diff --git a/src/api/endpoints/users/followers.js b/src/api/endpoints/users/followers.ts similarity index 72% rename from src/api/endpoints/users/followers.js rename to src/api/endpoints/users/followers.ts index 598c3b6bc..011a1c70c 100644 --- a/src/api/endpoints/users/followers.js +++ b/src/api/endpoints/users/followers.ts @@ -3,7 +3,7 @@ /** * Module dependencies */ -import * as mongo from 'mongodb'; +import it from '../../it'; import User from '../../models/user'; import Following from '../../models/following'; import serialize from '../../serializers/user'; @@ -20,33 +20,24 @@ module.exports = (params, me) => new Promise(async (res, rej) => { // Get 'user_id' parameter - const userId = params.user_id; - if (userId === undefined || userId === null) { - return rej('user_id is required'); - } + const [userId, userIdErr] = it(params.user_id, 'id', true); + if (userIdErr) return rej('invalid user_id param'); // Get 'iknow' parameter - const iknow = params.iknow; + const [iknow, iknowErr] = it(params.iknow).expect.boolean().default(false).qed(); + if (iknowErr) return rej('invalid iknow param'); // Get 'limit' parameter - let limit = params.limit; - if (limit !== undefined && limit !== null) { - limit = parseInt(limit, 10); - - // From 1 to 100 - if (!(1 <= limit && limit <= 100)) { - return rej('invalid limit range'); - } - } else { - limit = 10; - } + const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed(); + if (limitErr) return rej('invalid limit param'); // Get 'cursor' parameter - const cursor = params.cursor || null; + const [cursor, cursorErr] = it(params.cursor).expect.id().default(null).qed(); + if (cursorErr) return rej('invalid cursor param'); // Lookup user const user = await User.findOne({ - _id: new mongo.ObjectID(userId) + _id: userId }, { fields: { _id: true @@ -61,7 +52,7 @@ module.exports = (params, me) => const query = { followee_id: user._id, deleted_at: { $exists: false } - }; + } as any; // ログインしていてかつ iknow フラグがあるとき if (me && iknow) { @@ -76,7 +67,7 @@ module.exports = (params, me) => // カーソルが指定されている場合 if (cursor) { query._id = { - $lt: new mongo.ObjectID(cursor) + $lt: cursor }; } diff --git a/src/api/endpoints/users/following.js b/src/api/endpoints/users/following.ts similarity index 72% rename from src/api/endpoints/users/following.js rename to src/api/endpoints/users/following.ts index 36868d6d5..df5c05835 100644 --- a/src/api/endpoints/users/following.js +++ b/src/api/endpoints/users/following.ts @@ -3,7 +3,7 @@ /** * Module dependencies */ -import * as mongo from 'mongodb'; +import it from '../../it'; import User from '../../models/user'; import Following from '../../models/following'; import serialize from '../../serializers/user'; @@ -20,33 +20,24 @@ module.exports = (params, me) => new Promise(async (res, rej) => { // Get 'user_id' parameter - const userId = params.user_id; - if (userId === undefined || userId === null) { - return rej('user_id is required'); - } + const [userId, userIdErr] = it(params.user_id, 'id', true); + if (userIdErr) return rej('invalid user_id param'); // Get 'iknow' parameter - const iknow = params.iknow; + const [iknow, iknowErr] = it(params.iknow).expect.boolean().default(false).qed(); + if (iknowErr) return rej('invalid iknow param'); // Get 'limit' parameter - let limit = params.limit; - if (limit !== undefined && limit !== null) { - limit = parseInt(limit, 10); - - // From 1 to 100 - if (!(1 <= limit && limit <= 100)) { - return rej('invalid limit range'); - } - } else { - limit = 10; - } + const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed(); + if (limitErr) return rej('invalid limit param'); // Get 'cursor' parameter - const cursor = params.cursor || null; + const [cursor, cursorErr] = it(params.cursor).expect.id().default(null).qed(); + if (cursorErr) return rej('invalid cursor param'); // Lookup user const user = await User.findOne({ - _id: new mongo.ObjectID(userId) + _id: userId }, { fields: { _id: true @@ -61,7 +52,7 @@ module.exports = (params, me) => const query = { follower_id: user._id, deleted_at: { $exists: false } - }; + } as any; // ログインしていてかつ iknow フラグがあるとき if (me && iknow) { @@ -76,7 +67,7 @@ module.exports = (params, me) => // カーソルが指定されている場合 if (cursor) { query._id = { - $lt: new mongo.ObjectID(cursor) + $lt: cursor }; } diff --git a/src/api/endpoints/users/posts.js b/src/api/endpoints/users/posts.ts similarity index 52% rename from src/api/endpoints/users/posts.js rename to src/api/endpoints/users/posts.ts index d358c4b4d..526ed1ee1 100644 --- a/src/api/endpoints/users/posts.js +++ b/src/api/endpoints/users/posts.ts @@ -3,7 +3,7 @@ /** * Module dependencies */ -import * as mongo from 'mongodb'; +import it from '../../it'; import