Add validations

author: vantezzen <properly@protonmail.com> 2019-08-26 10:31:24 +0200
committer: vantezzen <properly@protonmail.com> 2019-08-26 10:31:24 +0200
commit: ddedc080a28a46b7d9125682a3c990409908b70b (patch)
tree: ddbef921b6954a53984ea195dfbf24afcf367ae2
parent: Add announcement route (diff)
download: ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.gz
ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.zst
ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.zip
7 files changed, 174 insertions, 9 deletions
diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js
index 594c298..11938b6 100644
--- a/app/Controllers/Http/RecipeController.js
+++ b/app/Controllers/Http/RecipeController.js
@@ -3,6 +3,10 @@
 const Recipe = use('App/Models/Recipe');
 const Helpers = use('Helpers')
 const Drive = use('Drive')
+const {
+  validateAll
+} = use('Validator');
 const fetch = require('node-fetch');
 const targz = require('targz');
 const path = require('path');
@@ -49,6 +53,22 @@ class RecipeController {
    request,
    response
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      recipeId: 'required|unique:recipes,recipeId',
+      author: 'required|accepted',
+      png: 'required|url',
+      svg: 'required|url',
+      files: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    if (!data.id) {
@@ -70,7 +90,7 @@ class RecipeController {
    // Compress files to .tar.gz file
    const source = Helpers.tmpPath('recipe');
    const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');
-    console.log('a', source, destination)
+    
    compress(
      source,
      destination
@@ -99,10 +119,21 @@ class RecipeController {
    request,
    response
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      needle: 'required'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Please provide a needle",
+        "status": 401
+      })
+    }
    const needle = request.input('needle')
    // Get results
-    const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text());
+    const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text());
    const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();
    const localResults = localResultsArray.map(recipe => ({
      "id": recipe.recipeId,
@@ -124,6 +155,17 @@ class RecipeController {
    response,
    params
  }) {
+    // Validate user input
+    const validation = await validateAll(params, {
+      recipe: 'required|accepted'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Please provide a recipe ID",
+        "status": 401
+      })
+    }
    const service = params.recipe;
    // Check for invalid characters
diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js
index d1adea3..0d1bae2 100644
--- a/app/Controllers/Http/ServiceController.js
+++ b/app/Controllers/Http/ServiceController.js
@@ -2,6 +2,10 @@
 const User = use('App/Models/User');
 const Service = use('App/Models/Service');
+const {
+  validateAll
+} = use('Validator');
 const uuid = require('uuid/v4');
 class ServiceController {
@@ -17,6 +21,18 @@ class ServiceController {
      return response.send('Missing or invalid api token')
    }
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      recipeId: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    // Get new, unused uuid
@@ -65,7 +81,6 @@ class ServiceController {
    } catch (error) {
      return response.send('Missing or invalid api token')
    }
    
    const services = (await auth.user.services().fetch()).rows;
    // Convert to array with all data Franz wants
diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js
index 5c4d7fb..f81a0d5 100644
--- a/app/Controllers/Http/UserController.js
+++ b/app/Controllers/Http/UserController.js
@@ -1,6 +1,9 @@
 'use strict'
 const User = use('App/Models/User');
+const {
+  validateAll
+} = use('Validator');
 const atob = require('atob');
 class UserController {
@@ -12,8 +15,22 @@ class UserController {
    auth,
    session
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      firstname: 'required',
