body length

This commit is contained in:
Yanis Rigaudeau 2022-11-02 20:36:13 +01:00
parent 82d356ef5e
commit 5c21712344
Signed by: yanis
GPG Key ID: 4DD2841DF1C94D83
3 changed files with 14 additions and 16 deletions

View File

@ -35,36 +35,34 @@ export function CheckPermissions(): RequestHandler {
return (req, res, next) => {
if (!req.session.user) {
next({ status: 401, messsage: 'Unauthorized' });
return;
return next({ status: 401, messsage: 'Unauthorized' });
}
if (req.session.user.role === UserRoles.ADMIN) {
next();
return;
return next();
}
const ressourceId = getResourceId(req);
if (!ressourceId) {
next({ status: 403, messsage: 'Forbidden' });
return;
return next({ status: 403, messsage: 'Forbidden' });
}
if (canAccessRessource(req.session.user, ressourceId)) {
next();
return;
} else {
next({ status: 403, messsage: 'Forbidden' });
return;
return next();
}
// Should be unreachable
next({ status: 403, messsage: 'Forbidden' });
};
}
export function SchemaValidator(): RequestHandler {
export function SchemaValidator(keys: number = 0): RequestHandler {
return (req, res, next) => {
if (Object.keys(req.body).length > keys)
return next({
status: 400,
message: `Found ${Object.keys(req.body).length} keys expected ${keys}`,
});
const error = validationResult(req);
error.isEmpty()
? next()

View File

@ -66,7 +66,7 @@ export function Routes(services: Services) {
router.post(
'/login',
LoginUserSchema(),
SchemaValidator(),
SchemaValidator(2),
LoginHandler(services),
);
router.post(
@ -87,7 +87,7 @@ export function Routes(services: Services) {
'/create',
CheckPermissions(),
CreateUserSchema(),
SchemaValidator(),
SchemaValidator(3),
CreateHandler(services),
);

View File

@ -1,5 +1,5 @@
#!/usr/bin/python
from os import chdir, system, path
from os import chdir, path
from sys import argv
from subprocess import run, PIPE
from multiprocessing import Process