diff --git a/src/api/endpoints/app/create.js b/src/api/endpoints/app/create.ts similarity index 69% rename from src/api/endpoints/app/create.js rename to src/api/endpoints/app/create.ts index 8b85da7ff..adbb205f6 100644 --- a/src/api/endpoints/app/create.js +++ b/src/api/endpoints/app/create.ts @@ -4,7 +4,9 @@ * Module dependencies */ import rndstr from 'rndstr'; +import it from '../../it'; import App from '../../models/app'; +import { isValidNameId } from '../../models/app'; import serialize from '../../serializers/app'; /** @@ -71,41 +73,25 @@ module.exports = async (params, user) => new Promise(async (res, rej) => { // Get 'name_id' parameter - const nameId = params.name_id; - if (nameId == null) { - return rej('name_id is required'); - } else if (typeof nameId != 'string') { - return rej('name_id must be a string'); - } - - // Validate name_id - if (!/^[a-zA-Z0-9\-]{3,30}$/.test(nameId)) { - return rej('invalid name_id'); - } + const [nameId, nameIdErr] = it(params.name_id).expect.string().required().validate(isValidNameId).qed(); + if (nameIdErr) return rej('invalid name_id param'); // Get 'name' parameter - const name = params.name; - if (name == null || name == '') { - return rej('name is required'); - } + const [name, nameErr] = it(params.name).expect.string().required().qed(); + if (nameErr) return rej('invalid name param'); // Get 'description' parameter - const description = params.description; - if (description == null || description == '') { - return rej('description is required'); - } + const [description, descriptionErr] = it(params.description).expect.string().required().qed(); + if (descriptionErr) return rej('invalid description param'); // Get 'permission' parameter - const permission = params.permission; - if (permission == null || permission == '') { - return rej('permission is required'); - } + const [permission, permissionErr] = it(params.permission).expect.array().unique().allString().required().qed(); + if (permissionErr) return rej('invalid permission param'); // Get 'callback_url' parameter - let callback = params.callback_url; - if (callback === '') { - callback = null; - } + // TODO: Check it is valid url + const [callbackUrl, callbackUrlErr] = it(params.callback_url).expect.nullable.string().default(null).qed(); + if (callbackUrlErr) return rej('invalid callback_url param'); // Generate secret const secret = rndstr('a-zA-Z0-9', 32); @@ -118,8 +104,8 @@ module.exports = async (params, user) => name_id: nameId, name_id_lower: nameId.toLowerCase(), description: description, - permission: permission.split(','), - callback_url: callback, + permission: permission, + callback_url: callbackUrl, secret: secret }); diff --git a/src/api/endpoints/app/name_id/available.js b/src/api/endpoints/app/name_id/available.ts similarity index 82% rename from src/api/endpoints/app/name_id/available.js rename to src/api/endpoints/app/name_id/available.ts index 159d4fff4..6af18ae83 100644 --- a/src/api/endpoints/app/name_id/available.js +++ b/src/api/endpoints/app/name_id/available.ts @@ -3,7 +3,9 @@ /** * Module dependencies */ +import it from '../../../it'; import App from '../../../models/app'; +import { isValidNameId } from '../../../models/app'; /** * @swagger @@ -44,15 +46,8 @@ module.exports = async (params) => new Promise(async (res, rej) => { // Get 'name_id' parameter - const nameId = params.name_id; - if (nameId == null || nameId == '') { - return rej('name_id is required'); - } - - // Validate name_id - if (!/^[a-zA-Z0-9\-]{3,30}$/.test(nameId)) { - return rej('invalid name_id'); - } + const [nameId, nameIdErr] = it(params.name_id).expect.string().required().validate(isValidNameId).qed(); + if (nameIdErr) return rej('invalid name_id param'); // Get exist const exist = await App diff --git a/src/api/endpoints/app/show.js b/src/api/endpoints/app/show.ts similarity index 83% rename from src/api/endpoints/app/show.js rename to src/api/endpoints/app/show.ts index ab5f6f456..cfb03bb9e 100644 --- a/src/api/endpoints/app/show.js +++ b/src/api/endpoints/app/show.ts @@ -3,7 +3,7 @@ /** * Module dependencies */ -import * as mongo from 'mongodb'; +import it from '../../it'; import App from '../../models/app'; import serialize from '../../serializers/app'; @@ -50,16 +50,12 @@ module.exports = (params, user, _, isSecure) => new Promise(async (res, rej) => { // Get 'app_id' parameter - let appId = params.app_id; - if (appId == null || appId == '') { - appId = null; - } + const [appId, appIdErr] = it(params.app_id, 'id'); + if (appIdErr) return rej('invalid app_id param'); // Get 'name_id' parameter - let nameId = params.name_id; - if (nameId == null || nameId == '') { - nameId = null; - } + const [nameId, nameIdErr] = it(params.name_id, 'string'); + if (nameIdErr) return rej('invalid name_id param'); if (appId === null && nameId === null) { return rej('app_id or name_id is required'); @@ -67,7 +63,7 @@ module.exports = (params, user, _, isSecure) => // Lookup app const app = appId !== null - ? await App.findOne({ _id: new mongo.ObjectID(appId) }) + ? await App.findOne({ _id: appId }) : await App.findOne({ name_id_lower: nameId.toLowerCase() }); if (app === null) { diff --git a/src/api/models/app.ts b/src/api/models/app.ts index a947d88e4..bf5dc80c2 100644 --- a/src/api/models/app.ts +++ b/src/api/models/app.ts @@ -7,3 +7,7 @@ const collection = db.get('apps'); (collection as any).index('secret'); // fuck type definition export default collection as any; // fuck type definition + +export function isValidNameId(nameId: string): boolean { + return typeof nameId == 'string' && /^[a-zA-Z0-9\-]{3,30}$/.test(nameId); +} diff --git a/src/api/serializers/app.ts b/src/api/serializers/app.ts index 9a02c5637..fdeef338d 100644 --- a/src/api/serializers/app.ts +++ b/src/api/serializers/app.ts @@ -21,8 +21,8 @@ export default ( app: any, me?: any, options?: { - includeSecret: boolean, - includeProfileImageIds: boolean + includeSecret?: boolean, + includeProfileImageIds?: boolean } ) => new Promise(async (resolve, reject) => { const opts = options || {