Add validations

author: vantezzen <properly@protonmail.com> 2019-08-26 10:31:24 +0200
committer: vantezzen <properly@protonmail.com> 2019-08-26 10:31:24 +0200
commit: ddedc080a28a46b7d9125682a3c990409908b70b (patch)
tree: ddbef921b6954a53984ea195dfbf24afcf367ae2 /app
parent: Add announcement route (diff)
download: ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.gz
ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.zst
ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.zip
4 files changed, 128 insertions, 7 deletions
diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js
index 594c298..11938b6 100644
--- a/app/Controllers/Http/RecipeController.js
+++ b/app/Controllers/Http/RecipeController.js
@@ -3,6 +3,10 @@
 const Recipe = use('App/Models/Recipe');
 const Helpers = use('Helpers')
 const Drive = use('Drive')
+const {
+  validateAll
+} = use('Validator');
 const fetch = require('node-fetch');
 const targz = require('targz');
 const path = require('path');
@@ -49,6 +53,22 @@ class RecipeController {
    request,
    response
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      recipeId: 'required|unique:recipes,recipeId',
+      author: 'required|accepted',
+      png: 'required|url',
+      svg: 'required|url',
+      files: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    if (!data.id) {
@@ -70,7 +90,7 @@ class RecipeController {
    // Compress files to .tar.gz file
    const source = Helpers.tmpPath('recipe');
    const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');
-    console.log('a', source, destination)
+    
    compress(
      source,
      destination
@@ -99,10 +119,21 @@ class RecipeController {
    request,
    response
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      needle: 'required'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Please provide a needle",
+        "status": 401
+      })
+    }
    const needle = request.input('needle')
    // Get results
-    const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text());
+    const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text());
    const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();
    const localResults = localResultsArray.map(recipe => ({
      "id": recipe.recipeId,
@@ -124,6 +155,17 @@ class RecipeController {
    response,
    params
  }) {
+    // Validate user input
+    const validation = await validateAll(params, {
+      recipe: 'required|accepted'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Please provide a recipe ID",
+        "status": 401
+      })
+    }
    const service = params.recipe;
    // Check for invalid characters
diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js
index d1adea3..0d1bae2 100644
--- a/app/Controllers/Http/ServiceController.js
+++ b/app/Controllers/Http/ServiceController.js
@@ -2,6 +2,10 @@
 const User = use('App/Models/User');
 const Service = use('App/Models/Service');
+const {
+  validateAll
+} = use('Validator');
 const uuid = require('uuid/v4');
 class ServiceController {
@@ -17,6 +21,18 @@ class ServiceController {
      return response.send('Missing or invalid api token')
    }
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      recipeId: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    // Get new, unused uuid
@@ -65,7 +81,6 @@ class ServiceController {
    } catch (error) {
      return response.send('Missing or invalid api token')
    }
    
    const services = (await auth.user.services().fetch()).rows;
    // Convert to array with all data Franz wants
diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js
index 5c4d7fb..f81a0d5 100644
--- a/app/Controllers/Http/UserController.js
+++ b/app/Controllers/Http/UserController.js
@@ -1,6 +1,9 @@
 'use strict'
 const User = use('App/Models/User');
+const {
+  validateAll
+} = use('Validator');
 const atob = require('atob');
 class UserController {
@@ -12,8 +15,22 @@ class UserController {
    auth,
    session
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      firstname: 'required',
+      email: 'required|email|unique:users,email',
+      password: 'required'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.only(['firstname', 'email', 'password']);
+    // Create user in DB
    let user;
    try {
      user = await User.create({
