yanis/rate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update + schema validate

Browse Source
This commit is contained in:
Yanis Rigaudeau
2022-11-06 18:40:30 +01:00
parent 5c21712344
commit 0bb28ce89a
12 changed files with 163 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
api/src/framework/express/middleware.ts
View File

@ -1,6 +1,6 @@
import { ErrorRequestHandler, Request, RequestHandler } from 'express';
import { randomUUID } from 'crypto';
import { validationResult } from 'express-validator';
import { validationResult, matchedData } from 'express-validator';
import { UserInfo, UserRoles } from '@core';
declare module 'express-session' {
@ -10,22 +10,21 @@ declare module 'express-session' {
}
export function getRequestId(req: Request): string {
return req.header('request-id') || 'unknown';
return req.header('x-request-id') || 'unknown';
}
export function RequestId(): RequestHandler {
return (req, res, next) => {
req.headers['request-id'] = randomUUID();
req.headers['x-request-id'] = randomUUID();
next();
};
}
export function CheckPermissions(): RequestHandler {
function getResourceId(req: Request): string | null {
if (req.method === 'GET' && req.params.uuid) return req.params.uuid;
if ((req.method === 'POST' || req.method === 'PUT') && req.body.uuid)
return req.body.uuid;
return null;
function getResourceId(req: Request): string | undefined {
if (req.params.uuid) return req.params.uuid;
if (req.body.uuid) return req.body.uuid;
return undefined;
}
function canAccessRessource(user: UserInfo, uuid: string): boolean {
@ -55,15 +54,19 @@ export function CheckPermissions(): RequestHandler {
};
}
export function SchemaValidator(keys: number = 0): RequestHandler {
export function ValidateSchema(): RequestHandler {
return (req, res, next) => {
if (Object.keys(req.body).length > keys)
const error = validationResult(req);
const oldBody = req.body;
req.body = matchedData(req, { locations: ['body'] });
if (JSON.stringify(oldBody) !== JSON.stringify(req.body))
return next({
status: 400,
message: `Found ${Object.keys(req.body).length} keys expected ${keys}`,
status: 422,
message: 'Unprocessable Entity',
});
const error = validationResult(req);
error.isEmpty()
? next()
: next({