFax ?? null,
|
||||
cancellationAddress: p.cancellationAddress ?? null,
|
||||
isActive: p.isActive ?? true,
|
||||
},
|
||||
create: {
|
||||
@@ -291,6 +312,13 @@ export async function importFactoryDefaults(
|
||||
portalUrl: p.portalUrl ?? null,
|
||||
usernameFieldName: p.usernameFieldName ?? null,
|
||||
passwordFieldName: p.passwordFieldName ?? null,
|
||||
contactEmail: p.contactEmail ?? null,
|
||||
contactPhone: p.contactPhone ?? null,
|
||||
contactFax: p.contactFax ?? null,
|
||||
contactAddress: p.contactAddress ?? null,
|
||||
cancellationEmail: p.cancellationEmail ?? null,
|
||||
cancellationFax: p.cancellationFax ?? null,
|
||||
cancellationAddress: p.cancellationAddress ?? null,
|
||||
isActive: p.isActive ?? true,
|
||||
},
|
||||
});
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import prisma from '../lib/prisma.js';
|
||||
import { stripHtml } from '../utils/sanitize.js';
|
||||
import { stripHtml, isValidEmail, sanitizePhoneField, sanitizeNotes } from '../utils/sanitize.js';
|
||||
import { validateHttpUrl } from '../utils/url.js';
|
||||
|
||||
// Pentest 46.1 (HIGH, 2026-06-01): Stored XSS via provider.portalUrl.
|
||||
@@ -51,48 +51,83 @@ export async function getProviderById(id: number) {
|
||||
// Aktuell escapt React das Textnode, also kein direkter XSS – aber neue
|
||||
// Renderpfade (PDF, Mail-Templates, Embedded-Strings in URLs) wären
|
||||
// sofort betroffen. Defense-in-depth: schon beim Schreiben strippen.
|
||||
function stripProviderStrings<T extends { name?: string; usernameFieldName?: string; passwordFieldName?: string }>(data: T): T {
|
||||
//
|
||||
// 2026-06-21: contactEmail/cancellationEmail laufen zusätzlich durch
|
||||
// isValidEmail (Header-Injection-Schutz für künftige Mail-Templates),
|
||||
// contactPhone/contactFax/cancellationFax durch sanitizePhoneField
|
||||
// (kein CRLF/Control-Char), Postadressen durch sanitizeNotes mit
|
||||
// 500-Cap (mehrzeilig, normalisierte Newlines).
|
||||
function stripProviderStrings<T extends object>(data: T): T {
|
||||
const out: any = { ...data };
|
||||
if (typeof out.name === 'string') out.name = stripHtml(out.name);
|
||||
if (typeof out.usernameFieldName === 'string') out.usernameFieldName = stripHtml(out.usernameFieldName);
|
||||
if (typeof out.passwordFieldName === 'string') out.passwordFieldName = stripHtml(out.passwordFieldName);
|
||||
for (const k of ['name', 'usernameFieldName', 'passwordFieldName'] as const) {
|
||||
if (typeof out[k] === 'string') out[k] = stripHtml(out[k]);
|
||||
}
|
||||
for (const k of ['contactEmail', 'cancellationEmail'] as const) {
|
||||
if (out[k] === '' || out[k] === null) { out[k] = null; continue; }
|
||||
if (out[k] === undefined) continue;
|
||||
const stripped = typeof out[k] === 'string' ? stripHtml(out[k]) : out[k];
|
||||
const value = typeof stripped === 'string' ? stripped.trim() : stripped;
|
||||
if (value === '' ) { out[k] = null; continue; }
|
||||
if (!isValidEmail(value)) {
|
||||
throw new Error(`${k === 'contactEmail' ? 'Kontakt-Emailadresse' : 'Kündigungs-Emailadresse'} ist ungültig.`);
|
||||
}
|
||||
out[k] = value;
|
||||
}
|
||||
const phoneLabels: Record<string, string> = {
|
||||
contactPhone: 'Kontakt-Telefonnummer',
|
||||
contactFax: 'Kontakt-Faxnummer',
|
||||
cancellationFax: 'Kündigungs-Faxnummer',
|
||||
};
|
||||
for (const k of ['contactPhone', 'contactFax', 'cancellationFax'] as const) {
|
||||
if (out[k] === undefined) continue;
|
||||
if (out[k] === '' || out[k] === null) { out[k] = null; continue; }
|
||||
const v = sanitizePhoneField(out[k], phoneLabels[k]);
|
||||
out[k] = v === undefined ? null : v;
|
||||
}
|
||||
for (const k of ['contactAddress', 'cancellationAddress'] as const) {
|
||||
if (out[k] === undefined) continue;
|
||||
if (out[k] === '' || out[k] === null) { out[k] = null; continue; }
|
||||
out[k] = sanitizeNotes(out[k], 500);
|
||||
}
|
||||
return out;
|
||||
}
|
||||
|
||||
export async function createProvider(data: {
|
||||
name: string;
|
||||
interface ProviderWritable {
|
||||
name?: string;
|
||||
portalUrl?: string;
|
||||
usernameFieldName?: string;
|
||||
passwordFieldName?: string;
|
||||
}) {
|
||||
contactEmail?: string | null;
|
||||
contactPhone?: string | null;
|
||||
contactFax?: string | null;
|
||||
contactAddress?: string | null;
|
||||
cancellationEmail?: string | null;
|
||||
cancellationFax?: string | null;
|
||||
cancellationAddress?: string | null;
|
||||
isActive?: boolean;
|
||||
}
|
||||
|
||||
export async function createProvider(data: ProviderWritable & { name: string }) {
|
||||
const clean = stripProviderStrings(data);
|
||||
const portalUrl = assertValidPortalUrl(clean.portalUrl);
|
||||
return prisma.provider.create({
|
||||
data: {
|
||||
...clean,
|
||||
name: clean.name,
|
||||
portalUrl,
|
||||
isActive: true,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
export async function updateProvider(
|
||||
id: number,
|
||||
data: {
|
||||
name?: string;
|
||||
portalUrl?: string;
|
||||
usernameFieldName?: string;
|
||||
passwordFieldName?: string;
|
||||
isActive?: boolean;
|
||||
}
|
||||
) {
|
||||
export async function updateProvider(id: number, data: ProviderWritable) {
|
||||
// portalUrl nur validieren wenn explizit mitgesendet (undefined = unverändert).
|
||||
// Leerstring = "auf null setzen" - hier setzen wir explizit auf null,
|
||||
// damit Prisma nicht den alten Wert hält.
|
||||
const updateData: typeof data = stripProviderStrings(data);
|
||||
const updateData: any = stripProviderStrings(data);
|
||||
if (data.portalUrl !== undefined) {
|
||||
const validated = assertValidPortalUrl(data.portalUrl);
|
||||
(updateData as { portalUrl: string | null }).portalUrl = validated ?? null;
|
||||
updateData.portalUrl = validated ?? null;
|
||||
}
|
||||
return prisma.provider.update({
|
||||
where: { id },
|
||||
|
||||
Reference in New Issue
Block a user