+      email: 'required|email|unique:users,email',
+      password: 'required'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.only(['firstname', 'email', 'password']);
+    // Create user in DB
    let user;
    try {
      user = await User.create({
@@ -21,13 +38,14 @@ class UserController {
        password: data.password,
        username: data.firstname
      });
-    } catch(e) {
+    } catch (e) {
      return response.status(401).send({
        "message": "E-Mail Address already in use",
        "status": 401
      })
    }
-    
+    // Generate new auth token
    const token = await auth.generate(user)
    return response.send({
@@ -42,8 +60,17 @@ class UserController {
    response,
    auth
  }) {
+    if (!request.header('Authorization')) {
+      return response.status(401).send({
+        "message": "Please provide authorization",
+        "status": 401
+      })
+    }
+    // Get auth data from auth token
    const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':');
+    // Check if user with email exists
    let user = (await User.query().where('email', authHeader[0]).first());
    if (!user || !user.email) {
      return response.status(401).send({
@@ -53,7 +80,7 @@ class UserController {
      });
    }
+    // Try to login
    let token;
    try {
      token = await auth.attempt(user.email, authHeader[1])
diff --git a/app/Controllers/Http/WorkspaceController.js b/app/Controllers/Http/WorkspaceController.js
index 5573382..3d45893 100644
--- a/app/Controllers/Http/WorkspaceController.js
+++ b/app/Controllers/Http/WorkspaceController.js
@@ -1,6 +1,10 @@
 'use strict'
 const Workspace = use('App/Models/Workspace');
+const {
+  validateAll
+} = use('Validator');
 const uuid = require('uuid/v4');
 class WorkspaceController {
@@ -16,6 +20,17 @@ class WorkspaceController {
      return response.send('Missing or invalid api token')
    }
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    // Get new, unused uuid
@@ -56,6 +71,18 @@ class WorkspaceController {
      return response.send('Missing or invalid api token')
    }
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      services: 'required|array'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    const {
      id
@@ -95,7 +122,17 @@ class WorkspaceController {
      return response.send('Missing or invalid api token')
    }
-    const data = request.all();
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      id: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const {
      id
    } = params;
diff --git a/package-lock.json b/package-lock.json
index 3227b7b..9b70b2d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6,6 +6,8 @@
  "dependencies": {
    "@adonisjs/ace": {
      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/@adonisjs/ace/-/ace-5.0.8.tgz",
+      "integrity": "sha512-M4MGrzWzuE++jlPrbDPgo1tdv5j7uH4FsaoGddH+qJ+iXErVZuV6z2gYdmlorDDbvotFpxA+TTtDEXrTLCE08w==",
      "requires": {
        "cli-table": "^0.3.1",
        "commander": "^2.18.0",
@@ -43,6 +45,8 @@
    },
    "@adonisjs/auth": {
      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/@adonisjs/auth/-/auth-3.0.7.tgz",
+      "integrity": "sha512-ui7cSTNmxO+8r3iaA9ZQOtgzXwHshg/XFHH1OR7tUELHUUyInoPaRqLofb+5KpjYZ1U9RrZC6eT+sTUQzzxk+Q==",
      "requires": {
        "@adonisjs/generic-exceptions": "^2.0.1",
        "basic-auth": "^2.0.1",
@@ -76,6 +80,8 @@
    },
    "@adonisjs/bodyparser": {
      "version": "2.0.9",
+      "resolved": "https://registry.npmjs.org/@adonisjs/bodyparser/-/bodyparser-2.0.9.tgz",
+      "integrity": "sha512-1wE53LBPflolar9Jq+VF22I4tIJZklsXAE9pDxr9t1DuqpvB8TA4uSvLM2UjQFtX7iTQ85iWZqZCRt05jbsziQ==",
      "requires": {
        "@adonisjs/generic-exceptions": "^2.0.1",
        "bytes": "^3.0.0",
@@ -107,7 +113,9 @@
      }
    },
    "@adonisjs/cors": {
-      "version": "1.0.7"
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/@adonisjs/cors/-/cors-1.0.7.tgz",
+      "integrity": "sha512-jBO+bI/zdydAXURL02gQxXB57L5+eV2MUYp7zmDrVa12M6mQPMRz5TC2F7a0Kknx9JUr5dsl4+eN0XNfe/8sWQ=="
