xfarrow/blink
0
0
Fork 0
mirror of https://github.com/xfarrow/blink synced 2025-06-27 09:03:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

npx eslint --fix

Browse Source
This commit is contained in:
Alessandro Ferro
2024-02-23 11:17:02 +01:00
parent 4a712f4de3
commit 7bd6889768
18 changed files with 618 additions and 662 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/apis/nodejs/src/app.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -20,10 +20,9 @@ const rateLimit = require('express-rate-limit');
const personRoutes = require('./routes/person_routes.js');
const organizationRoutes = require('./routes/organization_routes.js');
const organizationAdminRoutes = require('./routes/organization_admin_routes.js');
const organizationPostRoutes = require('./routes/organization_post_routes.js')
const organizationPostRoutes = require('./routes/organization_post_routes.js');
const jwt_utils = require('./utils/jwt_utils.js');
// Application configuration
const app = express();
app.use(express.json()); // Middleware which parses JSON for POST requests
@ -31,7 +30,7 @@ app.use(cors()); // Enable CORS for all routes
app.use(rateLimit({
windowMs: process.env.LIMITER_WINDOW,
max: process.env.LIMITER_MAXIMUM_PER_WINDOW,
message: {error : "Too many requests from this IP, please try again later"}
message: { error: 'Too many requests from this IP, please try again later' }
})); // Apply the rate limiter middleware to all routes
const publicRoutes = express.Router();
@ -63,4 +62,4 @@ app.listen(port, () => {
console.log(`Blink API server is running on port ${port}`);
});
module.exports = app;
module.exports = app;

102
backend/apis/nodejs/src/models/organization_admin_model.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -14,69 +14,69 @@
const knex = require('../utils/knex_config');
/**
* Checks whether the specified person is an administrator
* Checks whether the specified person is an administrator
* of the specified administrator
* @param {*} personId
* @param {*} organizationId
* @param {*} personId
* @param {*} organizationId
* @returns true if administrator, false otherwise
*/
async function isPersonAdmin(personId, organizationId){
const isPersonAdmin = await knex('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.select('*')
.first();
return isPersonAdmin;
async function isPersonAdmin (personId, organizationId) {
const isPersonAdmin = await knex('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.select('*')
.first();
return isPersonAdmin;
}
/**
* Add the specified Person as the Organization administrator
* @param {*} personId
* @param {*} organizationId
* @param {*} personId
* @param {*} organizationId
*/
async function addOrganizationAdministrator(personId, organizationId){
await knex('OrganizationAdministrator')
.insert({
id_person: personId,
id_organization: organizationId
});
async function addOrganizationAdministrator (personId, organizationId) {
await knex('OrganizationAdministrator')
.insert({
id_person: personId,
id_organization: organizationId
});
}
/**
* Remove Person from the Organization's administrators.
* If no more Administrators are left, the Organization is removed.
* @param {*} personId
* @param {*} organizationId
* @param {*} personId
* @param {*} organizationId
*/
async function removeOrganizationAdmin(personId, organizationId){
const transaction = await knex.transaction();
// We lock the table to ensure that we won't have concurrency issues
// while checking remainingAdministrators.
// TODO: Understand whether a lock on the table is really necessary
await transaction.raw('LOCK TABLE "OrganizationAdministrator" IN SHARE MODE');
await transaction('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
async function removeOrganizationAdmin (personId, organizationId) {
const transaction = await knex.transaction();
// We lock the table to ensure that we won't have concurrency issues
// while checking remainingAdministrators.
// TODO: Understand whether a lock on the table is really necessary
await transaction.raw('LOCK TABLE "OrganizationAdministrator" IN SHARE MODE');
await transaction('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.del();
// TODO: If the user instead deletes their entire profile, the organization will not be deleted. Fix. (database schema)
const remainingAdministrators = await transaction('OrganizationAdministrator')
.where({ id_organization: organizationId });
if (remainingAdministrators.length === 0) {
// If no more users, delete the organization
await transaction('Organization')
.where('id', organizationId)
.del();
}
// TODO: If the user instead deletes their entire profile, the organization will not be deleted. Fix. (database schema)
const remainingAdministrators = await transaction('OrganizationAdministrator')
.where({ id_organization: organizationId });
if (remainingAdministrators.length === 0) {
// If no more users, delete the organization
await transaction('Organization')
.where('id', organizationId)
.del();
}
await transaction.commit();
await transaction.commit();
}
module.exports = {
isPersonAdmin,
addOrganizationAdministrator,
removeOrganizationAdmin
};
isPersonAdmin,
addOrganizationAdministrator,
removeOrganizationAdmin
};

