job offer validator

backend/apis/nodejs/src/routes/job_offer_routes.js

@@ -15,6 +15,7 @@ const JobOffer = require('../models/job_offer_model');
 const jwtUtils = require('../utils/jwt_utils');
 const express = require('express');
 const Tag = require('../models/tags_model');
+const jobOfferValidator = require('../utils/validators/job_offer_validator');
 
 /**
  * POST Request
@@ -26,6 +27,13 @@ const Tag = require('../models/tags_model');
  */
 async function insert(req, res) {
     try {
+        const errors = jobOfferValidator.validationResult(req);
+        if (!errors.isEmpty()) {
+            return res.status(400).json({
+                errors: errors.array()
+            });
+        }
+
         const tags = await Tag.findByTags(req.body.tags);
         const insertedJobOffer = await JobOffer.insert(
             req.jwt.person_id,
@@ -64,6 +72,13 @@ async function insert(req, res) {
  */
 async function remove(req, res) {
     try {
+        const errors = jobOfferValidator.validationResult(req);
+        if (!errors.isEmpty()) {
+            return res.status(400).json({
+                errors: errors.array()
+            });
+        }
+
         const result = await JobOffer.remove(req.jwt.person_id, req.params.jobOfferId);
         if (result) {
             return res.status(204).send();
@@ -88,6 +103,13 @@ async function remove(req, res) {
  */
 async function findByOrganizationId(req, res) {
     try {
+        const errors = jobOfferValidator.validationResult(req);
+        if (!errors.isEmpty()) {
+            return res.status(400).json({
+                errors: errors.array()
+            });
+        }
+        
         const result = await JobOffer.findByOrganizationId(req.params.id);
         return res.status(200).send(result);
     } catch (error) {
@@ -99,9 +121,9 @@ async function findByOrganizationId(req, res) {
 }
 
 const routes = express.Router();
-routes.get('/:id/joboffers', findByOrganizationId);
+routes.post('/:id/joboffers', jobOfferValidator.insertValidator, jwtUtils.extractToken, insert);
-routes.post('/:id/joboffers', jwtUtils.extractToken, insert);
+routes.delete('/joboffers/:jobOfferId', jobOfferValidator.removeValidator, jwtUtils.extractToken, remove);
-routes.delete('/joboffers/:jobOfferId', jwtUtils.extractToken, remove);
+routes.get('/:id/joboffers', jobOfferValidator.findByOrganizationIdValidator, findByOrganizationId);
 
 module.exports = {
     routes

backend/apis/nodejs/src/routes/reset_password_routes.js

@@ -25,8 +25,7 @@ async function add(req, res) {
         if (userExists) {
             const secret = crypto.randomBytes(16).toString('hex');
             await ResetPassword.add(req.body.email, secret);
-            const body = `Click on this link: ...${secret} to reset your Blink password. If you did not ask for such a change, simply ignore this e-mail.`;
+            mailUtils.sendResetPasswordLink(req.body.email, secret);
-            mailUtils.sendMail(req.body.email, 'Blink Reset Password', body, null);
         }
         res.status(204).send();
     } catch (error) {

backend/apis/nodejs/src/utils/mail_utils.js

@@ -22,6 +22,11 @@ function sendConfirmationLink(destinationAddress, code) {
     sendMail(destinationAddress, 'Verify your Blink Account', null, getConfirmationLinkHtmlPage(confirmationLink));
 }
 
+function sendResetPasswordLink(destinationAddress, secret) {
+    const message = `A change of your Blink password has been requested. If you requested this, click on this link ${process.env.FRONT_END_URL}/reset-password.html?secret=${secret}. Otherwise you can simply ignore this e-mail`;
+    sendMail(destinationAddress, 'Blink Password change', message, null);
+}
+
 /**
  * 
  * @param {*} destinationAddress Destination Address
@@ -60,5 +65,6 @@ function getConfirmationLinkHtmlPage(confirmationLink) {
 
 module.exports = {
     sendConfirmationLink,
+    sendResetPasswordLink,
     sendMail
 }

backend/apis/nodejs/src/utils/validators/job_offer_validator.js

@@ -0,0 +1,56 @@
+/*
+    This code is part of Blink
+    licensed under GPLv3
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED,  INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+    THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+    IN THE SOFTWARE.
+*/
+
+const {
+    check,
+    validationResult
+} = require("express-validator");
+const {
+    escape
+} = require('validator');
+
+const insertValidator = [
+    check('id').trim().notEmpty().escape(),
+    check('title').trim().notEmpty().escape(),
+    check('description').trim().escape(),
+    check('requirements').trim().escape(),
+    check('salary').trim().notEmpty().escape().isCurrency(),
+    check('salary_frequency').trim().notEmpty().escape(),
+    check('salary_currency').trim().notEmpty().escape(),
+    check('location').trim().escape(),
+    check('tags').custom(tags => {
+        if (!Array.isArray(tags)) {
+            throw new Error('tags must be an array');
+        }
+        return true;
+    }).customSanitizer(tags => {
+        if (Array.isArray(tags)) {
+            return tags.map(element => escape(element));
+        }
+    })
+];
+
+const removeValidator = [
+    check('jobOfferId').trim().notEmpty().escape()
+]
+
+const findByOrganizationIdValidator = [
+    check('id').trim().notEmpty().escape()
+]
+
+module.exports = {
+    validationResult,
+    insertValidator,
+    removeValidator,
+    findByOrganizationIdValidator
+}

backend/sql/8-create_job_offer.sql

@@ -10,6 +10,7 @@ CREATE TABLE IF NOT EXISTS public."JobOffer"
     requirements character varying(4096),
     salary money NOT NULL,
     salary_frequency character varying(64) NOT NULL,
+    salary_currency character varying(64) NOT NULL,
     location character varying(256),
     organization_id integer,
     CONSTRAINT "JobOffer_pkey" PRIMARY KEY (id),