Post from '../../models/post'; import User from '../../models/user'; import serialize from '../../serializers/post'; @@ -19,56 +19,44 @@ module.exports = (params, me) => new Promise(async (res, rej) => { // Get 'user_id' parameter - let userId = params.user_id; - if (userId === undefined || userId === null || userId === '') { - userId = null; - } + const [userId, userIdErr] = it(params.user_id, 'id'); + if (userIdErr) return rej('invalid user_id param'); // Get 'username' parameter - let username = params.username; - if (username === undefined || username === null || username === '') { - username = null; - } + const [username, usernameErr] = it(params.username, 'string'); + if (usernameErr) return rej('invalid username param'); if (userId === null && username === null) { return rej('user_id or username is required'); } - // Get 'with_replies' parameter - let withReplies = params.with_replies; - if (withReplies == null) { - withReplies = true; - } + // Get 'include_replies' parameter + const [includeReplies, includeRepliesErr] = it(params.include_replies).expect.boolean().default(true).qed(); + if (includeRepliesErr) return rej('invalid include_replies param'); // Get 'with_media' parameter - let withMedia = params.with_media; - if (withMedia == null) { - withMedia = false; - } + const [withMedia, withMediaErr] = it(params.with_media).expect.boolean().default(false).qed(); + if (withMediaErr) return rej('invalid with_media param'); // Get 'limit' parameter - let limit = params.limit; - if (limit !== undefined && limit !== null) { - limit = parseInt(limit, 10); + const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed(); + if (limitErr) return rej('invalid limit param'); - // From 1 to 100 - if (!(1 <= limit && limit <= 100)) { - return rej('invalid limit range'); - } - } else { - limit = 10; - } + // Get 'since_id' parameter + const [sinceId, sinceIdErr] = it(params.since_id).expect.id().qed(); + if (sinceIdErr) return rej('invalid since_id param'); - const since = params.since_id || null; - const max = params.max_id || null; + // Get 'max_id' parameter + const [maxId, maxIdErr] = it(params.max_id).expect.id().qed(); + if (maxIdErr) return rej('invalid max_id param'); // Check if both of since_id and max_id is specified - if (since !== null && max !== null) { + if (sinceId !== null && maxId !== null) { return rej('cannot set since_id and max_id'); } const q = userId != null - ? { _id: new mongo.ObjectID(userId) } + ? { _id: userId } : { username_lower: username.toLowerCase() } ; // Lookup user @@ -88,19 +76,19 @@ module.exports = (params, me) => }; const query = { user_id: user._id - }; - if (since !== null) { + } as any; + if (sinceId) { sort._id = 1; query._id = { - $gt: new mongo.ObjectID(since) + $gt: sinceId }; - } else if (max !== null) { + } else if (maxId) { query._id = { - $lt: new mongo.ObjectID(max) + $lt: maxId }; } - if (!withReplies) { + if (!includeReplies) { query.reply_to_id = null; } diff --git a/src/api/endpoints/users/recommendation.js b/src/api/endpoints/users/recommendation.ts similarity index 68% rename from src/api/endpoints/users/recommendation.js rename to src/api/endpoints/users/recommendation.ts index 0045683a5..c37ae4c97 100644 --- a/src/api/endpoints/users/recommendation.js +++ b/src/api/endpoints/users/recommendation.ts @@ -3,6 +3,7 @@ /** * Module dependencies */ +import it from '../../it'; import User from '../../models/user'; import serialize from '../../serializers/user'; import getFriends from '../../common/get-friends'; @@ -18,25 +19,12 @@ module.exports = (params, me) => new Promise(async (res, rej) => { // Get 'limit' parameter - let limit = params.limit; - if (limit !== undefined && limit !== null) { - limit = parseInt(limit, 10); - - // From 1 to 100 - if (!(1 <= limit && limit <= 100)) { - return rej('invalid limit range'); - } - } else { - limit = 10; - } + const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed(); + if (limitErr) return rej('invalid limit param'); // Get 'offset' parameter - let offset = params.offset; - if (offset !== undefined && offset !