144
backend/apis/nodejs/src/models/organization_model.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -15,28 +15,28 @@ const knex = require('../utils/knex_config');
/**
* Create Organization object
* @param {*} name
* @param {*} location
* @param {*} description
* @param {*} is_hiring
* @returns
* @param {*} name
* @param {*} location
* @param {*} description
* @param {*} is_hiring
* @returns
*/
function organization(name, location, description, is_hiring){
const organization = {
name: name,
location: location,
description: description,
is_hiring: is_hiring
};
return organization;
function organization (name, location, description, is_hiring) {
const organization = {
name,
location,
description,
is_hiring
};
return organization;
}
/**
* Gets an Organization by its identifier
* @param {*} id
* @returns
* @param {*} id
* @returns
*/
async function getOrganizationById(id){
async function getOrganizationById (id) {
const organization = await knex('Organization')
.where('id', id)
.select('*')
@ -46,69 +46,69 @@ async function getOrganizationById(id){
/**
* Insert an Organization and its relative Administrator
* @param {*} organization
* @param {*} organization
*/
async function insertOrganization(organization, organizationAdministratorId){
await knex.transaction(async (trx) => {
// We have to insert either both in Organization and in OrganizationAdministrator
// or in neither
const organizationResult = await trx('Organization')
.insert(organization, '*');
// Inserting in the "OrganizationAdministrator" table
await trx('OrganizationAdministrator')
.insert({
id_person: organizationAdministratorId,
id_organization: organizationResult[0].id,
});
async function insertOrganization (organization, organizationAdministratorId) {
await knex.transaction(async (trx) => {
// We have to insert either both in Organization and in OrganizationAdministrator
// or in neither
const organizationResult = await trx('Organization')
.insert(organization, '*');
// Inserting in the "OrganizationAdministrator" table
await trx('OrganizationAdministrator')
.insert({
id_person: organizationAdministratorId,
id_organization: organizationResult[0].id
});
});
}
/**
* Updates an Organization specified by the OrganizationId, if and
* only if the specified personId is one of its Administrator
* @param {*} organization
* @param {*} organizationId
* @param {*} personId
* @param {*} organization
* @param {*} organizationId
* @param {*} personId
* @returns true if the row was updated, false otherwise
*/
async function updateOrganizationIfAdministrator(organization, organizationId, personId){
// // const isOrganizationAdmin = await knex('OrganizationAdministrator')
// // .where('id_person', req.jwt.person_id)
// // .where('id_organization', req.params.id)
// // .select('*')
// // .first();
// // // This introduces a Time of check Time of use weakeness
// // // which could'have been fixed by either
// // // 1) Using "whereExists", thanks to the "it's easier to ask for
// // // forgiveness than for permission" padarigm. Or,
// // // 2) Using a serializable transaction.
// // //
// // // The undersigned chose not to follow these approaches because
// // // this does not introduces any serious vulnerability. In this
// // // way it seems more readable.
// // if(!isOrganizationAdmin){
// // return res.status(403).json({error : "Forbidden"});
// // }
// // await knex('Organization')
// // .where('id', req.params.id)
// // .update({
// // name: req.body.name,
// // location: req.body.location,
// // description: req.body.description,
// // is_hiring: req.body.is_hiring
// // });
async function updateOrganizationIfAdministrator (organization, organizationId, personId) {
// // const isOrganizationAdmin = await knex('OrganizationAdministrator')
// // .where('id_person', req.jwt.person_id)
// // .where('id_organization', req.params.id)
// // .select('*')
// // .first();
// // // This introduces a Time of check Time of use weakeness
// // // which could'have been fixed by either
// // // 1) Using "whereExists", thanks to the "it's easier to ask for
// // // forgiveness than for permission" padarigm. Or,
// // // 2) Using a serializable transaction.
// // //
// // // The undersigned chose not to follow these approaches because
// // // this does not introduces any serious vulnerability. In this
// // // way it seems more readable.
// // if(!isOrganizationAdmin){
// // return res.status(403).json({error : "Forbidden"});
// // }
// // await knex('Organization')
// // .where('id', req.params.id)
// // .update({
// // name: req.body.name,
// // location: req.body.location,
// // description: req.body.description,
// // is_hiring: req.body.is_hiring
// // });
const numberOfUpdatedRows = await knex('Organization')
.where('id', organizationId)
.whereExists(function(){
.whereExists(function () {
this.select('*')
.from('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.where('id_organization', organizationId);
})
.update(organization);
return numberOfUpdatedRows == 1;
@ -121,14 +121,14 @@ async function updateOrganizationIfAdministrator(organization, organizationId, p
* @param {*} personId PersonId of the supposedly administrator
* @returns true if the Organization was successfully deleted, false otherwise
*/
async function deleteOrganizationIfAdmin(organizationId, personId){
async function deleteOrganizationIfAdmin (organizationId, personId) {
const numberOfDeletedRows = await knex('Organization')
.where({ id: organizationId })
.whereExists(function(){
.whereExists(function () {
this.select('*')
.from('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.where('id_organization', organizationId);
})
.del();
return numberOfDeletedRows == 1;
@ -144,4 +144,4 @@ module.exports = {
updateOrganizationIfAdministrator,
updateOrganizationIfAdministrator,
deleteOrganizationIfAdmin
};
};