    },
    "@adonisjs/drive": {
      "version": "1.0.4",
@@ -119,6 +127,8 @@
    },
    "@adonisjs/fold": {
      "version": "4.0.9",
+      "resolved": "https://registry.npmjs.org/@adonisjs/fold/-/fold-4.0.9.tgz",
+      "integrity": "sha512-eH6048Ug32BvYvvvfRThy+IDE8lcRtqExca2TfE/Gw5ZP51rVEYqPd1yy3ioB4R5XI8VUS0hjOt5l7tKUh4Sww==",
      "requires": {
        "@adonisjs/generic-exceptions": "^2.0.1",
        "caller": "^1.0.1",
@@ -146,6 +156,8 @@
    },
    "@adonisjs/framework": {
      "version": "5.0.13",
+      "resolved": "https://registry.npmjs.org/@adonisjs/framework/-/framework-5.0.13.tgz",
+      "integrity": "sha512-qZx+9WF1bnK3sM4UJnKw6Zu52WIPCB1R4LjBBwSFrnG5TYbIAQATyB08YXc7ETMkQ4dIQmPH+tpq4J7+k2Joog==",
      "requires": {
        "@adonisjs/generic-exceptions": "^2.0.1",
        "@adonisjs/middleware-base": "^1.0.0",
@@ -201,6 +213,8 @@
    },
    "@adonisjs/ignitor": {
      "version": "2.0.8",
+      "resolved": "https://registry.npmjs.org/@adonisjs/ignitor/-/ignitor-2.0.8.tgz",
+      "integrity": "sha512-drpuwxIjvBpBBn4Ndt2Sghf0aN3ml1zz3Bxu3g42k29ZEMDKgw9KkmabsEd+MVUqPLzch4cJRFKIReh9TWnY+Q==",
      "requires": {
        "debug": "^4.0.1",
        "pify": "^4.0.0",
@@ -227,6 +241,8 @@
    },
    "@adonisjs/lucid": {
      "version": "6.1.3",
+      "resolved": "https://registry.npmjs.org/@adonisjs/lucid/-/lucid-6.1.3.tgz",
+      "integrity": "sha512-x/Ke8WkkgRmseRPETBOObptnElXMclQXtjJftfDMiVlz9VhJuIaFCLJwcGZ8g6UNRohMUkcfDrElaXOPc6W1fA==",
      "requires": {
        "@adonisjs/generic-exceptions": "^2.0.1",
        "chance": "^1.0.16",
@@ -283,6 +299,16 @@
        }
      }
    },
+    "@adonisjs/validator": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/@adonisjs/validator/-/validator-5.0.6.tgz",
+      "integrity": "sha512-Koql5nOSfRFhNwkvk38tAHLfpxwuOinZIuLhPP0zAfHCltrXCh02MfydfgA13vDc5LITJgWycXFv+FNb7ljCqg==",
+      "requires": {
+        "@adonisjs/generic-exceptions": "^2.0.1",
+        "indicative": "^5.0.8",
+        "lodash": "^4.17.11"
+      }
+    },
    "@slynova/flydrive": {
      "version": "0.3.1",
      "resolved": "https://registry.npmjs.org/@slynova/flydrive/-/flydrive-0.3.1.tgz",
@@ -699,6 +725,11 @@
      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
    },
+    "atob": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
+      "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg=="
+    },
    "aws-sign2": {
      "version": "0.7.0",
      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
@@ -1845,6 +1876,11 @@
      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz",
      "integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok="
    },
+    "indicative": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/indicative/-/indicative-5.0.8.tgz",
+      "integrity": "sha512-Do9YKlrxyvK6RpMs9AdtxmjhweKrA6hJbJejY81iD8aYjjvOU4HYkJcM2IUxC3S7ZRm/L11u67QT4OQ101N5HQ=="
+    },
    "inflation": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/inflation/-/inflation-2.0.0.tgz",
@@ -2653,7 +2689,9 @@
      "integrity": "sha512-pFhMAqdN1avrFwtZs66HxYiVnbnH9wjXB4m8IKs5Z9+r7U5voqxT+EDbVkRfge+V7JnkOgKhN4HfKBn1o5g9Wg=="
    },
    "node-fetch": {
-      "version": "2.6.0"
+      "version": "2.6.0",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz",
+      "integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA=="
    },
    "node-pre-gyp": {
      "version": "0.11.0",
@@ -2958,6 +2996,8 @@
    },
    "pg": {
      "version": "7.12.1",
+      "resolved": "https://registry.npmjs.org/pg/-/pg-7.12.1.tgz",
+      "integrity": "sha512-l1UuyfEvoswYfcUe6k+JaxiN+5vkOgYcVSbSuw3FvdLqDbaoa2RJo1zfJKfPsSYPFVERd4GHvX3s2PjG1asSDA==",
      "requires": {
        "buffer-writer": "2.0.0",
        "packet-reader": "1.0.0",
@@ -4074,6 +4114,8 @@
    },
    "sqlite3": {
      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/sqlite3/-/sqlite3-4.1.0.tgz",
+      "integrity": "sha512-RvqoKxq+8pDHsJo7aXxsFR18i+dU2Wp5o12qAJOV5LNcDt+fgJsc2QKKg3sIRfXrN9ZjzY1T7SNe/DFVqAXjaw==",
      "requires": {
        "nan": "^2.12.1",
