body length

api/src/framework/express/middleware.ts

@@ -35,36 +35,34 @@ export function CheckPermissions(): RequestHandler {
 
   return (req, res, next) => {
     if (!req.session.user) {
-      next({ status: 401, messsage: 'Unauthorized' });
-      return;
+      return next({ status: 401, messsage: 'Unauthorized' });
     }
 
     if (req.session.user.role === UserRoles.ADMIN) {
-      next();
-      return;
+      return next();
     }
 
     const ressourceId = getResourceId(req);
     if (!ressourceId) {
-      next({ status: 403, messsage: 'Forbidden' });
-      return;
+      return next({ status: 403, messsage: 'Forbidden' });
     }
 
     if (canAccessRessource(req.session.user, ressourceId)) {
-      next();
-      return;
-    } else {
-      next({ status: 403, messsage: 'Forbidden' });
-      return;
+      return next();
     }
 
-    // Should be unreachable
     next({ status: 403, messsage: 'Forbidden' });
   };
 }
 
-export function SchemaValidator(): RequestHandler {
+export function SchemaValidator(keys: number = 0): RequestHandler {
   return (req, res, next) => {
+    if (Object.keys(req.body).length > keys)
+      return next({
+        status: 400,
+        message: `Found ${Object.keys(req.body).length} keys expected ${keys}`,
+      });
+
     const error = validationResult(req);
     error.isEmpty()
       ? next()

api/src/framework/express/user.ts

@@ -66,7 +66,7 @@ export function Routes(services: Services) {
   router.post(
     '/login',
     LoginUserSchema(),
-    SchemaValidator(),
+    SchemaValidator(2),
     LoginHandler(services),
   );
   router.post(
@@ -87,7 +87,7 @@ export function Routes(services: Services) {
     '/create',
     CheckPermissions(),
     CreateUserSchema(),
-    SchemaValidator(),
+    SchemaValidator(3),
     CreateHandler(services),
   );
 

scripts/tools.py

@@ -1,5 +1,5 @@
 #!/usr/bin/python
-from os import chdir, system, path
+from os import chdir, path
 from sys import argv
 from subprocess import run, PIPE
 from multiprocessing import Process