169
backend/apis/nodejs/src/models/person_model.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -16,26 +16,26 @@ const bcrypt = require('bcrypt');
/**
* Creates Person object by the specified fields
* @param {*} email
* @param {*} password
* @param {*} display_name
* @param {*} date_of_birth
* @param {*} available
* @param {*} enabled
* @param {*} place_of_living
* @returns
* @param {*} email
* @param {*} password
* @param {*} display_name
* @param {*} date_of_birth
* @param {*} available
* @param {*} enabled
* @param {*} place_of_living
* @returns
*/
function person(email, password, display_name, date_of_birth, available, enabled, place_of_living) {
const person = {
email: email.toLowerCase(),
password: password,
display_name: display_name,
date_of_birth: date_of_birth,
available: available,
enabled: enabled,
place_of_living: place_of_living
};
return person;
function person (email, password, display_name, date_of_birth, available, enabled, place_of_living) {
const person = {
email: email.toLowerCase(),
password,
display_name,
date_of_birth,
available,
enabled,
place_of_living
};
return person;
}
/**
@ -43,22 +43,22 @@ function person(email, password, display_name, date_of_birth, available, enabled
* @param {*} email email to look the Person for
* @returns the Person object
*/
async function getPersonByEmail(email){
return await knex('Person')
.where('email', email.toLowerCase())
.first();
async function getPersonByEmail (email) {
return await knex('Person')
.where('email', email.toLowerCase())
.first();
}
/**
* Get Person by Id
* @param {*} id - The id to look the person for
* @returns
* @returns
*/
async function getPersonById(id){
return await knex('Person')
.select('*')
.where({ id: id })
.first();
async function getPersonById (id) {
return await knex('Person')
.select('*')
.where({ id })
.first();
}
/**
@ -67,27 +67,27 @@ async function getPersonById(id){
* @param {*} person A Person object
* @param {*} activationLink the activationLink identifier
*/
async function registerPerson(person, activationLink){
// We need to insert either both in the "Person" table
// and in the "ActivationLink" one, or in neither
await knex.transaction(async (tr) => {
const personIdResult = await tr('Person')
.insert({
email: person.email.toLowerCase(),
password: person.password,
display_name: person.display_name,
date_of_birth: person.date_of_birth,
available: person.available,
enabled: person.enabled,
place_of_living: person.place_of_living
})
.returning("id");
await tr('ActivationLink')
.insert({
person_id: personIdResult[0].id,
identifier: activationLink
});
});
async function registerPerson (person, activationLink) {
// We need to insert either both in the "Person" table
// and in the "ActivationLink" one, or in neither
await knex.transaction(async (tr) => {
const personIdResult = await tr('Person')
.insert({
email: person.email.toLowerCase(),
password: person.password,
display_name: person.display_name,
date_of_birth: person.date_of_birth,
available: person.available,
enabled: person.enabled,
place_of_living: person.place_of_living
})
.returning('id');
await tr('ActivationLink')
.insert({
person_id: personIdResult[0].id,
identifier: activationLink
});
});
}
/**
@ -95,22 +95,22 @@ async function registerPerson(person, activationLink){
* Used for log-in
* @param {*} email
* @param {*} password
* @returns
* @returns
*/
async function getPersonByEmailAndPassword(email, password){
const person = await knex('Person')
.where('email', email.toLowerCase())
.where('enabled', true)
.select('*')
.first();
async function getPersonByEmailAndPassword (email, password) {
const person = await knex('Person')
.where('email', email.toLowerCase())
.where('enabled', true)
.select('*')
.first();
if(person){
const passwordMatches = await bcrypt.compare(password, person.password);
if (passwordMatches) {
return person;
}
if (person) {
const passwordMatches = await bcrypt.compare(password, person.password);
if (passwordMatches) {
return person;
}
return null;
}
return null;
}
/**
@ -118,32 +118,31 @@ async function getPersonByEmailAndPassword(email, password){
* @param {*} person The Person to update
* @param {*} person_id The database id of the Person to update
*/
async function updatePerson(person, person_id){
await knex('Person')
.where('id', person_id)
.update(person);
async function updatePerson (person, person_id) {
await knex('Person')
.where('id', person_id)
.update(person);
}
/**
* Deletes a Person specified by its database id.
* @param {*} person_id
* @param {*} person_id
*/
async function deletePerson(person_id){
await knex('Person')
.where({id : person_id})
.del();
async function deletePerson (person_id) {
await knex('Person')
.where({ id: person_id })
.del();
}
// Exporting a function
// means making a JavaScript function defined in one
// module available for use in another module.
module.exports = {
person,
getPersonByEmail,
getPersonById,
getPersonByEmailAndPassword,
registerPerson,
updatePerson,
deletePerson
};
person,
getPersonByEmail,
getPersonById,
getPersonByEmailAndPassword,
registerPerson,
updatePerson,
deletePerson
};

