From ddedc080a28a46b7d9125682a3c990409908b70b Mon Sep 17 00:00:00 2001 From: vantezzen Date: Mon, 26 Aug 2019 10:31:24 +0200 Subject: Add validations --- app/Controllers/Http/RecipeController.js | 46 +++++++++++++++++++++++++++-- app/Controllers/Http/ServiceController.js | 17 ++++++++++- app/Controllers/Http/UserController.js | 33 +++++++++++++++++++-- app/Controllers/Http/WorkspaceController.js | 39 +++++++++++++++++++++++- 4 files changed, 128 insertions(+), 7 deletions(-) (limited to 'app/Controllers/Http') diff --git a/app/Controllers/Http/RecipeController.js b/app/Controllers/Http/RecipeController.js index 594c298..11938b6 100644 --- a/app/Controllers/Http/RecipeController.js +++ b/app/Controllers/Http/RecipeController.js @@ -3,6 +3,10 @@ const Recipe = use('App/Models/Recipe'); const Helpers = use('Helpers') const Drive = use('Drive') +const { + validateAll +} = use('Validator'); + const fetch = require('node-fetch'); const targz = require('targz'); const path = require('path'); @@ -49,6 +53,22 @@ class RecipeController { request, response }) { + // Validate user input + const validation = await validateAll(request.all(), { + name: 'required|alpha', + recipeId: 'required|unique:recipes,recipeId', + author: 'required|accepted', + png: 'required|url', + svg: 'required|url', + files: 'required', + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Invalid POST arguments", + "status": 401 + }) + } + const data = request.all(); if (!data.id) { @@ -70,7 +90,7 @@ class RecipeController { // Compress files to .tar.gz file const source = Helpers.tmpPath('recipe'); const destination = path.join(Helpers.appRoot(), '/recipes/' + data.id + '.tar.gz'); - console.log('a', source, destination) + compress( source, destination @@ -99,10 +119,21 @@ class RecipeController { request, response }) { + // Validate user input + const validation = await validateAll(request.all(), { + needle: 'required' + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Please provide a needle", + "status": 401 + }) + } + const needle = request.input('needle') // Get results - const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + needle)).text()); + const remoteResults = JSON.parse(await (await fetch('https://api.franzinfra.com/v1/recipes/search?needle=' + encodeURIComponent(needle))).text()); const localResultsArray = (await Recipe.query().where('name', 'LIKE', '%' + needle + '%').fetch()).toJSON(); const localResults = localResultsArray.map(recipe => ({ "id": recipe.recipeId, @@ -124,6 +155,17 @@ class RecipeController { response, params }) { + // Validate user input + const validation = await validateAll(params, { + recipe: 'required|accepted' + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Please provide a recipe ID", + "status": 401 + }) + } + const service = params.recipe; // Check for invalid characters diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js index d1adea3..0d1bae2 100644 --- a/app/Controllers/Http/ServiceController.js +++ b/app/Controllers/Http/ServiceController.js @@ -2,6 +2,10 @@ const User = use('App/Models/User'); const Service = use('App/Models/Service'); +const { + validateAll +} = use('Validator'); + const uuid = require('uuid/v4'); class ServiceController { @@ -17,6 +21,18 @@ class ServiceController { return response.send('Missing or invalid api token') } + // Validate user input + const validation = await validateAll(request.all(), { + name: 'required|alpha', + recipeId: 'required', + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Invalid POST arguments", + "status": 401 + }) + } + const data = request.all(); // Get new, unused uuid @@ -65,7 +81,6 @@ class ServiceController { } catch (error) { return response.send('Missing or invalid api token') } - const services = (await auth.user.services().fetch()).rows; // Convert to array with all data Franz wants diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js index 5c4d7fb..f81a0d5 100644 --- a/app/Controllers/Http/UserController.js +++ b/app/Controllers/Http/UserController.js @@ -1,6 +1,9 @@ 'use strict' const User = use('App/Models/User'); +const { + validateAll +} = use('Validator'); const atob = require('atob'); class UserController { @@ -12,8 +15,22 @@ class UserController { auth, session }) { + // Validate user input + const validation = await validateAll(request.all(), { + firstname: 'required', + email: 'required|email|unique:users,email', + password: 'required' + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Invalid POST arguments", + "status": 401 + }) + } + const data = request.only(['firstname', 'email', 'password']); + // Create user in DB let user; try { user = await User.create({ @@ -21,13 +38,14 @@ class UserController { password: data.password, username: data.firstname }); - } catch(e) { + } catch (e) { return response.status(401).send({ "message": "E-Mail Address already in use", "status": 401 }) } - + + // Generate new auth token const token = await auth.generate(user) return response.send({ @@ -42,8 +60,17 @@ class UserController { response, auth }) { + if (!request.header('Authorization')) { + return response.status(401).send({ + "message": "Please provide authorization", + "status": 401 + }) + } + + // Get auth data from auth token const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':'); + // Check if user with email exists let user = (await User.query().where('email', authHeader[0]).first()); if (!user || !user.email) { return response.status(401).send({ @@ -53,7 +80,7 @@ class UserController { }); } - + // Try to login let token; try { token = await auth.attempt(user.email, authHeader[1]) diff --git a/app/Controllers/Http/WorkspaceController.js b/app/Controllers/Http/WorkspaceController.js index 5573382..3d45893 100644 --- a/app/Controllers/Http/WorkspaceController.js +++ b/app/Controllers/Http/WorkspaceController.js @@ -1,6 +1,10 @@ 'use strict' const Workspace = use('App/Models/Workspace'); +const { + validateAll +} = use('Validator'); + const uuid = require('uuid/v4'); class WorkspaceController { @@ -16,6 +20,17 @@ class WorkspaceController { return response.send('Missing or invalid api token') } + // Validate user input + const validation = await validateAll(request.all(), { + name: 'required|alpha', + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Invalid POST arguments", + "status": 401 + }) + } + const data = request.all(); // Get new, unused uuid @@ -56,6 +71,18 @@ class WorkspaceController { return response.send('Missing or invalid api token') } + // Validate user input + const validation = await validateAll(request.all(), { + name: 'required|alpha', + services: 'required|array' + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Invalid POST arguments", + "status": 401 + }) + } + const data = request.all(); const { id @@ -95,7 +122,17 @@ class WorkspaceController { return response.send('Missing or invalid api token') } - const data = request.all(); + // Validate user input + const validation = await validateAll(request.all(), { + id: 'required', + }); + if (validation.fails()) { + return response.status(401).send({ + "message": "Invalid POST arguments", + "status": 401 + }) + } + const { id } = params; -- cgit v1.2.3-70-g09d2