@@ -21,13 +38,14 @@ class UserController {
        password: data.password,
        username: data.firstname
      });
-    } catch(e) {
+    } catch (e) {
      return response.status(401).send({
        "message": "E-Mail Address already in use",
        "status": 401
      })
    }
-    
+    // Generate new auth token
    const token = await auth.generate(user)
    return response.send({
@@ -42,8 +60,17 @@ class UserController {
    response,
    auth
  }) {
+    if (!request.header('Authorization')) {
+      return response.status(401).send({
+        "message": "Please provide authorization",
+        "status": 401
+      })
+    }
+    // Get auth data from auth token
    const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':');
+    // Check if user with email exists
    let user = (await User.query().where('email', authHeader[0]).first());
    if (!user || !user.email) {
      return response.status(401).send({
@@ -53,7 +80,7 @@ class UserController {
      });
    }
+    // Try to login
    let token;
    try {
      token = await auth.attempt(user.email, authHeader[1])
diff --git a/app/Controllers/Http/WorkspaceController.js b/app/Controllers/Http/WorkspaceController.js
index 5573382..3d45893 100644
--- a/app/Controllers/Http/WorkspaceController.js
+++ b/app/Controllers/Http/WorkspaceController.js
@@ -1,6 +1,10 @@
 'use strict'
 const Workspace = use('App/Models/Workspace');
+const {
+  validateAll
+} = use('Validator');
 const uuid = require('uuid/v4');
 class WorkspaceController {
@@ -16,6 +20,17 @@ class WorkspaceController {
      return response.send('Missing or invalid api token')
    }
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    // Get new, unused uuid
@@ -56,6 +71,18 @@ class WorkspaceController {
      return response.send('Missing or invalid api token')
    }
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      services: 'required|array'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    const {
      id
@@ -95,7 +122,17 @@ class WorkspaceController {
      return response.send('Missing or invalid api token')
    }
-    const data = request.all();
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      id: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const {
      id
    } = params;
author	vantezzen <properly@protonmail.com>	2019-08-26 10:31:24 +0200
committer	vantezzen <properly@protonmail.com>	2019-08-26 10:31:24 +0200
commit	ddedc080a28a46b7d9125682a3c990409908b70b (patch)
tree	ddbef921b6954a53984ea195dfbf24afcf367ae2 /app
parent	Add announcement route (diff)
download	ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.gz ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.zst ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.zip

diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js index 594c298..11938b6 100644 --- a/app/Controllers/Http/RecipeController.js +++ b/app/Controllers/Http/RecipeController.js
@@ -3,6 +3,10 @@
3	const Recipe = use('App/Models/Recipe');	3	const Recipe = use('App/Models/Recipe');
4	const Helpers = use('Helpers')	4	const Helpers = use('Helpers')
5	const Drive = use('Drive')	5	const Drive = use('Drive')
		6	const {
		7	validateAll
		8	} = use('Validator');
		9
6	const fetch = require('node-fetch');	10	const fetch = require('node-fetch');
7	const targz = require('targz');	11	const targz = require('targz');
8	const path = require('path');	12	const path = require('path');
@@ -49,6 +53,22 @@ class RecipeController {
49	request,	53	request,
50	response	54	response
51	}) {	55	}) {
		56	// Validate user input
		57	const validation = await validateAll(request.all(), {
		58	name: 'required\|alpha',
		59	recipeId: 'required\|unique:recipes,recipeId',
		60	author: 'required\|accepted',
		61	png: 'required\|url',
		62	svg: 'required\|url',
		63	files: 'required',
		64	});
		65	if (validation.fails()) {
		66	return response.status(401).send({
		67	"message": "Invalid POST arguments",
		68	"status": 401
		69	})
		70	}
		71
52	const data = request.all();	72	const data = request.all();
53		73
54	if (!data.id) {	74	if (!data.id) {
@@ -70,7 +90,7 @@ class RecipeController {
70	// Compress files to .tar.gz file	90	// Compress files to .tar.gz file
71	const source = Helpers.tmpPath('recipe');	91	const source = Helpers.tmpPath('recipe');