        "node-pre-gyp": "^0.11.0",
diff --git a/package.json b/package.json
index 27e92df..6ae22ed 100644
--- a/package.json
+++ b/package.json
@@ -25,6 +25,7 @@
    "@adonisjs/framework": "^5.0.9",
    "@adonisjs/ignitor": "^2.0.8",
    "@adonisjs/lucid": "^6.1.3",
+    "@adonisjs/validator": "^5.0.6",
    "atob": "^2.1.2",
    "fs-extra": "^8.1.0",
    "node-fetch": "^2.6.0",
diff --git a/start/app.js b/start/app.js
index 765d414..0c32499 100644
--- a/start/app.js
+++ b/start/app.js
@@ -17,6 +17,7 @@ const providers = [
  '@adonisjs/cors/providers/CorsProvider',
  '@adonisjs/lucid/providers/LucidProvider',
  '@adonisjs/drive/providers/DriveProvider',
+  '@adonisjs/validator/providers/ValidatorProvider',
 ]
 /*
author	vantezzen <properly@protonmail.com>	2019-08-26 10:31:24 +0200
committer	vantezzen <properly@protonmail.com>	2019-08-26 10:31:24 +0200
commit	ddedc080a28a46b7d9125682a3c990409908b70b (patch)
tree	ddbef921b6954a53984ea195dfbf24afcf367ae2
parent	Add announcement route (diff)
download	ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.gz ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.zst ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.zip

diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js index 594c298..11938b6 100644 --- a/app/Controllers/Http/RecipeController.js +++ b/app/Controllers/Http/RecipeController.js
@@ -3,6 +3,10 @@
3	const Recipe = use('App/Models/Recipe');	3	const Recipe = use('App/Models/Recipe');
4	const Helpers = use('Helpers')	4	const Helpers = use('Helpers')
5	const Drive = use('Drive')	5	const Drive = use('Drive')
		6	const {
		7	validateAll
		8	} = use('Validator');
		9
6	const fetch = require('node-fetch');	10	const fetch = require('node-fetch');
7	const targz = require('targz');	11	const targz = require('targz');
8	const path = require('path');	12	const path = require('path');
@@ -49,6 +53,22 @@ class RecipeController {
49	request,	53	request,
50	response	54	response
51	}) {	55	}) {
		56	// Validate user input
		57	const validation = await validateAll(request.all(), {
		58	name: 'required\|alpha',
		59	recipeId: 'required\|unique:recipes,recipeId',
		60	author: 'required\|accepted',
		61	png: 'required\|url',
		62	svg: 'required\|url',
		63	files: 'required',
		64	});
		65	if (validation.fails()) {
		66	return response.status(401).send({
		67	"message": "Invalid POST arguments",
		68	"status": 401
		69	})
		70	}
		71
52	const data = request.all();	72	const data = request.all();
53		73
54	if (!data.id) {	74	if (!data.id) {
@@ -70,7 +90,7 @@ class RecipeController {
70	// Compress files to .tar.gz file	90	// Compress files to .tar.gz file
71	const source = Helpers.tmpPath('recipe');	91	const source = Helpers.tmpPath('recipe');
72	const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');	92	const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');
73	console.log('a', source, destination)	93
74	compress(	94	compress(
75	source,	95	source,
76	destination	96	destination
@@ -99,10 +119,21 @@ class RecipeController {
99	request,	119	request,
100	response	120	response
101	}) {	121	}) {
		122	// Validate user input
		123	const validation = await validateAll(request.all(), {
		124	needle: 'required'
		125	});
		126	if (validation.fails()) {
		127	return response.status(401).send({
		128	"message": "Please provide a needle",
		129	"status": 401
		130	})
		131	}
		132
102	const needle = request.input('needle')	133	const needle = request.input('needle')
103		134
104	// Get results	135	// Get results
105	const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text());	136	const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text());
106	const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();	137	const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();
107	const localResults = localResultsArray.map(recipe => ({	138	const localResults = localResultsArray.map(recipe => ({
108	"id": recipe.recipeId,	139	"id": recipe.recipeId,
@@ -124,6 +155,17 @@ class RecipeController {
124	response,	155	response,
