diff options
author | vantezzen <properly@protonmail.com> | 2019-08-26 10:31:24 +0200 |
---|---|---|
committer | vantezzen <properly@protonmail.com> | 2019-08-26 10:31:24 +0200 |
commit | ddedc080a28a46b7d9125682a3c990409908b70b (patch) | |
tree | ddbef921b6954a53984ea195dfbf24afcf367ae2 /app/Controllers/Http | |
parent | Add announcement route (diff) | |
download | ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.gz ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.zst ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.zip |
Add validations
Diffstat (limited to 'app/Controllers/Http')
-rw-r--r-- | app/Controllers/Http/RecipeController.js | 46 | ||||
-rw-r--r-- | app/Controllers/Http/ServiceController.js | 17 | ||||
-rw-r--r-- | app/Controllers/Http/UserController.js | 33 | ||||
-rw-r--r-- | app/Controllers/Http/WorkspaceController.js | 39 |
4 files changed, 128 insertions, 7 deletions
diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js index 594c298..11938b6 100644 --- a/app/Controllers/Http/RecipeController.js +++ b/app/Controllers/Http/RecipeController.js | |||
@@ -3,6 +3,10 @@ | |||
3 | const Recipe = use('App/Models/Recipe'); | 3 | const Recipe = use('App/Models/Recipe'); |
4 | const Helpers = use('Helpers') | 4 | const Helpers = use('Helpers') |
5 | const Drive = use('Drive') | 5 | const Drive = use('Drive') |
6 | const { | ||
7 | validateAll | ||
8 | } = use('Validator'); | ||
9 | |||
6 | const fetch = require('node-fetch'); | 10 | const fetch = require('node-fetch'); |
7 | const targz = require('targz'); | 11 | const targz = require('targz'); |
8 | const path = require('path'); | 12 | const path = require('path'); |
@@ -49,6 +53,22 @@ class RecipeController { | |||
49 | request, | 53 | request, |
50 | response | 54 | response |
51 | }) { | 55 | }) { |
56 | // Validate user input | ||
57 | const validation = await validateAll(request.all(), { | ||
58 | name: 'required|alpha', | ||
59 | recipeId: 'required|unique:recipes,recipeId', | ||
60 | author: 'required|accepted', | ||
61 | png: 'required|url', | ||
62 | svg: 'required|url', | ||
63 | files: 'required', | ||
64 | }); | ||
65 | if (validation.fails()) { | ||
66 | return response.status(401).send({ | ||
67 | "message": "Invalid POST arguments", | ||
68 | "status": 401 | ||
69 | }) | ||
70 | } | ||
71 | |||
52 | const data = request.all(); | 72 | const data = request.all(); |
53 | 73 | ||
54 | if (!data.id) { | 74 | if (!data.id) { |
@@ -70,7 +90,7 @@ class RecipeController { | |||
70 | // Compress files to .tar.gz file | 90 | // Compress files to .tar.gz file |
71 | const source = Helpers.tmpPath('recipe'); | 91 | const source = Helpers.tmpPath('recipe'); |
72 | const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz'); | 92 | const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz'); |
73 | console.log('a', source, destination) | 93 | |
74 | compress( | 94 | compress( |
75 | source, | 95 | source, |
76 | destination | 96 | destination |
@@ -99,10 +119,21 @@ class RecipeController { | |||
99 | request, | 119 | request, |
100 | response | 120 | response |
101 | }) { | 121 | }) { |
122 | // Validate user input | ||
123 | const validation = await validateAll(request.all(), { | ||
124 | needle: 'required' | ||
125 | }); | ||
126 | if (validation.fails()) { | ||
127 | return response.status(401).send({ | ||
128 | "message": "Please provide a needle", | ||
129 | "status": 401 | ||
130 | }) | ||
131 | } | ||
132 | |||
102 | const needle = request.input('needle') | 133 | const needle = request.input('needle') |
103 | 134 | ||
104 | // Get results | 135 | // Get results |
105 | const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text()); | 136 | const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text()); |
106 | const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON(); | 137 | const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON(); |
107 | const localResults = localResultsArray.map(recipe => ({ | 138 | const localResults = localResultsArray.map(recipe => ({ |
108 | "id": recipe.recipeId, | 139 | "id": recipe.recipeId, |
@@ -124,6 +155,17 @@ class RecipeController { | |||
124 | response, | 155 | response, |
125 | params | 156 | params |