72	const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');	92	const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');
73	console.log('a', source, destination)	93
74	compress(	94	compress(
75	source,	95	source,
76	destination	96	destination
@@ -99,10 +119,21 @@ class RecipeController {
99	request,	119	request,
100	response	120	response
101	}) {	121	}) {
		122	// Validate user input
		123	const validation = await validateAll(request.all(), {
		124	needle: 'required'
		125	});
		126	if (validation.fails()) {
		127	return response.status(401).send({
		128	"message": "Please provide a needle",
		129	"status": 401
		130	})
		131	}
		132
102	const needle = request.input('needle')	133	const needle = request.input('needle')
103		134
104	// Get results	135	// Get results
105	const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text());	136	const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text());
106	const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();	137	const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();
107	const localResults = localResultsArray.map(recipe => ({	138	const localResults = localResultsArray.map(recipe => ({
108	"id": recipe.recipeId,	139	"id": recipe.recipeId,
@@ -124,6 +155,17 @@ class RecipeController {
124	response,	155	response,
125	params	156	params
126	}) {	157	}) {
		158	// Validate user input
		159	const validation = await validateAll(params, {
		160	recipe: 'required\|accepted'
		161	});
		162	if (validation.fails()) {
		163	return response.status(401).send({
		164	"message": "Please provide a recipe ID",
		165	"status": 401
		166	})
		167	}
		168
127	const service = params.recipe;	169	const service = params.recipe;
128		170
129	// Check for invalid characters	171	// Check for invalid characters


diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js index d1adea3..0d1bae2 100644 --- a/app/Controllers/Http/ServiceController.js +++ b/app/Controllers/Http/ServiceController.js
@@ -2,6 +2,10 @@
2		2
3	const User = use('App/Models/User');	3	const User = use('App/Models/User');
4	const Service = use('App/Models/Service');	4	const Service = use('App/Models/Service');
		5	const {
		6	validateAll
		7	} = use('Validator');
		8
5	const uuid = require('uuid/v4');	9	const uuid = require('uuid/v4');
6		10
7	class ServiceController {	11	class ServiceController {
@@ -17,6 +21,18 @@ class ServiceController {
17	return response.send('Missing or invalid api token')	21	return response.send('Missing or invalid api token')
18	}	22	}
19		23
		24	// Validate user input
		25	const validation = await validateAll(request.all(), {
		26	name: 'required\|alpha',
		27	recipeId: 'required',
		28	});
		29	if (validation.fails()) {
		30	return response.status(401).send({
		31	"message": "Invalid POST arguments",
		32	"status": 401
		33	})
		34	}
		35
20	const data = request.all();	36	const data = request.all();
21		37
22	// Get new, unused uuid	38	// Get new, unused uuid
@@ -65,7 +81,6 @@ class ServiceController {
65	} catch (error) {	81	} catch (error) {
66	return response.send('Missing or invalid api token')	82	return response.send('Missing or invalid api token')
67	}	83	}
68
69		84
70	const services = (await auth.user.services().fetch()).rows;	85	const services = (await auth.user.services().fetch()).rows;
71	// Convert to array with all data Franz wants	86	// Convert to array with all data Franz wants


diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js index 5c4d7fb..f81a0d5 100644 --- a/app/Controllers/Http/UserController.js +++ b/app/Controllers/Http/UserController.js
@@ -1,6 +1,9 @@
1	'use strict'	1	'use strict'
2		2
3	const User = use('App/Models/User');	3	const User = use('App/Models/User');
		4	const {
		5	validateAll
		6	} = use('Validator');
4	const atob = require('atob');	7	const atob = require('atob');
5		8
6	class UserController {	9	class UserController {
@@ -12,8 +15,22 @@ class UserController {
12	auth,	15	auth,
13	session	16	session
14	}) {	17	}) {
		18	// Validate user input
		19	const validation = await validateAll(request.all(), {
		20	firstname: 'required',
		21	email: 'required\|email\|unique:users,email',
		22	password: 'required'
		23	});
		24	if (validation.fails()) {
		25	return response.status(401).send({
