Add additional validation to prevent wildcards in resource object IDs

proto/authzed/api/v0/02_handwritten_validation.go

@@ -0,0 +1,47 @@
+// The contents of this file are hand-written to add HandwrittenValidation to select message types
+
+package v0
+
+func (m *CheckRequest) HandwrittenValidation() error {
+	if m.GetTestUserset() != nil && m.GetTestUserset().GetObjectId() == "*" {
+		return ObjectAndRelationValidationError{
+			field:  "ObjectId",
+			reason: "alphanumeric value is required",
+		}
+	}
+
+	return nil
+}
+
+func (m *ContentChangeCheckRequest) HandwrittenValidation() error {
+	if m.GetTestUserset() != nil && m.GetTestUserset().GetObjectId() == "*" {
+		return ObjectAndRelationValidationError{
+			field:  "ObjectId",
+			reason: "alphanumeric value is required",
+		}
+	}
+
+	return nil
+}
+
+func (m *ExpandRequest) HandwrittenValidation() error {
+	if m.GetUserset() != nil && m.GetUserset().GetObjectId() == "*" {
+		return ObjectAndRelationValidationError{
+			field:  "ObjectId",
+			reason: "alphanumeric value is required",
+		}
+	}
+
+	return nil
+}
+
+func (m *LookupRequest) HandwrittenValidation() error {
+	if m.GetUser() != nil && m.GetUser().GetObjectId() == "*" {
+		return ObjectAndRelationValidationError{
+			field:  "ObjectId",
+			reason: "alphanumeric value is required",
+		}
+	}
+
+	return nil
+}

proto/authzed/api/v1/00_handwritten_validation.go

@@ -0,0 +1,102 @@
+// The contents of this file are hand-written to add HandwrittenValidation to select message types
+
+package v1
+
+func (m *CheckPermissionRequest) HandwrittenValidation() error {
+	if m.GetResource() != nil && m.GetResource().GetObjectId() == "*" {
+		return ObjectReferenceValidationError{
+			field:  "ObjectId",
+			reason: "alphanumeric value is required",
+		}
+	}
+
+	return nil
+}
+
+func (m *ExpandPermissionTreeRequest) HandwrittenValidation() error {
+	if m.GetResource() != nil && m.GetResource().GetObjectId() == "*" {
+		return ObjectReferenceValidationError{
+			field:  "ObjectId",
+			reason: "alphanumeric value is required",
+		}
+	}
+
+	return nil
+}
+
+func (m *Precondition) HandwrittenValidation() error {
+	if m.GetFilter() != nil {
+		return m.GetFilter().HandwrittenValidation()
+	}
+
+	return nil
+}
+
+func (m *RelationshipFilter) HandwrittenValidation() error {
+	if m.GetOptionalResourceId() == "*" {
+		return RelationshipFilterValidationError{
+			field:  "OptionalResourceId",
+			reason: "alphanumeric value is required",
+		}
+	}
+	return nil
+}
+
+func (m *RelationshipUpdate) HandwrittenValidation() error {
+	if m.GetRelationship() != nil {
+		return m.GetRelationship().HandwrittenValidation()
+	}
+	return nil
+}
+
+func (m *Relationship) HandwrittenValidation() error {
+	if m.GetResource() != nil && m.GetResource().GetObjectId() == "*" {
+		return ObjectReferenceValidationError{
+			field:  "ObjectId",
+			reason: "alphanumeric value is required",
+		}
+	}
+
+	return nil
+}
+
+func (m *DeleteRelationshipsRequest) HandwrittenValidation() error {
+	if m.GetOptionalPreconditions() != nil {
+		for _, precondition := range m.GetOptionalPreconditions() {
+			err := precondition.HandwrittenValidation()
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	if m.GetRelationshipFilter() != nil {
+		return m.GetRelationshipFilter().HandwrittenValidation()
+	}
+
+	return nil
+}
+
+func (m *WriteRelationshipsRequest) HandwrittenValidation() error {
+	if m.GetOptionalPreconditions() != nil {
+		for _, precondition := range m.GetOptionalPreconditions() {
+			err := precondition.HandwrittenValidation()
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	if m.GetUpdates() != nil {
+		for _, update := range m.GetUpdates() {
+			if update.GetRelationship() != nil {
+				err := update.GetRelationship().HandwrittenValidation()
+				if err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	return nil
+}