From ddedc080a28a46b7d9125682a3c990409908b70b Mon Sep 17 00:00:00 2001
From: vantezzen <properly@protonmail.com>
Date: Mon, 26 Aug 2019 10:31:24 +0200
Subject: Add validations

---
 app/Controllers/Http/ServiceController.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'app/Controllers/Http/ServiceController.js')

diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js
index d1adea3..0d1bae2 100644
--- a/app/Controllers/Http/ServiceController.js
+++ b/app/Controllers/Http/ServiceController.js
@@ -2,6 +2,10 @@
 
 const User = use('App/Models/User');
 const Service = use('App/Models/Service');
+const {
+  validateAll
+} = use('Validator');
+
 const uuid = require('uuid/v4');
 
 class ServiceController {
@@ -17,6 +21,18 @@ class ServiceController {
       return response.send('Missing or invalid api token')
     }
 
+    // Validate user input
+    const validation = await validateAll(request.all(), {
+      name: 'required|alpha',
+      recipeId: 'required',
+    });
+    if (validation.fails()) {
+      return response.status(401).send({
+        "message": "Invalid POST arguments",
+        "status": 401
+      })
+    }
+
     const data = request.all();
 
     // Get new, unused uuid
@@ -65,7 +81,6 @@ class ServiceController {
     } catch (error) {
       return response.send('Missing or invalid api token')
     }
-
     
     const services = (await auth.user.services().fetch()).rows;
     // Convert to array with all data Franz wants
-- 
cgit v1.2.3-54-g00ecf