125	params	156	params
126	}) {	157	}) {
		158	// Validate user input
		159	const validation = await validateAll(params, {
		160	recipe: 'required\|accepted'
		161	});
		162	if (validation.fails()) {
		163	return response.status(401).send({
		164	"message": "Please provide a recipe ID",
		165	"status": 401
		166	})
		167	}
		168
127	const service = params.recipe;	169	const service = params.recipe;
128		170
129	// Check for invalid characters	171	// Check for invalid characters


diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js index d1adea3..0d1bae2 100644 --- a/app/Controllers/Http/ServiceController.js +++ b/app/Controllers/Http/ServiceController.js
@@ -2,6 +2,10 @@
2		2
3	const User = use('App/Models/User');	3	const User = use('App/Models/User');
4	const Service = use('App/Models/Service');	4	const Service = use('App/Models/Service');
		5	const {
		6	validateAll
		7	} = use('Validator');
		8
5	const uuid = require('uuid/v4');	9	const uuid = require('uuid/v4');
6		10
7	class ServiceController {	11	class ServiceController {
@@ -17,6 +21,18 @@ class ServiceController {
17	return response.send('Missing or invalid api token')	21	return response.send('Missing or invalid api token')
18	}	22	}
19		23
		24	// Validate user input
		25	const validation = await validateAll(request.all(), {
		26	name: 'required\|alpha',
		27	recipeId: 'required',
		28	});
		29	if (validation.fails()) {
		30	return response.status(401).send({
		31	"message": "Invalid POST arguments",
		32	"status": 401
		33	})
		34	}
		35
20	const data = request.all();	36	const data = request.all();
21		37
22	// Get new, unused uuid	38	// Get new, unused uuid
@@ -65,7 +81,6 @@ class ServiceController {
65	} catch (error) {	81	} catch (error) {
66	return response.send('Missing or invalid api token')	82	return response.send('Missing or invalid api token')
67	}	83	}
68
69		84
70	const services = (await auth.user.services().fetch()).rows;	85	const services = (await auth.user.services().fetch()).rows;
71	// Convert to array with all data Franz wants	86	// Convert to array with all data Franz wants


diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js index 5c4d7fb..f81a0d5 100644 --- a/app/Controllers/Http/UserController.js +++ b/app/Controllers/Http/UserController.js
@@ -1,6 +1,9 @@
1	'use strict'	1	'use strict'
2		2
3	const User = use('App/Models/User');	3	const User = use('App/Models/User');
		4	const {
		5	validateAll
		6	} = use('Validator');
4	const atob = require('atob');	7	const atob = require('atob');
5		8
6	class UserController {	9	class UserController {
@@ -12,8 +15,22 @@ class UserController {
12	auth,	15	auth,
13	session	16	session
14	}) {	17	}) {
		18	// Validate user input
		19	const validation = await validateAll(request.all(), {
		20	firstname: 'required',
		21	email: 'required\|email\|unique:users,email',
		22	password: 'required'
		23	});
		24	if (validation.fails()) {
		25	return response.status(401).send({
		26	"message": "Invalid POST arguments",
		27	"status": 401
		28	})
		29	}
		30
15	const data = request.only(['firstname', 'email', 'password']);	31	const data = request.only(['firstname', 'email', 'password']);
16		32
		33	// Create user in DB
17	let user;	34	let user;
18	try {	35	try {
19	user = await User.create({	36	user = await User.create({
@@ -21,13 +38,14 @@ class UserController {
21	password: data.password,	38	password: data.password,
22	username: data.firstname	39	username: data.firstname
23	});	40	});
24	} catch(e) {	41	} catch (e) {
25	return response.status(401).send({	42	return response.status(401).send({
26	"message": "E-Mail Address already in use",	43	"message": "E-Mail Address already in use",
27	"status": 401	44	"status": 401
28	})	45	})
29	}	46	}
30		47
		48	// Generate new auth token
31	const token = await auth.generate(user)	49	const token = await auth.generate(user)
32		50
33	return response.send({	51	return response.send({
@@ -42,8 +60,17 @@ class UserController {
42	response,	60	response,
43	auth	61	auth
44	}) {	62	}) {
		63	if (!request.header('Authorization')) {
