fix: unsafe cast (#17590)

2025-05-24 01:12:58 -04:00 · 2025-04-15 18:35:00 +02:00 · 2025-04-15 18:35:00 +02:00 · 270d178a2e
commit 270d178a2e
parent 309528c807
2 changed files with 15 additions and 2 deletions
--- a/server/src/services/asset-media.service.spec.ts
+++ b/server/src/services/asset-media.service.spec.ts
@ -663,7 +663,7 @@ describe(AssetMediaService.name, () => {
  });

  describe('replaceAsset', () => {
-    it('should error when update photo does not exist', async () => {
+    it('should fail the auth check when update photo does not exist', async () => {
      await expect(sut.replaceAsset(authStub.user1, 'id', replaceDto, fileStub.photo)).rejects.toThrow(
        'Not found or no asset.update access',
      );
@ -671,6 +671,15 @@ describe(AssetMediaService.name, () => {
      expect(mocks.asset.create).not.toHaveBeenCalled();
    });

+    it('should fail if asset cannot be fetched', async () => {
+      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([existingAsset.id]));
+      await expect(sut.replaceAsset(authStub.user1, existingAsset.id, replaceDto, fileStub.photo)).rejects.toThrow(
+        'Asset not found',
+      );
+
+      expect(mocks.asset.create).not.toHaveBeenCalled();
+    });
+
    it('should update a photo with no sidecar to photo with no sidecar', async () => {
      const updatedFile = fileStub.photo;
      const updatedAsset = { ...existingAsset, ...updatedFile };
--- a/server/src/services/asset-media.service.ts
+++ b/server/src/services/asset-media.service.ts
@ -165,7 +165,11 @@ export class AssetMediaService extends BaseService {
  ): Promise<AssetMediaResponseDto> {
    try {
      await this.requireAccess({ auth, permission: Permission.ASSET_UPDATE, ids: [id] });
-      const asset = (await this.assetRepository.getById(id)) as AssetEntity;
+      const asset = await this.assetRepository.getById(id);
+
+      if (!asset) {
+        throw new Error('Asset not found');
+      }

      this.requireQuota(auth, file.size);