126 | }) { | 157 | }) { |
158 | // Validate user input | ||
159 | const validation = await validateAll(params, { | ||
160 | recipe: 'required|accepted' | ||
161 | }); | ||
162 | if (validation.fails()) { | ||
163 | return response.status(401).send({ | ||
164 | "message": "Please provide a recipe ID", | ||
165 | "status": 401 | ||
166 | }) | ||
167 | } | ||
168 | |||
127 | const service = params.recipe; | 169 | const service = params.recipe; |
128 | 170 | ||
129 | // Check for invalid characters | 171 | // Check for invalid characters |
diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js index d1adea3..0d1bae2 100644 --- a/app/Controllers/Http/ServiceController.js +++ b/app/Controllers/Http/ServiceController.js | |||
@@ -2,6 +2,10 @@ | |||
2 | 2 | ||
3 | const User = use('App/Models/User'); | 3 | const User = use('App/Models/User'); |
4 | const Service = use('App/Models/Service'); | 4 | const Service = use('App/Models/Service'); |
5 | const { | ||
6 | validateAll | ||
7 | } = use('Validator'); | ||
8 | |||
5 | const uuid = require('uuid/v4'); | 9 | const uuid = require('uuid/v4'); |
6 | 10 | ||
7 | class ServiceController { | 11 | class ServiceController { |
@@ -17,6 +21,18 @@ class ServiceController { | |||
17 | return response.send('Missing or invalid api token') | 21 | return response.send('Missing or invalid api token') |
18 | } | 22 | } |
19 | 23 | ||
24 | // Validate user input | ||
25 | const validation = await validateAll(request.all(), { | ||
26 | name: 'required|alpha', | ||
27 | recipeId: 'required', | ||
28 | }); | ||
29 | if (validation.fails()) { | ||
30 | return response.status(401).send({ | ||
31 | "message": "Invalid POST arguments", | ||
32 | "status": 401 | ||
33 | }) | ||
34 | } | ||
35 | |||
20 | const data = request.all(); | 36 | const data = request.all(); |
21 | 37 | ||
22 | // Get new, unused uuid | 38 | // Get new, unused uuid |
@@ -65,7 +81,6 @@ class ServiceController { | |||
65 | } catch (error) { | 81 | } catch (error) { |
66 | return response.send('Missing or invalid api token') | 82 | return response.send('Missing or invalid api token') |
67 | } | 83 | } |
68 | |||
69 | 84 | ||
70 | const services = (await auth.user.services().fetch()).rows; | 85 | const services = (await auth.user.services().fetch()).rows; |
71 | // Convert to array with all data Franz wants | 86 | // Convert to array with all data Franz wants |
diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js index 5c4d7fb..f81a0d5 100644 --- a/app/Controllers/Http/UserController.js +++ b/app/Controllers/Http/UserController.js | |||
@@ -1,6 +1,9 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const User = use('App/Models/User'); | 3 | const User = use('App/Models/User'); |
4 | const { | ||
5 | validateAll | ||
6 | } = use('Validator'); | ||
4 | const atob = require('atob'); | 7 | const atob = require('atob'); |
5 | 8 | ||
6 | class UserController { | 9 | class UserController { |
@@ -12,8 +15,22 @@ class UserController { | |||
12 | auth, | 15 | auth, |
13 | session | 16 | session |
14 | }) { | 17 | }) { |
18 | // Validate user input | ||
19 | const validation = await validateAll(request.all(), { | ||
20 | firstname: 'required', | ||
21 | email: 'required|email|unique:users,email', | ||
22 | password: 'required' | ||
23 | }); | ||
24 | if (validation.fails()) { | ||
25 | return response.status(401).send({ | ||
26 | "message": "Invalid POST arguments", | ||
27 | "status": 401 | ||
28 | }) | ||
29 | } | ||
30 | |||
15 | const data = request.only(['firstname', 'email', 'password']); | 31 | const data = request.only(['firstname', 'email', 'password']); |
16 | 32 | ||
33 | // Create user in DB | ||
17 | let user; | 34 | let user; |
18 | try { | 35 | try { |
19 | user = await User.create({ | 36 | user = await User.create({ |
@@ -21,13 +38,14 @@ class UserController { | |||
21 | password: data.password, | 38 | password: data.password, |
22 | username: data.firstname | 39 | username: data.firstname |
23 | }); | 40 | }); |
24 | } catch(e) { | 41 | } catch (e) { |
25 | return response.status(401).send({ | 42 | return response.status(401).send({ |
26 | "message": "E-Mail Address already in use", | 43 | "message": "E-Mail Address already in use", |