84
backend/apis/nodejs/src/routes/organization_admin_routes.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -16,61 +16,57 @@ const organization_admin_model = require('../models/organization_admin_model');
/**
* POST Method
*
*
* Add an Administrator to an Organization. Allowed only if the
* logged user is an Administrator themselves.
*
*
* Required field(s): organization_id, person_id
*/
async function addOrganizationAdmin(req, res){
async function addOrganizationAdmin (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.person_id) {
return res.status(400).json({ error: 'Invalid request' });
}
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.person_id) {
return res.status(400).json({ error : "Invalid request"});
}
try {
const isPersonAdmin = await organization_admin_model.isPersonAdmin(req.jwt.person_id, req.body.organization_id);
// TOC/TOU
if(!isPersonAdmin){
return res.status(401).json({error : "Forbidden"});
}
await organization_admin_model.addOrganizationAdministrator(req.body.person_id, req.body.organization_id);
return res.status(200).json({success : true});
}
catch (error) {
console.error('Error while adding organization admin: ' + error);
res.status(500).json({error : "Internal server error"});
try {
const isPersonAdmin = await organization_admin_model.isPersonAdmin(req.jwt.person_id, req.body.organization_id);
// TOC/TOU
if (!isPersonAdmin) {
return res.status(401).json({ error: 'Forbidden' });
}
await organization_admin_model.addOrganizationAdministrator(req.body.person_id, req.body.organization_id);
return res.status(200).json({ success: true });
} catch (error) {
console.error('Error while adding organization admin: ' + error);
res.status(500).json({ error: 'Internal server error' });
}
}
/**
/**
* DELETE Request
*
*
* Deletes a Person from the list of Administrators of an Organization.
* The logged user can only remove themselves. If no more Administrators
* are left, the Organization is removed.
*
*
* Required field(s): organization_id
*/
async function removeOrganizationAdmin(req, res){
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id) {
return res.status(400).json({ error : "Invalid request"});
}
try{
await organization_admin_model.removeOrganizationAdmin(req.jwt.person_id, req.body.organization_id);
return res.status(200).json({success : true});
}
catch (error){
console.error(error);
return res.status(500).json({ error: "Internal server error"});
}
async function removeOrganizationAdmin (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id) {
return res.status(400).json({ error: 'Invalid request' });
}
try {
await organization_admin_model.removeOrganizationAdmin(req.jwt.person_id, req.body.organization_id);
return res.status(200).json({ success: true });
} catch (error) {
console.error(error);
return res.status(500).json({ error: 'Internal server error' });
}
}
module.exports = {
addOrganizationAdmin,
removeOrganizationAdmin
};
};

