Add validation

packages/server/src/api/routes/rowAction.ts

@@ -2,10 +2,19 @@ import Router from "@koa/router"
 import * as rowActionController from "../controllers/rowAction"
 import { authorizedResource } from "../../middleware/authorized"
 
-import { permissions } from "@budibase/backend-core"
+import { middleware, permissions } from "@budibase/backend-core"
+import Joi from "joi"
 
 const { PermissionLevel, PermissionType } = permissions
 
+export function rowActionValidator() {
+  return middleware.joiValidator.body(
+    Joi.object({
+      name: Joi.string().required(),
+    })
+  )
+}
+
 const router: Router = new Router()
 
 // CRUD endpoints
@@ -18,11 +27,13 @@ router
   .post(
     "/api/tables/:tableId/actions",
     authorizedResource(PermissionType.TABLE, PermissionLevel.READ, "tableId"),
+    rowActionValidator(),
     rowActionController.create
   )
   .put(
     "/api/tables/:tableId/actions/:actionId",
     authorizedResource(PermissionType.TABLE, PermissionLevel.READ, "tableId"),
+    rowActionValidator(),
     rowActionController.update
   )
   .delete(

packages/server/src/api/routes/tests/rowAction.spec.ts

@@ -71,6 +71,19 @@ describe("/rowsActions", () => {
 
       expect(res).toEqual({})
     })
+
+    it("rejects with bad request when creating with no name", async () => {
+      const rowAction: CreateRowActionRequest = {
+        name: undefined as any,
+      }
+
+      await config.api.rowAction.save(table._id!, rowAction, {
+        status: 400,
+        body: {
+          message: 'Invalid body - "name" is required',
+        },
+      })
+    })
   })
 
   describe("find", () => {