From 71382ccfac5e2848c340fc5bc607da6a11c7dc17 Mon Sep 17 00:00:00 2001 From: Waleed Latif Date: Tue, 14 Apr 2026 21:28:30 -0700 Subject: [PATCH 1/2] refactor(microsoft-excel): export GRAPH_ID_PATTERN and reuse across routes Export the shared regex pattern from utils.ts and import it in files/route.ts and drives/route.ts instead of duplicating the inline pattern. Also reorders the TSDoc comment to sit above getItemBasePath where it belongs. Co-Authored-By: Claude Opus 4.6 --- apps/sim/app/api/auth/oauth/microsoft/files/route.ts | 3 ++- apps/sim/app/api/tools/microsoft_excel/drives/route.ts | 3 ++- apps/sim/tools/microsoft_excel/utils.ts | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/apps/sim/app/api/auth/oauth/microsoft/files/route.ts b/apps/sim/app/api/auth/oauth/microsoft/files/route.ts index a6e6add80f..4566d887a5 100644 --- a/apps/sim/app/api/auth/oauth/microsoft/files/route.ts +++ b/apps/sim/app/api/auth/oauth/microsoft/files/route.ts @@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server' import { authorizeCredentialUse } from '@/lib/auth/credential-access' import { validatePathSegment } from '@/lib/core/security/input-validation' import { generateRequestId } from '@/lib/core/utils/request' +import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' import { getCredential, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils' export const dynamic = 'force-dynamic' @@ -79,7 +80,7 @@ export async function GET(request: NextRequest) { if (driveId) { const driveIdValidation = validatePathSegment(driveId, { paramName: 'driveId', - customPattern: /^[a-zA-Z0-9!_-]+$/, + customPattern: GRAPH_ID_PATTERN, }) if (!driveIdValidation.isValid) { return NextResponse.json({ error: driveIdValidation.error }, { status: 400 }) diff --git a/apps/sim/app/api/tools/microsoft_excel/drives/route.ts b/apps/sim/app/api/tools/microsoft_excel/drives/route.ts index d9c9aa845b..bec3aec399 100644 --- a/apps/sim/app/api/tools/microsoft_excel/drives/route.ts +++ b/apps/sim/app/api/tools/microsoft_excel/drives/route.ts @@ -3,6 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server' import { authorizeCredentialUse } from '@/lib/auth/credential-access' import { validatePathSegment, validateSharePointSiteId } from '@/lib/core/security/input-validation' import { generateRequestId } from '@/lib/core/utils/request' +import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils' export const dynamic = 'force-dynamic' @@ -69,7 +70,7 @@ export async function POST(request: NextRequest) { if (driveId) { const driveIdValidation = validatePathSegment(driveId, { paramName: 'driveId', - customPattern: /^[a-zA-Z0-9!_-]+$/, + customPattern: GRAPH_ID_PATTERN, }) if (!driveIdValidation.isValid) { return NextResponse.json({ error: driveIdValidation.error }, { status: 400 }) diff --git a/apps/sim/tools/microsoft_excel/utils.ts b/apps/sim/tools/microsoft_excel/utils.ts index ebb99034fc..80f27e93c4 100644 --- a/apps/sim/tools/microsoft_excel/utils.ts +++ b/apps/sim/tools/microsoft_excel/utils.ts @@ -4,14 +4,14 @@ import type { ExcelCellValue } from '@/tools/microsoft_excel/types' const logger = createLogger('MicrosoftExcelUtils') +/** Pattern for Microsoft Graph item/drive IDs: alphanumeric, hyphens, underscores, and ! (for SharePoint b! format) */ +export const GRAPH_ID_PATTERN = /^[a-zA-Z0-9!_-]+$/ + /** * Returns the Graph API base path for an Excel item. * When driveId is provided, uses /drives/{driveId}/items/{itemId} (SharePoint/shared drives). * When driveId is omitted, uses /me/drive/items/{itemId} (personal OneDrive). */ -/** Pattern for Microsoft Graph item/drive IDs: alphanumeric, hyphens, underscores, and ! (for SharePoint b! format) */ -const GRAPH_ID_PATTERN = /^[a-zA-Z0-9!_-]+$/ - export function getItemBasePath(spreadsheetId: string, driveId?: string): string { const spreadsheetValidation = validatePathSegment(spreadsheetId, { paramName: 'spreadsheetId', From 3c7ee29d2d5dbc36470475f3393d068a45e763ab Mon Sep 17 00:00:00 2001 From: Waleed Latif Date: Tue, 14 Apr 2026 21:30:09 -0700 Subject: [PATCH 2/2] lint --- apps/sim/app/api/auth/oauth/microsoft/files/route.ts | 2 +- apps/sim/app/api/tools/microsoft_excel/drives/route.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/sim/app/api/auth/oauth/microsoft/files/route.ts b/apps/sim/app/api/auth/oauth/microsoft/files/route.ts index 4566d887a5..d38419f399 100644 --- a/apps/sim/app/api/auth/oauth/microsoft/files/route.ts +++ b/apps/sim/app/api/auth/oauth/microsoft/files/route.ts @@ -3,8 +3,8 @@ import { type NextRequest, NextResponse } from 'next/server' import { authorizeCredentialUse } from '@/lib/auth/credential-access' import { validatePathSegment } from '@/lib/core/security/input-validation' import { generateRequestId } from '@/lib/core/utils/request' -import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' import { getCredential, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils' +import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' export const dynamic = 'force-dynamic' diff --git a/apps/sim/app/api/tools/microsoft_excel/drives/route.ts b/apps/sim/app/api/tools/microsoft_excel/drives/route.ts index bec3aec399..d0dc8ef7c9 100644 --- a/apps/sim/app/api/tools/microsoft_excel/drives/route.ts +++ b/apps/sim/app/api/tools/microsoft_excel/drives/route.ts @@ -3,8 +3,8 @@ import { type NextRequest, NextResponse } from 'next/server' import { authorizeCredentialUse } from '@/lib/auth/credential-access' import { validatePathSegment, validateSharePointSiteId } from '@/lib/core/security/input-validation' import { generateRequestId } from '@/lib/core/utils/request' -import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils' +import { GRAPH_ID_PATTERN } from '@/tools/microsoft_excel/utils' export const dynamic = 'force-dynamic'