95
backend/apis/nodejs/src/routes/organization_post_routes.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -15,61 +15,58 @@ const knex = require('../utils/knex_config');
/**
* POST Request
*
*
* Creates a Post belonging to an organization
*
* Required field(s): organization_id, content
* @returns the inserted Post
* @returns the inserted Post
*/
async function createOrganizationPost(req, res){
async function createOrganizationPost (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.content) {
return res.status(400).json({ error: 'Invalid request' });
}
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.content) {
return res.status(400).json({ error : "Invalid request"});
}
try {
// Check if the current user is a organization's administrator
const isOrganizationAdmin = await knex('OrganizationAdministrator')
try {
// Check if the current user is a organization's administrator
const isOrganizationAdmin = await knex('OrganizationAdministrator')
.where('id_person', req.jwt.person_id)
.where('id_organization', req.body.organization_id)
.select('*')
.first();
// Non-exploitable TOC/TOU weakness
// For more information https://softwareengineering.stackexchange.com/questions/451038/when-should-i-be-worried-of-time-of-check-time-of-use-vulnerabilities-during-dat
if(!isOrganizationAdmin){
return res.status(403).json({error : "Forbidden"});
}
const organizationPost = await knex('OrganizationPost')
// Non-exploitable TOC/TOU weakness
// For more information https://softwareengineering.stackexchange.com/questions/451038/when-should-i-be-worried-of-time-of-check-time-of-use-vulnerabilities-during-dat
if (!isOrganizationAdmin) {
return res.status(403).json({ error: 'Forbidden' });
}
const organizationPost = await knex('OrganizationPost')
.insert({
organization_id: req.body.organization_id,
content: req.body.content,
original_author: req.jwt.person_id
})
.returning('*');
return res.status(200).json(organizationPost[0]);
}
catch (error) {
console.log("Error while creating Organization Post: " + error);
return res.status(500).json({error : "Internal server error"});
}
return res.status(200).json(organizationPost[0]);
} catch (error) {
console.log('Error while creating Organization Post: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
/**
* DELETE Request
*
*
* Deletes a Post belonging to an Organization, only if
* the logged user is an administrator of that Organization.
*
*
* Required field(s): none.
*/
async function deleteOrganizationPost(req, res){
async function deleteOrganizationPost (req, res) {
const organizationPostIdToDelete = req.params.id;
try{
try {
const isOrganizationAdmin = await knex('OrganizationPost')
.join('OrganizationAdministrator', 'OrganizationPost.organization_id', 'OrganizationAdministrator.id_organization')
.where('OrganizationPost.id', organizationPostIdToDelete)
@ -77,20 +74,18 @@ async function deleteOrganizationPost(req, res){
.select('*')
.first();
// Unexploitable TOC/TOU
if(isOrganizationAdmin){
await knex('OrganizationPost')
.where('id', organizationPostIdToDelete)
.del();
return res.status(200).json({success : true});
}
else{
return res.status(401).json({error : "Forbidden"});
}
}
catch (error) {
// Unexploitable TOC/TOU
if (isOrganizationAdmin) {
await knex('OrganizationPost')
.where('id', organizationPostIdToDelete)
.del();
return res.status(200).json({ success: true });
} else {
return res.status(401).json({ error: 'Forbidden' });
}
} catch (error) {
console.log(error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
@ -98,6 +93,6 @@ async function deleteOrganizationPost(req, res){
// means making a JavaScript function defined in one
// module available for use in another module.
module.exports = {
createOrganizationPost,
deleteOrganizationPost
};
createOrganizationPost,
deleteOrganizationPost
};

