From 34ca3b5225479a5da986c86ee4c42a73ae6df5ad Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Sat, 7 Nov 2015 14:16:26 +0100 Subject: Add requests parameters validations --- middlewares/reqValidators/index.js | 11 ++++++ middlewares/reqValidators/pods.js | 19 +++++++++++ middlewares/reqValidators/remote.js | 40 ++++++++++++++++++++++ middlewares/reqValidators/utils.js | 22 ++++++++++++ middlewares/reqValidators/videos.js | 67 +++++++++++++++++++++++++++++++++++++ 5 files changed, 159 insertions(+) create mode 100644 middlewares/reqValidators/index.js create mode 100644 middlewares/reqValidators/pods.js create mode 100644 middlewares/reqValidators/remote.js create mode 100644 middlewares/reqValidators/utils.js create mode 100644 middlewares/reqValidators/videos.js (limited to 'middlewares/reqValidators') diff --git a/middlewares/reqValidators/index.js b/middlewares/reqValidators/index.js new file mode 100644 index 000000000..1ea611031 --- /dev/null +++ b/middlewares/reqValidators/index.js @@ -0,0 +1,11 @@ +;(function () { + 'use strict' + + var reqValidator = { + videos: require('./videos'), + pods: require('./pods'), + remote: require('./remote') + } + + module.exports = reqValidator +})() diff --git a/middlewares/reqValidators/pods.js b/middlewares/reqValidators/pods.js new file mode 100644 index 000000000..31eaf8449 --- /dev/null +++ b/middlewares/reqValidators/pods.js @@ -0,0 +1,19 @@ +;(function () { + 'use strict' + + var checkErrors = require('./utils').checkErrors + var logger = require('../../src/logger') + + var pods = {} + + pods.podsAdd = function (req, res, next) { + req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true }) + req.checkBody('data.publicKey', 'Should have a public key').notEmpty() + + logger.debug('Checking podsAdd parameters', { parameters: req.body }) + + checkErrors(req, res, next) + } + + module.exports = pods +})() diff --git a/middlewares/reqValidators/remote.js b/middlewares/reqValidators/remote.js new file mode 100644 index 000000000..e851b49a4 --- /dev/null +++ b/middlewares/reqValidators/remote.js @@ -0,0 +1,40 @@ +;(function () { + 'use strict' + + var checkErrors = require('./utils').checkErrors + var logger = require('../../src/logger') + + var remote = {} + + remote.secureRequest = function (req, res, next) { + req.checkBody('signature.url', 'Should have a signature url').isURL() + req.checkBody('signature.signature', 'Should have a signature').notEmpty() + req.checkBody('key', 'Should have a key').notEmpty() + req.checkBody('data', 'Should have data').notEmpty() + + logger.debug('Checking secureRequest parameters', { parameters: req.body }) + + checkErrors(req, res, next) + } + + remote.remoteVideosAdd = function (req, res, next) { + req.checkBody('data.name', 'Should have a name').isLength(1, 50) + req.checkBody('data.description', 'Should have a description').isLength(1, 250) + req.checkBody('data.magnetUri', 'Should have a magnetUri').notEmpty() + req.checkBody('data.podUrl', 'Should have a podUrl').isURL() + + logger.debug('Checking remoteVideosAdd parameters', { parameters: req.body }) + + checkErrors(req, res, next) + } + + remote.remoteVideosRemove = function (req, res, next) { + req.checkBody('data.magnetUri', 'Should have a magnetUri').notEmpty() + + logger.debug('Checking remoteVideosRemove parameters', { parameters: req.body }) + + checkErrors(req, res, next) + } + + module.exports = remote +})() diff --git a/middlewares/reqValidators/utils.js b/middlewares/reqValidators/utils.js new file mode 100644 index 000000000..91ead27a5 --- /dev/null +++ b/middlewares/reqValidators/utils.js @@ -0,0 +1,22 @@ +;(function () { + 'use strict' + + var util = require('util') + var logger = require('../../src/logger') + + var utils = {} + + utils.checkErrors = function (req, res, next, status_code) { + if (status_code === undefined) status_code = 400 + var errors = req.validationErrors() + + if (errors) { + logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors }) + return res.status(status_code).send('There have been validation errors: ' + util.inspect(errors)) + } + + return next() + } + + module.exports = utils +})() diff --git a/middlewares/reqValidators/videos.js b/middlewares/reqValidators/videos.js new file mode 100644 index 000000000..3763a657c --- /dev/null +++ b/middlewares/reqValidators/videos.js @@ -0,0 +1,67 @@ +;(function () { + 'use strict' + + var checkErrors = require('./utils').checkErrors + var VideosDB = require('../../src/database').VideosDB + var logger = require('../../src/logger') + + var videos = {} + + function findVideoById (id, callback) { + VideosDB.findById(id, { _id: 1, namePath: 1 }).limit(1).exec(function (err, video) { + if (err) throw err + + callback(video) + }) + } + + videos.videosSearch = function (req, res, next) { + req.checkParams('name', 'Should have a name').notEmpty() + + logger.debug('Checking videosSearch parameters', { parameters: req.params }) + + checkErrors(req, res, next) + } + + videos.videosAdd = function (req, res, next) { + req.checkFiles('input_video.originalname', 'Should have an input video').notEmpty() + req.checkFiles('input_video.mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i) + req.checkBody('name', 'Should have a name').isLength(1, 50) + req.checkBody('description', 'Should have a description').isLength(1, 250) + + logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) + + checkErrors(req, res, next) + } + + videos.videosGet = function (req, res, next) { + req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() + + logger.debug('Checking videosGet parameters', { parameters: req.params }) + + checkErrors(req, res, function () { + findVideoById(req.params.id, function (video) { + if (!video) return res.status(404).send('Video not found') + + next() + }) + }) + } + + videos.videosRemove = function (req, res, next) { + req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() + + logger.debug('Checking videosRemove parameters', { parameters: req.params }) + + checkErrors(req, res, function () { + findVideoById(req.params.id, function (video) { + if (!video) return res.status(404).send('Video not found') + else if (video.namePath === null) return res.status(403).send('Cannot remove video of another pod') + + next() + }) + }) + } + + module.exports = videos +})() -- cgit v1.2.3