mirror of
				https://github.com/xfarrow/blink
				synced 2025-06-27 09:03:02 +02:00 
			
		
		
		
	Beginning validation middlewares
This commit is contained in:
		| @@ -11,7 +11,7 @@ | ||||
|     IN THE SOFTWARE. | ||||
| */ | ||||
|  | ||||
| const validator = require('../utils/validation'); | ||||
| const validator = require('../utils/person_validator'); | ||||
| const jwtUtils = require('../utils/middleware_utils'); | ||||
| const bcrypt = require('bcrypt'); | ||||
| const crypto = require('crypto'); | ||||
| @@ -29,23 +29,19 @@ const express = require('express'); | ||||
|  * @returns The activationlink identifier | ||||
|  */ | ||||
| async function registerPerson(req, res) { | ||||
|  | ||||
|   const errors = validator.validationResult(req); | ||||
|  | ||||
|   if (!errors.isEmpty()) { | ||||
|     return res.status(400).json({ errors: errors.array() }); | ||||
|   } | ||||
|  | ||||
|   // Does this server allow users to register? | ||||
|   if (process.env.ALLOW_USER_REGISTRATION === 'false') { | ||||
|     return res.status(403).json({ | ||||
|       error: 'Users cannot register on this server' | ||||
|     }); | ||||
|   } | ||||
|   // Ensure that the required fields are present before proceeding | ||||
|   if (!req.body.display_name || !req.body.email || !req.body.password) { | ||||
|     return res.status(400).json({ | ||||
|       error: 'Some or all required fields are missing' | ||||
|     }); | ||||
|   } | ||||
|   if (!validator.validateEmail(req.body.email)) { | ||||
|     return res.status(400).json({ | ||||
|       error: 'The email is not in a valid format' | ||||
|     }); | ||||
|   } | ||||
|  | ||||
|   // Generate activation link token | ||||
|   const activationLink = crypto.randomBytes(16).toString('hex'); | ||||
| @@ -93,12 +89,6 @@ async function registerPerson(req, res) { | ||||
|  * @returns The token | ||||
|  */ | ||||
| async function createTokenByEmailAndPassword(req, res) { | ||||
|   // Ensure that the required fields are present before proceeding | ||||
|   if (!req.body.email || !req.body.password) { | ||||
|     return res.status(400).json({ | ||||
|       error: 'Invalid request' | ||||
|     }); | ||||
|   } | ||||
|  | ||||
|   try { | ||||
|     const person = await personModel.getPersonByEmailAndPassword(req.body.email, req.body.password); | ||||
| @@ -312,8 +302,8 @@ async function confirmActivation(req, res) { | ||||
| } | ||||
|  | ||||
| const publicRoutes = express.Router(); // Routes not requiring token | ||||
| publicRoutes.post('/persons', registerPerson); | ||||
| publicRoutes.post('/persons/me/token', createTokenByEmailAndPassword); | ||||
| publicRoutes.post('/persons', validator.registerValidator, registerPerson); | ||||
| publicRoutes.post('/persons/me/token', validator.getTokenValidator, createTokenByEmailAndPassword); | ||||
| publicRoutes.get('/persons/:id/details', getPerson); | ||||
| publicRoutes.get('/persons/me/activation', confirmActivation); | ||||
|  | ||||
|   | ||||
							
								
								
									
										51
									
								
								backend/apis/nodejs/src/utils/person_validator.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								backend/apis/nodejs/src/utils/person_validator.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,51 @@ | ||||
| /* | ||||
|     This code is part of Blink | ||||
|     licensed under GPLv3 | ||||
|  | ||||
|     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
|     IMPLIED,  INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
|     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | ||||
|     THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
|     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||||
|     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS | ||||
|     IN THE SOFTWARE. | ||||
| */ | ||||
|  | ||||
| const { | ||||
|   check, | ||||
|   validationResult | ||||
| } = require("express-validator"); | ||||
|  | ||||
| const registerValidator = [ | ||||
|   check('display_name').trim().notEmpty().escape().isLength({ | ||||
|     max: 128 | ||||
|   }), | ||||
|   check('email').isEmail().normalizeEmail().escape().isLength({ | ||||
|     max: 128 | ||||
|   }), | ||||
|   check('password').isLength({ | ||||
|     min: 5 | ||||
|   }).trim().escape().withMessage('Password must be at leat 5 characters long'), | ||||
|   check('date_of_birth').optional().isDate().withMessage('Invalid date format. Date must be YYYY-MM-DD'), | ||||
|   check('available').optional().isBoolean(), | ||||
|   check('place_of_living').isLength({ | ||||
|     max: 128 | ||||
|   }).escape(), | ||||
|   check('about_me').isLength({ | ||||
|     max: 4096 | ||||
|   }).escape(), | ||||
|   check('qualification').isLength({ | ||||
|     max: 64 | ||||
|   }).escape(), | ||||
| ]; | ||||
|  | ||||
| const getTokenValidator = [ | ||||
|   check('email').isEmail().normalizeEmail().escape(), | ||||
|   check('password').notEmpty().trim().escape() | ||||
| ]; | ||||
|  | ||||
| module.exports = { | ||||
|   registerValidator, | ||||
|   getTokenValidator, | ||||
|   validationResult | ||||
| }; | ||||
| @@ -1,38 +0,0 @@ | ||||
| /* | ||||
|     This code is part of Blink | ||||
|     licensed under GPLv3 | ||||
|  | ||||
|     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
|     IMPLIED,  INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
|     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | ||||
|     THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
|     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||||
|     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS | ||||
|     IN THE SOFTWARE. | ||||
| */ | ||||
|  | ||||
| /** | ||||
|  * Checks whether an e-mail is in a valid format | ||||
|  * @param {*} email email to validate | ||||
|  * @returns true or false | ||||
|  */ | ||||
| function validateEmail(email) { | ||||
|   const regex = /^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$/; | ||||
|   return regex.test(email); | ||||
| } | ||||
|  | ||||
| /** | ||||
|  * Checks whether a date is in a correct Postgres | ||||
|  * format (YYYY-MM-DD) | ||||
|  * @param {*} dateString the date to validate | ||||
|  * @returns true or false | ||||
|  */ | ||||
| function isPostgresDateFormatValid(dateString) { | ||||
|   const regex = /^\d{4}-\d{2}-\d{2}$/; | ||||
|   return regex.test(dateString); | ||||
| } | ||||
|  | ||||
| module.exports = { | ||||
|   validateEmail, | ||||
|   isPostgresDateFormatValid | ||||
| }; | ||||
		Reference in New Issue
	
	Block a user