98
backend/apis/nodejs/src/routes/organization_routes.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -15,120 +15,111 @@ const organization_model = require('../models/organization_model');
/**
* POST Request
*
*
* Creates an Organization and its Administrator.
*
*
* Required field(s): name
*
* @returns the inserted organization
*/
async function createOrganization(req, res){
async function createOrganization (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.name) {
return res.status(400).json({ error : "Invalid request"});
return res.status(400).json({ error: 'Invalid request' });
}
try{
try {
const organization = organization_model.organization(req.body.name, req.body.location, req.body.description, req.body.is_hiring);
await organization_model.insertOrganization(organization, req.jwt.person_id);
return res.status(200).json({ Organization: organization });
}
catch (error){
} catch (error) {
console.error('Error creating Organization:', error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
/**
* PUT Request
* Updates an Organization's details
*
* Required field(s): none.
*/
async function updateOrganization(req, res){
async function updateOrganization (req, res) {
const updateOrganization = {};
if(req.body.name){
if (req.body.name) {
updateOrganization.name = req.body.name;
}
if(req.body.location){
if (req.body.location) {
updateOrganization.location = req.body.location;
}
if(req.body.description){
if (req.body.description) {
updateOrganization.description = req.body.description;
}
if(req.body.is_hiring){
if (req.body.is_hiring) {
updateOrganization.is_hiring = req.body.is_hiring;
}
if (Object.keys(updateOrganization).length === 0) {
return res.status(400).json({ error : "Bad request. No data to update"});
return res.status(400).json({ error: 'Bad request. No data to update' });
}
try {
const isUpdateSuccessful = organization_model.updateOrganizationIfAdministrator(updateOrganization, req.params.id, req.jwt.person_id);
if(isUpdateSuccessful){
return res.status(200).json({ success : "true"});
if (isUpdateSuccessful) {
return res.status(200).json({ success: 'true' });
} else {
return res.status(404).json({ error: 'Organization either not found or insufficient permissions' });
}
else{
return res.status(404).json({error : "Organization either not found or insufficient permissions"});
}
}
catch (error) {
} catch (error) {
console.log(error);
return res.status(500).json({error : "Internal server error"});
return res.status(500).json({ error: 'Internal server error' });
}
}
/**
* DELETE Request
*
*
* Deletes the specified organization if the logged user is
* one of its administrator
* one of its administrator
*/
async function deleteOrganization(req, res){
async function deleteOrganization (req, res) {
try {
const isDeleteSuccessful = organization_model.deleteOrganizationIfAdmin(req.params.id, req.jwt.person_id);
if(isDeleteSuccessful){
return res.status(403).json({error: "Forbidden"});
if (isDeleteSuccessful) {
return res.status(403).json({ error: 'Forbidden' });
} else {
return res.status(200).json({ success: true });
}
else{
return res.status(200).json({success: true});
}
}
catch (error) {
} catch (error) {
console.error(error);
return res.status(500).json({error : "Internal server error"});
return res.status(500).json({ error: 'Internal server error' });
}
}
/**
* GET Request
*
*
* Obtains an organization by its identifier.
*
*
* Required field(s): none.
*
*
* @returns the organization.
*/
async function getOrganization(req, res){
async function getOrganization (req, res) {
try {
const organization = await organization_model.getOrganizationById(req.params.id);
if(organization) {
if (organization) {
return res.status(200).json(organization);
} else {
return res.status(404).json({ error: 'Not found' });
}
else{
return res.status(404).json({error : "Not found"});
}
}
catch (error) {
console.error("Error retrieving an organization: " + error);
return res.status(500).json({error : "Internal server error"});
} catch (error) {
console.error('Error retrieving an organization: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -138,4 +129,3 @@ module.exports = {
updateOrganization,
deleteOrganization
};

