validating organization admin

backend/apis/nodejs/src/routes/organization_admin_routes.js

@@ -14,6 +14,7 @@
 const organizationAdminModel = require('../models/organization_admin_model');
 const express = require('express');
 const jwtUtils = require('../utils/middleware_utils');
+const organizationAdminValidator = require('../utils/validators/organization_admin_validator');
 
 /**
  * POST Method
@@ -24,19 +25,16 @@ const jwtUtils = require('../utils/middleware_utils');
  * Required field(s): organization_id, person_id
  */
 async function addOrganizationAdmin(req, res) {
-  // Ensure that the required fields are present before proceeding
+  try {
-  if (!req.params.id || !req.body.person_id) {
+    const errors = organizationAdminValidator.validationResult(req);
+    if (!errors.isEmpty()) {
       return res.status(400).json({
-      error: 'Invalid request'
+        errors: errors.array()
       });
     }
-
+    const success = await organizationAdminModel.addOrganizationAdministrator(req.body.person_id, req.params.organizationId, req.jwt.person_id);
-  try {
-    const success = await organizationAdminModel.addOrganizationAdministrator(req.body.person_id, req.params.id, req.jwt.person_id);
     if (success) {
-      return res.status(200).json({
+      return res.status(204).send();
-        success: true
-      });
     }
     return res.status(403).json({
       error: 'Forbidden'
@@ -59,18 +57,15 @@ async function addOrganizationAdmin(req, res) {
  * Required field(s): organization_id
  */
 async function removeOrganizationAdmin(req, res) {
-  // Ensure that the required fields are present before proceeding
+  try {
-  if (!req.params.organizationId) {
+    const errors = organizationAdminValidator.validationResult(req);
+    if (!errors.isEmpty()) {
       return res.status(400).json({
-      error: 'Invalid request'
+        errors: errors.array()
       });
     }
-
-  try {
     await organizationAdminModel.removeOrganizationAdmin(req.jwt.person_id, req.params.organizationId);
-    return res.status(200).json({
+    return res.status(204).send();
-      success: true
-    });
   } catch (error) {
     console.error(`Error in function ${removeOrganizationAdmin.name}: ${error}`);
     return res.status(500).json({
@@ -81,8 +76,8 @@ async function removeOrganizationAdmin(req, res) {
 
 const protectedRoutes = express.Router();
 protectedRoutes.use(jwtUtils.verifyToken);
-protectedRoutes.post('/organizations/:id/admins', addOrganizationAdmin);
+protectedRoutes.post('/organizations/:organizationId/admins', organizationAdminValidator.addOrganizationAdminValidator, addOrganizationAdmin);
-protectedRoutes.delete('/organizations/:organizationId/admins/me', removeOrganizationAdmin);
+protectedRoutes.delete('/organizations/:organizationId/admins/me', organizationAdminValidator.removeOrganizationAdminValidator, removeOrganizationAdmin);
 
 module.exports = {
   protectedRoutes

backend/apis/nodejs/src/utils/validators/organization_admin_validator.js

@@ -0,0 +1,32 @@
+/*
+    This code is part of Blink
+    licensed under GPLv3
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED,  INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+    THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+    IN THE SOFTWARE.
+*/
+
+const {
+    check,
+    validationResult
+} = require("express-validator");
+
+const addOrganizationAdminValidator = [
+    check('id').trim().notEmpty().escape(),
+    check('organizationId').trim().notEmpty().escape()
+];
+
+const removeOrganizationAdminValidator = [
+    check('organizationId').trim().notEmpty().escape()
+]
+
+module.exports = {
+    validationResult,
+    addOrganizationAdminValidator,
+    removeOrganizationAdminValidator
+}