Merge pull request #9848 from weseek/fix/codeql-type-confusion

fix: CodeQL problems

apps/app/src/features/openai/server/services/openai.ts

@@ -223,7 +223,7 @@ class OpenaiService implements IOpenaiService {
 
 
   async getVectorStoreRelationByAiAssistantId(aiAssistantId: string): Promise<VectorStoreDocument> {
-    const aiAssistant = await AiAssistantModel.findById({ _id: aiAssistantId }).populate('vectorStore');
+    const aiAssistant = await AiAssistantModel.findOne({ _id: { $eq: aiAssistantId } }).populate('vectorStore');
     if (aiAssistant == null) {
       throw createError(404, 'AiAssistant document does not exist');
     }
@@ -724,7 +724,7 @@ class OpenaiService implements IOpenaiService {
   }
 
   async isAiAssistantUsable(aiAssistantId: string, user: IUserHasId): Promise<boolean> {
-    const aiAssistant = await AiAssistantModel.findById(aiAssistantId);
+    const aiAssistant = await AiAssistantModel.findOne({ _id: { $eq: aiAssistantId } });
 
     if (aiAssistant == null) {
       throw createError(404, 'AiAssistant document does not exist');

apps/app/src/server/routes/apiv3/users.js

@@ -134,15 +134,15 @@ module.exports = (crowi) => {
   };
 
   validator.statusList = [
-    query('selectedStatusList').if(value => value != null).custom((value, { req }) => {
-
-      const { user } = req;
-
-      if (user != null && user.admin) {
-        return value;
-      }
-      throw new Error('the param \'selectedStatusList\' is not allowed to use by the users except administrators');
-    }),
+    query('selectedStatusList').if(value => value != null).isArray().withMessage('selectedStatusList must be an array')
+      .custom((value, { req }) => {
+        const { user } = req;
+        if (user != null && user.admin) {
+          return value;
+        }
+        throw new Error('the param \'selectedStatusList\' is not allowed to use by the users except administrators');
+      }),
+    query('forceIncludeAttributes').if(value => value != null).isArray().withMessage('forceIncludeAttributes must be an array'),
     // validate sortOrder : asc or desc
     query('sortOrder').isIn(['asc', 'desc']),
     // validate sort : what column you will sort
@@ -290,18 +290,13 @@ module.exports = (crowi) => {
 
     const page = parseInt(req.query.page) || 1;
 
-    // forceIncludeAttributes is expected to be an array by express-validator
-    if (req.query.forceIncludeAttributes != null && !Array.isArray(req.query.forceIncludeAttributes)) {
-      return res.apiv3Err(new ErrorV3('forceIncludeAttributes is not an array'), 400);
-    }
-    // selectedStatusList is expected to be an array by express-validator
-    if (req.query.selectedStatusList != null && !Array.isArray(req.query.selectedStatusList)) {
-      return res.apiv3Err(new ErrorV3('selectedStatusList is not an array'), 400);
-    }
-
     // status
-    const forceIncludeAttributes = req.query.forceIncludeAttributes ?? [];
-    const selectedStatusList = req.query.selectedStatusList ?? ['active'];
+    const forceIncludeAttributes = Array.isArray(req.query.forceIncludeAttributes)
+      ? req.query.forceIncludeAttributes
+      : [];
+    const selectedStatusList = Array.isArray(req.query.selectedStatusList)
+      ? req.query.selectedStatusList
+      : ['active'];
 
     const statusNoList = (selectedStatusList.includes('all')) ? Object.values(statusNo) : selectedStatusList.map(element => statusNo[element]);