		26	"message": "Invalid POST arguments",
		27	"status": 401
		28	})
		29	}
		30
15	const data = request.only(['firstname', 'email', 'password']);	31	const data = request.only(['firstname', 'email', 'password']);
16		32
		33	// Create user in DB
17	let user;	34	let user;
18	try {	35	try {
19	user = await User.create({	36	user = await User.create({
@@ -21,13 +38,14 @@ class UserController {
21	password: data.password,	38	password: data.password,
22	username: data.firstname	39	username: data.firstname
23	});	40	});
24	} catch(e) {	41	} catch (e) {
25	return response.status(401).send({	42	return response.status(401).send({
26	"message": "E-Mail Address already in use",	43	"message": "E-Mail Address already in use",
27	"status": 401	44	"status": 401
28	})	45	})
29	}	46	}
30		47
		48	// Generate new auth token
31	const token = await auth.generate(user)	49	const token = await auth.generate(user)
32		50
33	return response.send({	51	return response.send({
@@ -42,8 +60,17 @@ class UserController {
42	response,	60	response,
43	auth	61	auth
44	}) {	62	}) {
		63	if (!request.header('Authorization')) {
		64	return response.status(401).send({
		65	"message": "Please provide authorization",
		66	"status": 401
		67	})
		68	}
		69
		70	// Get auth data from auth token
45	const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':');	71	const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':');
46		72
		73	// Check if user with email exists
47	let user = (await User.query().where('email', authHeader[0]).first());	74	let user = (await User.query().where('email', authHeader[0]).first());
48	if (!user \|\| !user.email) {	75	if (!user \|\| !user.email) {
49	return response.status(401).send({	76	return response.status(401).send({
@@ -53,7 +80,7 @@ class UserController {
53	});	80	});
54	}	81	}
55		82
56		83	// Try to login
57	let token;	84	let token;
58	try {	85	try {
59	token = await auth.attempt(user.email, authHeader[1])	86	token = await auth.attempt(user.email, authHeader[1])


diff --git a/app/Controllers/Http/WorkspaceController.js b/app/Controllers/Http/WorkspaceController.js index 5573382..3d45893 100644 --- a/app/Controllers/Http/WorkspaceController.js +++ b/app/Controllers/Http/WorkspaceController.js
@@ -1,6 +1,10 @@
1	'use strict'	1	'use strict'
2		2
3	const Workspace = use('App/Models/Workspace');	3	const Workspace = use('App/Models/Workspace');
		4	const {
		5	validateAll
		6	} = use('Validator');
		7
4	const uuid = require('uuid/v4');	8	const uuid = require('uuid/v4');
5		9
6	class WorkspaceController {	10	class WorkspaceController {
@@ -16,6 +20,17 @@ class WorkspaceController {
16	return response.send('Missing or invalid api token')	20	return response.send('Missing or invalid api token')
17	}	21	}
18		22
		23	// Validate user input
		24	const validation = await validateAll(request.all(), {
		25	name: 'required\|alpha',
		26	});
		27	if (validation.fails()) {
		28	return response.status(401).send({
		29	"message": "Invalid POST arguments",
		30	"status": 401
		31	})
		32	}
		33
19	const data = request.all();	34	const data = request.all();
20		35
21	// Get new, unused uuid	36	// Get new, unused uuid
@@ -56,6 +71,18 @@ class WorkspaceController {
56	return response.send('Missing or invalid api token')	71	return response.send('Missing or invalid api token')
57	}	72	}
58		73
		74	// Validate user input
		75	const validation = await validateAll(request.all(), {
		76	name: 'required\|alpha',
		77	services: 'required\|array'
		78	});
		79	if (validation.fails()) {
		80	return response.status(401).send({
		81	"message": "Invalid POST arguments",
		82	"status": 401
		83	})
		84	}
		85
59	const data = request.all();	86	const data = request.all();
60	const {	87	const {
61	id	88	id
@@ -95,7 +122,17 @@ class WorkspaceController {
95	return response.send('Missing or invalid api token')	122	return response.send('Missing or invalid api token')
96	}	123	}
97		124
98	const data = request.all();	125	// Validate user input
		126	const validation = await validateAll(request.all(), {
		127	id: 'required',
		128	});
		129	if (validation.fails()) {
		130	return response.status(401).send({
		131	"message": "Invalid POST arguments",
		132	"status": 401
		133	})
		134	}
		135
99	const {	136	const {
100	id	137	id
101	} = params;	138	} = params;