diff --git a/apps/sim/app/api/auth/oauth/microsoft/files/route.ts b/apps/sim/app/api/auth/oauth/microsoft/files/route.ts index a6e6add80f..d38419f399 100644 --- a/apps/sim/app/api/auth/oauth/microsoft/files/route.ts +++ b/apps/sim/app/api/auth/oauth/microsoft/files/route.ts @@ -4,6 +4,7 @@ import { authorizeCredentialUse } from '@/lib/auth/credential-access' import { validatePathSegment } from '@/lib/core/security/input-validation' import { generateRequestId } from '@/lib/core/utils/request' import { getCredential, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils' +import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' export const dynamic = 'force-dynamic' @@ -79,7 +80,7 @@ export async function GET(request: NextRequest) { if (driveId) { const driveIdValidation = validatePathSegment(driveId, { paramName: 'driveId', - customPattern: /^[a-zA-Z0-9!_-]+$/, + customPattern: GRAPH_ID_PATTERN, }) if (!driveIdValidation.isValid) { return NextResponse.json({ error: driveIdValidation.error }, { status: 400 }) diff --git a/apps/sim/app/api/tools/microsoft_excel/drives/route.ts b/apps/sim/app/api/tools/microsoft_excel/drives/route.ts index d9c9aa845b..d0dc8ef7c9 100644 --- a/apps/sim/app/api/tools/microsoft_excel/drives/route.ts +++ b/apps/sim/app/api/tools/microsoft_excel/drives/route.ts @@ -4,6 +4,7 @@ import { authorizeCredentialUse } from '@/lib/auth/credential-access' import { validatePathSegment, validateSharePointSiteId } from '@/lib/core/security/input-validation' import { generateRequestId } from '@/lib/core/utils/request' import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils' +import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' export const dynamic = 'force-dynamic' @@ -69,7 +70,7 @@ export async function POST(request: NextRequest) { if (driveId) { const driveIdValidation = validatePathSegment(driveId, { paramName: 'driveId', - customPattern: /^[a-zA-Z0-9!_-]+$/, + customPattern: GRAPH_ID_PATTERN, }) if (!driveIdValidation.isValid) { return NextResponse.json({ error: driveIdValidation.error }, { status: 400 }) diff --git a/apps/sim/tools/microsoft_excel/utils.ts b/apps/sim/tools/microsoft_excel/utils.ts index ebb99034fc..80f27e93c4 100644 --- a/apps/sim/tools/microsoft_excel/utils.ts +++ b/apps/sim/tools/microsoft_excel/utils.ts @@ -4,14 +4,14 @@ import type { ExcelCellValue } from '@/tools/microsoft_excel/types' const logger = createLogger('MicrosoftExcelUtils') +/** Pattern for Microsoft Graph item/drive IDs: alphanumeric, hyphens, underscores, and ! (for SharePoint b! format) */ +export const GRAPH_ID_PATTERN = /^[a-zA-Z0-9!_-]+$/ + /** * Returns the Graph API base path for an Excel item. * When driveId is provided, uses /drives/{driveId}/items/{itemId} (SharePoint/shared drives). * When driveId is omitted, uses /me/drive/items/{itemId} (personal OneDrive). */ -/** Pattern for Microsoft Graph item/drive IDs: alphanumeric, hyphens, underscores, and ! (for SharePoint b! format) */ -const GRAPH_ID_PATTERN = /^[a-zA-Z0-9!_-]+$/ - export function getItemBasePath(spreadsheetId: string, driveId?: string): string { const spreadsheetValidation = validatePathSegment(spreadsheetId, { paramName: 'spreadsheetId',