189
backend/apis/nodejs/src/routes/person_routes.js
View File

@ -2,11 +2,11 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
@ -22,23 +22,22 @@ const person_model = require('../models/person_model');
* POST Request
*
* Registers a Person
*
*
* Required field(s): name, email (valid ISO standard), password
*
*
* @returns The activationlink identifier
*/
async function registerPerson(req, res){
async function registerPerson (req, res) {
// Does this server allow users to register?
if (process.env.ALLOW_USER_REGISTRATION === 'false'){
return res.status(403).json({error : "Users cannot register on this server"});
if (process.env.ALLOW_USER_REGISTRATION === 'false') {
return res.status(403).json({ error: 'Users cannot register on this server' });
}
// Ensure that the required fields are present before proceeding
if (!req.body.display_name || !req.body.email || !req.body.password) {
return res.status(400).json({ error : "Some or all required fields are missing"});
return res.status(400).json({ error: 'Some or all required fields are missing' });
}
if(!validator.validateEmail(req.body.email)){
return res.status(400).json({ error : "The email is not in a valid format"});
if (!validator.validateEmail(req.body.email)) {
return res.status(400).json({ error: 'The email is not in a valid format' });
}
// Generate activation link token
@ -46,14 +45,14 @@ async function registerPerson(req, res){
// Hash provided password
const hashPasswordPromise = bcrypt.hash(req.body.password, 10);
try{
try {
// Check whether e-mail exists already (enforced by database constraints)
const existingUser = await person_model.getPersonByEmail(req.body.email);
if(existingUser){
return res.status(409).json({ error: "E-mail already in use" });
if (existingUser) {
return res.status(409).json({ error: 'E-mail already in use' });
}
const personToInsert = person_model.person(
req.body.email,
req.body.email,
await hashPasswordPromise,
req.body.display_name,
req.body.date_of_birth,
@ -61,43 +60,40 @@ async function registerPerson(req, res){
true,
req.body.place_of_living);
await person_model.registerPerson(personToInsert, activationLink);
return res.status(200).json({ activationLink: activationLink });
}
catch (error){
return res.status(200).json({ activationLink });
} catch (error) {
console.error('Error registering person:', error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
/**
* POST Request
*
*
* Creates a token if the specified email
* and password are valid.
*
*
* Required field(s): email, password
*
* @returns The token
*/
async function login(req, res){
async function login (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.email || !req.body.password) {
return res.status(400).json({error : "Invalid request"});
return res.status(400).json({ error: 'Invalid request' });
}
try{
try {
const person = await person_model.getPersonByEmailAndPassword(req.body.email, req.body.password);
if (person){
if (person) {
const token = jwt_utils.generateToken(person.id);
res.status(200).json({token: token });
res.status(200).json({ token });
} else {
res.status(401).json({ error: 'Unauthorized' });
}
else{
res.status(401).json({error : "Unauthorized"});
}
} catch(error){
} catch (error) {
console.error('Error logging in: ', error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
@ -105,138 +101,131 @@ async function login(req, res){
* Obtain a Person's details if the
* Person to retrieve is either myself or an
* enabled Person.
*
*
* Required field(s): none
*
* @returns The Person
*/
async function getPerson(req, res){
async function getPerson (req, res) {
try {
const person = await person_model.getPersonById(req.params.id);
if(person){
if (person) {
// I am retrieving either myself or an enabled user
if(person.id == req.jwt.person_id || person.enabled){
delete person['password']; // remove password field for security reasons
if (person.id == req.jwt.person_id || person.enabled) {
delete person.password; // remove password field for security reasons
return res.status(200).send(person);
}
}
return res.status(404).json({error: "Not found"});
}
catch (error) {
console.log("Error while getting person: " + error);
return res.status(500).json({error : "Internal server error"});
return res.status(404).json({ error: 'Not found' });
} catch (error) {
console.log('Error while getting person: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
/**
*
*
* GET Request
*
*
* Get myself, from the JWT token
*
* @returns Person's details
*/
async function getMyself(req, res){
try{
async function getMyself (req, res) {
try {
const person = await person_model.getPersonById(req.jwt.person_id);
if(person){
delete person['password'];
if (person) {
delete person.password;
return res.status(200).send(person);
}
return res.status(404).json({error: "Not found"});
}
catch (error){
console.log("Error while getting myself: " + error);
return res.status(500).json({error : "Internal server error"});
return res.status(404).json({ error: 'Not found' });
} catch (error) {
console.log('Error while getting myself: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
/**
* PUT request
*
*
* Updates a Person's details. If some details are
* not present, they shall be ignored.
*
*
* Required field(s): none. Both old_password and
* new_password if updating the password.
*
*/
async function updatePerson(req, res){
if (req.jwt.person_id != req.params.id){
return res.status(403).json({ error : "Forbidden"});
async function updatePerson (req, res) {
if (req.jwt.person_id != req.params.id) {
return res.status(403).json({ error: 'Forbidden' });
}
const updatePerson = {};
if(req.body.display_name){
if (req.body.display_name) {
updatePerson.display_name = req.body.display_name;
}
if(req.body.date_of_birth){
if(validator.isPostgresDateFormatValid(req.body.date_of_birth)){
if (req.body.date_of_birth) {
if (validator.isPostgresDateFormatValid(req.body.date_of_birth)) {
updatePerson.date_of_birth = req.body.date_of_birth;
}
else{
return res.status(400).json({ error : "Date of birth format not valid. Please specify a YYYY-MM-DD date"});
} else {
return res.status(400).json({ error: 'Date of birth format not valid. Please specify a YYYY-MM-DD date' });
}
}
if(req.body.available){
if (req.body.available) {
updatePerson.available = req.body.available;
}
if(req.body.place_of_living){
if (req.body.place_of_living) {
updatePerson.place_of_living = req.body.place_of_living;
}
// If we are tying to change password, the old password must be provided
if(req.body.old_password && req.body.new_password){
if (req.body.old_password && req.body.new_password) {
const user = await knex('Person')
.select('password')
.where({ id: req.jwt.person_id })
.first();
const passwordMatches = await bcrypt.compare(req.body.old_password, user.password);
if(passwordMatches){
updatePerson.password = await bcrypt.hash(req.body.new_password, 10);
}
else{
return res.status(401).json({ error : "Password verification failed"});
}
const passwordMatches = await bcrypt.compare(req.body.old_password, user.password);
if (passwordMatches) {
updatePerson.password = await bcrypt.hash(req.body.new_password, 10);
} else {
return res.status(401).json({ error: 'Password verification failed' });
}
}
if (Object.keys(updatePerson).length === 0) {
return res.status(400).json({ error : "Bad request. No data to update"});
return res.status(400).json({ error: 'Bad request. No data to update' });
}
try {
await person_model.updatePerson(updatePerson, req.params.id);
return res.status(200).json({ success : "true"});
}
catch (error) {
console.log("Error while updating a Person: " + error);
return res.status(500).json({ error : "Internal server error"});
return res.status(200).json({ success: 'true' });
} catch (error) {
console.log('Error while updating a Person: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
/**
* GET Request
*
* Deletes a Person. An user can only delete
*
* Deletes a Person. An user can only delete
* themselves.
*
*
* Required field(s): none
*
*/
async function deletePerson(req, res) {
async function deletePerson (req, res) {
// TODO: Delete Organization if this user was its only administrator
try {
await person_model.deletePerson(req.jwt.person_id);
return res.status(200).json({success: true});
}
catch (error) {
console.log("Error deleting a Person: " + error);
return res.status(500).json({error : "Internal server error"});
return res.status(200).json({ success: true });
} catch (error) {
console.log('Error deleting a Person: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -244,10 +233,10 @@ async function deletePerson(req, res) {
// means making a JavaScript function defined in one
// module available for use in another module.
module.exports = {
registerPerson,
login,
getPerson,
getMyself,
updatePerson,
deletePerson
};
registerPerson,
login,
getPerson,
getMyself,
updatePerson,
deletePerson
};