		64	return response.status(401).send({
		65	"message": "Please provide authorization",
		66	"status": 401
		67	})
		68	}
		69
		70	// Get auth data from auth token
45	const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':');	71	const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':');
46		72
		73	// Check if user with email exists
47	let user = (await User.query().where('email', authHeader[0]).first());	74	let user = (await User.query().where('email', authHeader[0]).first());
48	if (!user \|\| !user.email) {	75	if (!user \|\| !user.email) {
49	return response.status(401).send({	76	return response.status(401).send({
@@ -53,7 +80,7 @@ class UserController {
53	});	80	});
54	}	81	}
55		82
56		83	// Try to login
57	let token;	84	let token;
58	try {	85	try {
59	token = await auth.attempt(user.email, authHeader[1])	86	token = await auth.attempt(user.email, authHeader[1])


diff --git a/app/Controllers/Http/WorkspaceController.js b/app/Controllers/Http/WorkspaceController.js index 5573382..3d45893 100644 --- a/app/Controllers/Http/WorkspaceController.js +++ b/app/Controllers/Http/WorkspaceController.js
@@ -1,6 +1,10 @@
1	'use strict'	1	'use strict'
2		2
3	const Workspace = use('App/Models/Workspace');	3	const Workspace = use('App/Models/Workspace');
		4	const {
		5	validateAll
		6	} = use('Validator');
		7
4	const uuid = require('uuid/v4');	8	const uuid = require('uuid/v4');
5		9
6	class WorkspaceController {	10	class WorkspaceController {
@@ -16,6 +20,17 @@ class WorkspaceController {
16	return response.send('Missing or invalid api token')	20	return response.send('Missing or invalid api token')
17	}	21	}
18		22
		23	// Validate user input
		24	const validation = await validateAll(request.all(), {
		25	name: 'required\|alpha',
		26	});
		27	if (validation.fails()) {
		28	return response.status(401).send({
		29	"message": "Invalid POST arguments",
		30	"status": 401
		31	})
		32	}
		33
19	const data = request.all();	34	const data = request.all();
20		35
21	// Get new, unused uuid	36	// Get new, unused uuid
@@ -56,6 +71,18 @@ class WorkspaceController {
56	return response.send('Missing or invalid api token')	71	return response.send('Missing or invalid api token')
57	}	72	}
58		73
		74	// Validate user input
		75	const validation = await validateAll(request.all(), {
		76	name: 'required\|alpha',
		77	services: 'required\|array'
		78	});
		79	if (validation.fails()) {
		80	return response.status(401).send({
		81	"message": "Invalid POST arguments",
		82	"status": 401
		83	})
		84	}
		85
59	const data = request.all();	86	const data = request.all();
60	const {	87	const {
61	id	88	id
@@ -95,7 +122,17 @@ class WorkspaceController {
95	return response.send('Missing or invalid api token')	122	return response.send('Missing or invalid api token')
96	}	123	}
97		124
98	const data = request.all();	125	// Validate user input
		126	const validation = await validateAll(request.all(), {
		127	id: 'required',
		128	});
		129	if (validation.fails()) {
		130	return response.status(401).send({
		131	"message": "Invalid POST arguments",
		132	"status": 401
		133	})
		134	}
		135
99	const {	136	const {
100	id	137	id
101	} = params;	138	} = params;


diff --git a/package-lock.json b/package-lock.json index 3227b7b..9b70b2d 100644 --- a/package-lock.json +++ b/package-lock.json
@@ -6,6 +6,8 @@
6	"dependencies": {	6	"dependencies": {
7	"@adonisjs/ace": {	7	"@adonisjs/ace": {
8	"version": "5.0.8",	8	"version": "5.0.8",
		9	"resolved": "https://registry.npmjs.org/@adonisjs/ace/-/ace-5.0.8.tgz",
		10	"integrity": "sha512-M4MGrzWzuE++jlPrbDPgo1tdv5j7uH4FsaoGddH+qJ+iXErVZuV6z2gYdmlorDDbvotFpxA+TTtDEXrTLCE08w==",
9	"requires": {	11	"requires": {
10	"cli-table": "^0.3.1",	12	"cli-table": "^0.3.1",
11	"commander": "^2.18.0",	13	"commander": "^2.18.0",
@@ -43,6 +45,8 @@
43	},	45	},
44	"@adonisjs/auth": {	46	"@adonisjs/auth": {
45	"version": "3.0.7",	47	"version": "3.0.7",
		48	"resolved": "https://registry.npmjs.org/@adonisjs/auth/-/auth-3.0.7.tgz",