27 | "status": 401 | 44 | "status": 401 |
28 | }) | 45 | }) |
29 | } | 46 | } |
30 | 47 | ||
48 | // Generate new auth token | ||
31 | const token = await auth.generate(user) | 49 | const token = await auth.generate(user) |
32 | 50 | ||
33 | return response.send({ | 51 | return response.send({ |
@@ -42,8 +60,17 @@ class UserController { | |||
42 | response, | 60 | response, |
43 | auth | 61 | auth |
44 | }) { | 62 | }) { |
63 | if (!request.header('Authorization')) { | ||
64 | return response.status(401).send({ | ||
65 | "message": "Please provide authorization", | ||
66 | "status": 401 | ||
67 | }) | ||
68 | } | ||
69 | |||
70 | // Get auth data from auth token | ||
45 | const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':'); | 71 | const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':'); |
46 | 72 | ||
73 | // Check if user with email exists | ||
47 | let user = (await User.query().where('email', authHeader[0]).first()); | 74 | let user = (await User.query().where('email', authHeader[0]).first()); |
48 | if (!user || !user.email) { | 75 | if (!user || !user.email) { |
49 | return response.status(401).send({ | 76 | return response.status(401).send({ |
@@ -53,7 +80,7 @@ class UserController { | |||
53 | }); | 80 | }); |
54 | } | 81 | } |
55 | 82 | ||
56 | 83 | // Try to login | |
57 | let token; | 84 | let token; |
58 | try { | 85 | try { |
59 | token = await auth.attempt(user.email, authHeader[1]) | 86 | token = await auth.attempt(user.email, authHeader[1]) |
diff --git a/app/Controllers/Http/WorkspaceController.js b/app/Controllers/Http/WorkspaceController.js index 5573382..3d45893 100644 --- a/app/Controllers/Http/WorkspaceController.js +++ b/app/Controllers/Http/WorkspaceController.js | |||
@@ -1,6 +1,10 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const Workspace = use('App/Models/Workspace'); | 3 | const Workspace = use('App/Models/Workspace'); |
4 | const { | ||
5 | validateAll | ||
6 | } = use('Validator'); | ||
7 | |||
4 | const uuid = require('uuid/v4'); | 8 | const uuid = require('uuid/v4'); |
5 | 9 | ||
6 | class WorkspaceController { | 10 | class WorkspaceController { |
@@ -16,6 +20,17 @@ class WorkspaceController { | |||
16 | return response.send('Missing or invalid api token') | 20 | return response.send('Missing or invalid api token') |
17 | } | 21 | } |
18 | 22 | ||
23 | // Validate user input | ||
24 | const validation = await validateAll(request.all(), { | ||
25 | name: 'required|alpha', | ||
26 | }); | ||
27 | if (validation.fails()) { | ||
28 | return response.status(401).send({ | ||
29 | "message": "Invalid POST arguments", | ||
30 | "status": 401 | ||
31 | }) | ||
32 | } | ||
33 | |||
19 | const data = request.all(); | 34 | const data = request.all(); |
20 | 35 | ||
21 | // Get new, unused uuid | 36 | // Get new, unused uuid |
@@ -56,6 +71,18 @@ class WorkspaceController { | |||
56 | return response.send('Missing or invalid api token') | 71 | return response.send('Missing or invalid api token') |
57 | } | 72 | } |
58 | 73 | ||
74 | // Validate user input | ||
75 | const validation = await validateAll(request.all(), { | ||
76 | name: 'required|alpha', | ||
77 | services: 'required|array' | ||
78 | }); | ||
79 | if (validation.fails()) { | ||
80 | return response.status(401).send({ | ||
81 | "message": "Invalid POST arguments", | ||
82 | "status": 401 | ||
83 | }) | ||
84 | } | ||
85 | |||
59 | const data = request.all(); | 86 | const data = request.all(); |
60 | const { | 87 | const { |
61 | id | 88 | id |
@@ -95,7 +122,17 @@ class WorkspaceController { | |||
95 | return response.send('Missing or invalid api token') | 122 | return response.send('Missing or invalid api token') |
96 | } | 123 | } |
97 | 124 | ||
98 | const data = request.all(); | 125 | // Validate user input |
126 | const validation = await validateAll(request.all(), { | ||
127 | id: 'required', | ||
128 | }); | ||
129 | if (validation.fails()) { | ||
130 | return response.status(401).send({ | ||
131 | "message": "Invalid POST arguments", | ||
132 | "status": 401 | ||
133 | }) | ||
134 | } | ||
135 | |||
99 | const { | 136 | const { |
100 | id | 137 | id |
101 | } = params; | 138 | } = params; |