76
backend/apis/nodejs/src/utils/jwt_utils.js
View File

@ -2,50 +2,50 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
const jwt = require('jsonwebtoken');
function generateToken(person_id) {
// The payload the JWT will carry within itself
const payload = {
person_id: person_id
};
const token = jwt.sign(payload, process.env.JWT_SECRET_KEY, {
expiresIn: '8h'
});
return token;
}
// Middlware
function verifyToken(req, res, next) {
const token = req.headers.authorization;
if (!token) {
return res.status(401).send({error : 'No token provided'});
}
jwt.verify(token, process.env.JWT_SECRET_KEY, (err, decoded) => {
if (err) {
return res.status(401).send({error : 'Failed to authenticate token'});
}
// If the token is valid, store the decoded data in the request object
// req.jwt will contain the payload created in generateToken
req.jwt = decoded;
next();
});
function generateToken (person_id) {
// The payload the JWT will carry within itself
const payload = {
person_id
};
const token = jwt.sign(payload, process.env.JWT_SECRET_KEY, {
expiresIn: '8h'
});
return token;
}
// Middlware
function verifyToken (req, res, next) {
const token = req.headers.authorization;
if (!token) {
return res.status(401).send({ error: 'No token provided' });
}
module.exports = {
generateToken,
verifyToken
};
jwt.verify(token, process.env.JWT_SECRET_KEY, (err, decoded) => {
if (err) {
return res.status(401).send({ error: 'Failed to authenticate token' });
}
// If the token is valid, store the decoded data in the request object
// req.jwt will contain the payload created in generateToken
req.jwt = decoded;
next();
});
}
module.exports = {
generateToken,
verifyToken
};

28
backend/apis/nodejs/src/utils/knex_config.js
View File

@ -2,24 +2,24 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
const knexInstance = require('knex')({
client: 'pg',
connection: {
host: process.env.POSTGRES_SERVER,
user: process.env.POSTGRES_USERNAME,
password: process.env.POSTGRES_PASSWORD,
port: process.env.POSTGRES_PORT,
database: 'Blink'
}
});
client: 'pg',
connection: {
host: process.env.POSTGRES_SERVER,
user: process.env.POSTGRES_USERNAME,
password: process.env.POSTGRES_PASSWORD,
port: process.env.POSTGRES_PORT,
database: 'Blink'
}
});
module.exports = knexInstance;
module.exports = knexInstance;

32
backend/apis/nodejs/src/utils/validation.js
View File

@ -2,37 +2,37 @@
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
/**
* Checks whether an e-mail is in a valid format
* @param {*} email email to validate
* @param {*} email email to validate
* @returns true or false
*/
function validateEmail(email) {
const regex = /^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$/;
return regex.test(email);
function validateEmail (email) {
const regex = /^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$/;
return regex.test(email);
}
/**
* Checks whether a date is in a correct Postgres
* format (YYYY-MM-DD)
* @param {*} dateString the date to validate
* @param {*} dateString the date to validate
* @returns true or false
*/
function isPostgresDateFormatValid(dateString) {
const regex = /^\d{4}-\d{2}-\d{2}$/;
return regex.test(dateString);
function isPostgresDateFormatValid (dateString) {
const regex = /^\d{4}-\d{2}-\d{2}$/;
return regex.test(dateString);
}
module.exports = {
validateEmail,
isPostgresDateFormatValid
};
validateEmail,
isPostgresDateFormatValid
};