		49	"integrity": "sha512-ui7cSTNmxO+8r3iaA9ZQOtgzXwHshg/XFHH1OR7tUELHUUyInoPaRqLofb+5KpjYZ1U9RrZC6eT+sTUQzzxk+Q==",
46	"requires": {	50	"requires": {
47	"@adonisjs/generic-exceptions": "^2.0.1",	51	"@adonisjs/generic-exceptions": "^2.0.1",
48	"basic-auth": "^2.0.1",	52	"basic-auth": "^2.0.1",
@@ -76,6 +80,8 @@
76	},	80	},
77	"@adonisjs/bodyparser": {	81	"@adonisjs/bodyparser": {
78	"version": "2.0.9",	82	"version": "2.0.9",
		83	"resolved": "https://registry.npmjs.org/@adonisjs/bodyparser/-/bodyparser-2.0.9.tgz",
		84	"integrity": "sha512-1wE53LBPflolar9Jq+VF22I4tIJZklsXAE9pDxr9t1DuqpvB8TA4uSvLM2UjQFtX7iTQ85iWZqZCRt05jbsziQ==",
79	"requires": {	85	"requires": {
80	"@adonisjs/generic-exceptions": "^2.0.1",	86	"@adonisjs/generic-exceptions": "^2.0.1",
81	"bytes": "^3.0.0",	87	"bytes": "^3.0.0",
@@ -107,7 +113,9 @@
107	}	113	}
108	},	114	},
109	"@adonisjs/cors": {	115	"@adonisjs/cors": {
110	"version": "1.0.7"	116	"version": "1.0.7",
		117	"resolved": "https://registry.npmjs.org/@adonisjs/cors/-/cors-1.0.7.tgz",
		118	"integrity": "sha512-jBO+bI/zdydAXURL02gQxXB57L5+eV2MUYp7zmDrVa12M6mQPMRz5TC2F7a0Kknx9JUr5dsl4+eN0XNfe/8sWQ=="
111	},	119	},
112	"@adonisjs/drive": {	120	"@adonisjs/drive": {
113	"version": "1.0.4",	121	"version": "1.0.4",
@@ -119,6 +127,8 @@
119	},	127	},
120	"@adonisjs/fold": {	128	"@adonisjs/fold": {
121	"version": "4.0.9",	129	"version": "4.0.9",
		130	"resolved": "https://registry.npmjs.org/@adonisjs/fold/-/fold-4.0.9.tgz",
		131	"integrity": "sha512-eH6048Ug32BvYvvvfRThy+IDE8lcRtqExca2TfE/Gw5ZP51rVEYqPd1yy3ioB4R5XI8VUS0hjOt5l7tKUh4Sww==",
122	"requires": {	132	"requires": {
123	"@adonisjs/generic-exceptions": "^2.0.1",	133	"@adonisjs/generic-exceptions": "^2.0.1",
124	"caller": "^1.0.1",	134	"caller": "^1.0.1",
@@ -146,6 +156,8 @@
146	},	156	},
147	"@adonisjs/framework": {	157	"@adonisjs/framework": {
148	"version": "5.0.13",	158	"version": "5.0.13",
		159	"resolved": "https://registry.npmjs.org/@adonisjs/framework/-/framework-5.0.13.tgz",
		160	"integrity": "sha512-qZx+9WF1bnK3sM4UJnKw6Zu52WIPCB1R4LjBBwSFrnG5TYbIAQATyB08YXc7ETMkQ4dIQmPH+tpq4J7+k2Joog==",
149	"requires": {	161	"requires": {
150	"@adonisjs/generic-exceptions": "^2.0.1",	162	"@adonisjs/generic-exceptions": "^2.0.1",
151	"@adonisjs/middleware-base": "^1.0.0",	163	"@adonisjs/middleware-base": "^1.0.0",
@@ -201,6 +213,8 @@
201	},	213	},
202	"@adonisjs/ignitor": {	214	"@adonisjs/ignitor": {
203	"version": "2.0.8",	215	"version": "2.0.8",
		216	"resolved": "https://registry.npmjs.org/@adonisjs/ignitor/-/ignitor-2.0.8.tgz",
		217	"integrity": "sha512-drpuwxIjvBpBBn4Ndt2Sghf0aN3ml1zz3Bxu3g42k29ZEMDKgw9KkmabsEd+MVUqPLzch4cJRFKIReh9TWnY+Q==",
204	"requires": {	218	"requires": {
205	"debug": "^4.0.1",	219	"debug": "^4.0.1",
206	"pify": "^4.0.0",	220	"pify": "^4.0.0",
@@ -227,6 +241,8 @@
227	},	241	},
228	"@adonisjs/lucid": {	242	"@adonisjs/lucid": {
229	"version": "6.1.3",	243	"version": "6.1.3",
		244	"resolved": "https://registry.npmjs.org/@adonisjs/lucid/-/lucid-6.1.3.tgz",
		245	"integrity": "sha512-x/Ke8WkkgRmseRPETBOObptnElXMclQXtjJftfDMiVlz9VhJuIaFCLJwcGZ8g6UNRohMUkcfDrElaXOPc6W1fA==",
230	"requires": {	246	"requires": {
231	"@adonisjs/generic-exceptions": "^2.0.1",	247	"@adonisjs/generic-exceptions": "^2.0.1",
232	"chance": "^1.0.16",	248	"chance": "^1.0.16",
@@ -283,6 +299,16 @@
283	}	299	}
284	}	300	}
285	},	301	},
		302	"@adonisjs/validator": {
		303	"version": "5.0.6",
		304	"resolved": "https://registry.npmjs.org/@adonisjs/validator/-/validator-5.0.6.tgz",
		305	"integrity": "sha512-Koql5nOSfRFhNwkvk38tAHLfpxwuOinZIuLhPP0zAfHCltrXCh02MfydfgA13vDc5LITJgWycXFv+FNb7ljCqg==",
		306	"requires": {
		307	"@adonisjs/generic-exceptions": "^2.0.1",
		308	"indicative": "^5.0.8",
		309	"lodash": "^4.17.11"
		310	}
		311	},
286	"@slynova/flydrive": {	312	"@slynova/flydrive": {
287	"version": "0.3.1",	313	"version": "0.3.1",
288	"resolved": "https://registry.npmjs.org/@slynova/flydrive/-/flydrive-0.3.1.tgz",	314	"resolved": "https://registry.npmjs.org/@slynova/flydrive/-/flydrive-0.3.1.tgz",
@@ -699,6 +725,11 @@
