fix(certificates): improve validation and prevent crash (#2910)

packages/api/src/router/certificates/certificate-router.ts

@@ -1,3 +1,5 @@
+import { X509Certificate } from "node:crypto";
+import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { zfd } from "zod-form-data";
 
@@ -16,6 +18,17 @@ export const certificateRouter = createTRPCRouter({
     )
     .mutation(async ({ input }) => {
       const content = await input.file.text();
+
+      // Validate the certificate
+      try {
+        new X509Certificate(content);
+      } catch {
+        throw new TRPCError({
+          code: "BAD_REQUEST",
+          message: "Invalid certificate",
+        });
+      }
+
       await addCustomRootCertificateAsync(input.file.name, content);
     }),
   removeCertificate: permissionRequiredProcedure