== null) { - offset = parseInt(offset, 10); - } else { - offset = 0; - } + const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed(); + if (offsetErr) return rej('invalid offset param'); // ID list of the user itself and other users who the user follows const followingIds = await getFriends(me._id); diff --git a/src/api/endpoints/users/search.js b/src/api/endpoints/users/search.ts similarity index 79% rename from src/api/endpoints/users/search.js rename to src/api/endpoints/users/search.ts index b1f453732..3fb08b0a3 100644 --- a/src/api/endpoints/users/search.js +++ b/src/api/endpoints/users/search.ts @@ -4,6 +4,7 @@ * Module dependencies */ import * as mongo from 'mongodb'; +import it from '../../it'; import User from '../../models/user'; import serialize from '../../serializers/user'; import config from '../../../conf'; @@ -20,31 +21,16 @@ module.exports = (params, me) => new Promise(async (res, rej) => { // Get 'query' parameter - let query = params.query; - if (query === undefined || query === null || query.trim() === '') { - return rej('query is required'); - } + const [query, queryError] = it(params.query).expect.string().required().trim().validate(x => x != '').qed(); + if (queryError) return rej('invalid query param'); // Get 'offset' parameter - let offset = params.offset; - if (offset !== undefined && offset !== null) { - offset = parseInt(offset, 10); - } else { - offset = 0; - } + const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed(); + if (offsetErr) return rej('invalid offset param'); // Get 'max' parameter - let max = params.max; - if (max !== undefined && max !== null) { - max = parseInt(max, 10); - - // From 1 to 30 - if (!(1 <= max && max <= 30)) { - return rej('invalid max range'); - } - } else { - max = 10; - } + const [max, maxErr] = it(params.max).expect.number().range(1, 30).default(10).qed(); + if (maxErr) return rej('invalid max param'); // If Elasticsearch is available, search by it // If not, search by MongoDB diff --git a/src/api/endpoints/users/search_by_username.js b/src/api/endpoints/users/search_by_username.ts similarity index 50% rename from src/api/endpoints/users/search_by_username.js rename to src/api/endpoints/users/search_by_username.ts index 7fe6f3409..540c48e7c 100644 --- a/src/api/endpoints/users/search_by_username.js +++ b/src/api/endpoints/users/search_by_username.ts @@ -3,8 +3,9 @@ /** * Module dependencies */ -import * as mongo from 'mongodb'; +import it from '../../it'; import User from '../../models/user'; +import { validateUsername } from '../../models/user'; import serialize from '../../serializers/user'; /** @@ -18,37 +19,16 @@ module.exports = (params, me) => new Promise(async (res, rej) => { // Get 'query' parameter - let query = params.query; - if (query === undefined || query === null || query.trim() === '') { - return rej('query is required'); - } - - query = query.trim(); - - if (!/^[a-zA-Z0-9-]+$/.test(query)) { - return rej('invalid query'); - } - - // Get 'limit' parameter - let limit = params.limit; - if (limit !== undefined && limit !== null) { - limit = parseInt(limit, 10); - - // From 1 to 100 - if (!(1 <= limit && limit <= 100)) { - return rej('invalid limit range'); - } - } else { - limit = 10; - } + const [query, queryError] = it(params.query).expect.string().required().trim().validate(validateUsername).qed(); + if (queryError) return rej('invalid query param'); // Get 'offset' parameter - let offset = params.offset; - if (offset !== undefined && offset !== null) { - offset = parseInt(offset, 10); - } else { - offset = 0; - } + const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed(); + if (offsetErr) return rej('invalid offset param'); + + // Get 'limit' parameter + const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed(); + if (limitErr) return rej('invalid limit param'); const users = await User .find({ diff --git a/src/api/endpoints/users/show.js b/src/api/endpoints/users/show.ts similarity index 64% rename from src/api/endpoints/users/show.js rename to src/api/endpoints/users/show.ts index 0eaba221c..cae4ac0b7 100644 --- a/src/api/endpoints/users/show.js +++ b/src/api/endpoints/users/show.ts @@ -3,7 +3,7 @@ /** * Module dependencies */ -import * as mongo from 'mongodb'; +import it from '../../it'; import User from '../../models/user'; import serialize from '../../serializers/user'; @@ -18,28 +18,19 @@ module.exports = (params, me) => new Promise(async (res, rej) => { // Get 'user_id' parameter - let userId = params.user_id; - if (userId === undefined || userId === null || userId === '') { - userId = null; - } + const [userId, userIdErr] = it(params.user_id, 'id'); + if (userIdErr) return rej('invalid user_id param'); // Get 'username' parameter - let username = params.username; - if (username === undefined || username === null || username === '') { - username = null; - } + const [username, usernameErr] = it(params.username, 'string'); + if (usernameErr) return rej('invalid username param'); if (userId === null && username === null) { return rej('user_id or username is required'); } - // Validate id - if (userId && !mongo.ObjectID.isValid(userId)) { - return rej('incorrect user_id'); - } - const q = userId != null - ? { _id: new mongo.ObjectID(userId) } + ? { _id: userId } : { username_lower: username.toLowerCase() } ; // Lookup user