From 109f628921584833f1a071233d65a91965e8d3ff Mon Sep 17 00:00:00 2001
From: Faruk AYDIN <omerfaruk26@gmail.com>
Date: Mon, 20 Jan 2025 14:53:48 +0100
Subject: [PATCH] chore: Add step validation to import step API endpoint

---
 .../controllers/api/v1/flows/import-flow.js   | 10 ++++---
 .../api/v1/flows/import-flow.test.js          | 27 +++++++++++++++++++
 packages/backend/src/helpers/import-flow.js   | 17 ++++++++++--
 3 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/packages/backend/src/controllers/api/v1/flows/import-flow.js b/packages/backend/src/controllers/api/v1/flows/import-flow.js
index fa34a731..c64d0f9e 100644
--- a/packages/backend/src/controllers/api/v1/flows/import-flow.js
+++ b/packages/backend/src/controllers/api/v1/flows/import-flow.js
@@ -1,11 +1,15 @@
 import { renderObject } from '../../../../helpers/renderer.js';
 import importFlow from '../../../../helpers/import-flow.js';
 
-export default async (request, response) => {
-  const flow = await importFlow(request.currentUser, flowParams(request));
+export default async function importFlowController(request, response) {
+  const flow = await importFlow(
+    request.currentUser,
+    flowParams(request),
+    response
+  );
 
   return renderObject(response, flow, { status: 201 });
-};
+}
 
 const flowParams = (request) => {
   return {
diff --git a/packages/backend/src/controllers/api/v1/flows/import-flow.test.js b/packages/backend/src/controllers/api/v1/flows/import-flow.test.js
index b3835a99..2915c485 100644
--- a/packages/backend/src/controllers/api/v1/flows/import-flow.test.js
+++ b/packages/backend/src/controllers/api/v1/flows/import-flow.test.js
@@ -325,4 +325,31 @@ describe('POST /api/v1/flows/import', () => {
       `{{step.${newTriggerStepId}.query.sample}}`
     );
   });
+
+  it('should throw an error in case there is no trigger step', async () => {
+    const currentUserFlow = await createFlow({ userId: currentUser.id });
+
+    await createPermission({
+      action: 'create',
+      subject: 'Flow',
+      roleId: currentUserRole.id,
+      conditions: ['isCreator'],
+    });
+
+    const importFlowData = {
+      id: currentUserFlow.id,
+      name: currentUserFlow.name,
+      steps: [],
+    };
+
+    const response = await request(app)
+      .post('/api/v1/flows/import')
+      .set('Authorization', token)
+      .send(importFlowData)
+      .expect(422);
+
+    expect(response.body.errors.steps).toStrictEqual([
+      'The first step must be a trigger!',
+    ]);
+  });
 });
diff --git a/packages/backend/src/helpers/import-flow.js b/packages/backend/src/helpers/import-flow.js
index e84940c6..fe60957b 100644
--- a/packages/backend/src/helpers/import-flow.js
+++ b/packages/backend/src/helpers/import-flow.js
@@ -1,10 +1,23 @@
 import Crypto from 'crypto';
 import Step from '../models/step.js';
+import { renderObjectionError } from './renderer.js';
 
-const importFlow = async (user, flowData) => {
-  const newFlowId = Crypto.randomUUID();
+const importFlow = async (user, flowData, response) => {
   const steps = flowData.steps || [];
 
+  // Validation: the first step must be a trigger
+  if (!steps.length || steps[0].type !== 'trigger') {
+    return renderObjectionError(response, {
+      statusCode: 422,
+      type: 'ValidationError',
+      data: {
+        steps: [{ message: 'The first step must be a trigger!' }],
+      },
+    });
+  }
+
+  const newFlowId = Crypto.randomUUID();
+
   const newFlow = await user.$relatedQuery('flows').insertAndFetch({
     id: newFlowId,
     name: flowData.name,