699	"resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",	725	"resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
700	"integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="	726	"integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
701	},	727	},
		728	"atob": {
		729	"version": "2.1.2",
		730	"resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
		731	"integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg=="
		732	},
702	"aws-sign2": {	733	"aws-sign2": {
703	"version": "0.7.0",	734	"version": "0.7.0",
704	"resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",	735	"resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
@@ -1845,6 +1876,11 @@
1845	"resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz",	1876	"resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz",
1846	"integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok="	1877	"integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok="
1847	},	1878	},
		1879	"indicative": {
		1880	"version": "5.0.8",
		1881	"resolved": "https://registry.npmjs.org/indicative/-/indicative-5.0.8.tgz",
		1882	"integrity": "sha512-Do9YKlrxyvK6RpMs9AdtxmjhweKrA6hJbJejY81iD8aYjjvOU4HYkJcM2IUxC3S7ZRm/L11u67QT4OQ101N5HQ=="
		1883	},
1848	"inflation": {	1884	"inflation": {
1849	"version": "2.0.0",	1885	"version": "2.0.0",
1850	"resolved": "https://registry.npmjs.org/inflation/-/inflation-2.0.0.tgz",	1886	"resolved": "https://registry.npmjs.org/inflation/-/inflation-2.0.0.tgz",
@@ -2653,7 +2689,9 @@
2653	"integrity": "sha512-pFhMAqdN1avrFwtZs66HxYiVnbnH9wjXB4m8IKs5Z9+r7U5voqxT+EDbVkRfge+V7JnkOgKhN4HfKBn1o5g9Wg=="	2689	"integrity": "sha512-pFhMAqdN1avrFwtZs66HxYiVnbnH9wjXB4m8IKs5Z9+r7U5voqxT+EDbVkRfge+V7JnkOgKhN4HfKBn1o5g9Wg=="
2654	},	2690	},
2655	"node-fetch": {	2691	"node-fetch": {
2656	"version": "2.6.0"	2692	"version": "2.6.0",
		2693	"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz",
		2694	"integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA=="
2657	},	2695	},
2658	"node-pre-gyp": {	2696	"node-pre-gyp": {
2659	"version": "0.11.0",	2697	"version": "0.11.0",
@@ -2958,6 +2996,8 @@
2958	},	2996	},
2959	"pg": {	2997	"pg": {
2960	"version": "7.12.1",	2998	"version": "7.12.1",
		2999	"resolved": "https://registry.npmjs.org/pg/-/pg-7.12.1.tgz",
		3000	"integrity": "sha512-l1UuyfEvoswYfcUe6k+JaxiN+5vkOgYcVSbSuw3FvdLqDbaoa2RJo1zfJKfPsSYPFVERd4GHvX3s2PjG1asSDA==",
2961	"requires": {	3001	"requires": {
2962	"buffer-writer": "2.0.0",	3002	"buffer-writer": "2.0.0",
2963	"packet-reader": "1.0.0",	3003	"packet-reader": "1.0.0",
@@ -4074,6 +4114,8 @@
4074	},	4114	},
4075	"sqlite3": {	4115	"sqlite3": {
4076	"version": "4.1.0",	4116	"version": "4.1.0",
		4117	"resolved": "https://registry.npmjs.org/sqlite3/-/sqlite3-4.1.0.tgz",
		4118	"integrity": "sha512-RvqoKxq+8pDHsJo7aXxsFR18i+dU2Wp5o12qAJOV5LNcDt+fgJsc2QKKg3sIRfXrN9ZjzY1T7SNe/DFVqAXjaw==",
4077	"requires": {	4119	"requires": {
4078	"nan": "^2.12.1",	4120	"nan": "^2.12.1",
4079	"node-pre-gyp": "^0.11.0",	4121	"node-pre-gyp": "^0.11.0",


diff --git a/package.json b/package.json index 27e92df..6ae22ed 100644 --- a/package.json +++ b/package.json
@@ -25,6 +25,7 @@
25	"@adonisjs/framework": "^5.0.9",	25	"@adonisjs/framework": "^5.0.9",
26	"@adonisjs/ignitor": "^2.0.8",	26	"@adonisjs/ignitor": "^2.0.8",
27	"@adonisjs/lucid": "^6.1.3",	27	"@adonisjs/lucid": "^6.1.3",
		28	"@adonisjs/validator": "^5.0.6",
28	"atob": "^2.1.2",	29	"atob": "^2.1.2",
29	"fs-extra": "^8.1.0",	30	"fs-extra": "^8.1.0",
30	"node-fetch": "^2.6.0",	31	"node-fetch": "^2.6.0",


diff --git a/start/app.js b/start/app.js index 765d414..0c32499 100644 --- a/start/app.js +++ b/start/app.js
@@ -17,6 +17,7 @@ const providers = [
17	'@adonisjs/cors/providers/CorsProvider',	17	'@adonisjs/cors/providers/CorsProvider',
18	'@adonisjs/lucid/providers/LucidProvider',	18	'@adonisjs/lucid/providers/LucidProvider',
19	'@adonisjs/drive/providers/DriveProvider',	19	'@adonisjs/drive/providers/DriveProvider',
		20	'@adonisjs/validator/providers/ValidatorProvider',
20	]	21	]
21		22
22	/*	23	/*