1 files changed, 44 insertions, 2 deletions
diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js
index 594c298..11938b6 100644
--- a/app/Controllers/Http/RecipeController.js
+++ b/app/Controllers/Http/RecipeController.js
@@ -3,6 +3,10 @@
 const Recipe = use('App/Models/Recipe');
 const Helpers = use('Helpers')
 const Drive = use('Drive')
+const {
+  validateAll
+} = use('Validator');
 const fetch = require('node-fetch');
 const targz = require('targz');
 const path = require('path');
@@ -49,6 +53,22 @@ class RecipeController {
    request,
    response
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      recipeId: 'required|unique:recipes,recipeId',
+      author: 'required|accepted',
+      png: 'required|url',
+      svg: 'required|url',
+      files: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
    const data = request.all();
    if (!data.id) {
@@ -70,7 +90,7 @@ class RecipeController {
    // Compress files to .tar.gz file
    const source = Helpers.tmpPath('recipe');
    const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');
-    console.log('a', source, destination)
+    
    compress(
      source,
      destination
@@ -99,10 +119,21 @@ class RecipeController {
    request,
    response
  }) {
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      needle: 'required'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Please provide a needle",
+        "status": 401
+      })
+    }
    const needle = request.input('needle')
    // Get results
-    const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text());
+    const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text());
    const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();
    const localResults = localResultsArray.map(recipe => ({
      "id": recipe.recipeId,
@@ -124,6 +155,17 @@ class RecipeController {
    response,
    params
  }) {
+    // Validate user input
+    const validation = await validateAll(params, {
+      recipe: 'required|accepted'
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Please provide a recipe ID",
+        "status": 401
+      })
+    }
    const service = params.recipe;
    // Check for invalid characters

diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js index 594c298..11938b6 100644 --- a/app/Controllers/Http/RecipeController.js +++ b/app/Controllers/Http/RecipeController.js
@@ -3,6 +3,10 @@
3	const Recipe = use('App/Models/Recipe');	3	const Recipe = use('App/Models/Recipe');
4	const Helpers = use('Helpers')	4	const Helpers = use('Helpers')
5	const Drive = use('Drive')	5	const Drive = use('Drive')
		6	const {
		7	validateAll
		8	} = use('Validator');
		9
6	const fetch = require('node-fetch');	10	const fetch = require('node-fetch');
7	const targz = require('targz');	11	const targz = require('targz');
8	const path = require('path');	12	const path = require('path');
@@ -49,6 +53,22 @@ class RecipeController {
49	request,	53	request,
50	response	54	response
51	}) {	55	}) {
		56	// Validate user input
		57	const validation = await validateAll(request.all(), {
		58	name: 'required\|alpha',
		59	recipeId: 'required\|unique:recipes,recipeId',
		60	author: 'required\|accepted',
		61	png: 'required\|url',
		62	svg: 'required\|url',
		63	files: 'required',
		64	});
		65	if (validation.fails()) {
		66	return response.status(401).send({
		67	"message": "Invalid POST arguments",
		68	"status": 401
		69	})
		70	}
		71
52	const data = request.all();	72	const data = request.all();
53		73
54	if (!data.id) {	74	if (!data.id) {
@@ -70,7 +90,7 @@ class RecipeController {
70	// Compress files to .tar.gz file	90	// Compress files to .tar.gz file
71	const source = Helpers.tmpPath('recipe');	91	const source = Helpers.tmpPath('recipe');
72	const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');	92	const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz');
73	console.log('a', source, destination)	93
74	compress(	94	compress(
75	source,	95	source,
76	destination	96	destination
@@ -99,10 +119,21 @@ class RecipeController {
99	request,	119	request,
100	response	120	response
101	}) {	121	}) {
		122	// Validate user input
		123	const validation = await validateAll(request.all(), {
		124	needle: 'required'
		125	});
		126	if (validation.fails()) {
		127	return response.status(401).send({
		128	"message": "Please provide a needle",
		129	"status": 401
		130	})
		131	}
		132
102	const needle = request.input('needle')	133	const needle = request.input('needle')
103		134
104	// Get results	135	// Get results
105	const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text());	136	const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text());
106	const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();	137	const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON();
107	const localResults = localResultsArray.map(recipe => ({	138	const localResults = localResultsArray.map(recipe => ({
108	"id": recipe.recipeId,	139	"id": recipe.recipeId,
@@ -124,6 +155,17 @@ class RecipeController {
124	response,	155	response,
125	params	156	params
126	}) {	157	}) {
		158	// Validate user input
		159	const validation = await validateAll(params, {
		160	recipe: 'required\|accepted'
		161	});
		162	if (validation.fails()) {
		163	return response.status(401).send({
		164	"message": "Please provide a recipe ID",
		165	"status": 401
		166	})
		167	}
		168
127	const service = params.recipe;	169	const service = params.recipe;
128		170
129	// Check for invalid characters	171	// Check for invalid characters