✨ Add Joi validation to add controllers

staart · May 30, 2019 · ddcba1b · ddcba1b
1 parent a9b631a
commit ddcba1b
Show file tree

Hide file tree

Showing 5 changed files with 300 additions and 93 deletions.
diff --git a/src/controllers/auth.ts b/src/controllers/auth.ts
@@ -31,13 +31,37 @@ import Joi from "@hapi/joi";
 export class AuthController {
   @Post("register")
   async register(req: Request, res: Response) {
+    const name = req.body.name;
     const email = req.body.email;
+    joiValidate(
+      {
+        email: Joi.string()
+          .email()
+          .required(),
+        name: Joi.string()
+          .min(3)
+          .required()
+      },
+      { email, name }
+    );
     const user = req.body;
     delete user.organizationId;
     delete user.email;
     if (user.role == UserRole.ADMIN) delete user.role;
     delete user.membershipRole;
-    if (!req.body.name || !email) throw new Error(ErrorCode.MISSING_FIELD);
+    joiValidate(
+      {
+        nickname: Joi.string().min(3),
+        countryCode: Joi.string().length(2),
+        password: Joi.string().min(6),
+        gender: Joi.string().length(1),
+        preferredLanguage: Joi.string()
+          .min(2)
+          .max(5),
+        timezone: Joi.string()
+      },
+      user
+    );
     await register(
       user,
       res.locals,
@@ -72,7 +96,13 @@ export class AuthController {
     const token =
       req.body.token || (req.get("Authorization") || "").replace("Bearer ", "");
     const subject = req.body.subject;
-    if (!token || !subject) throw new Error(ErrorCode.MISSING_FIELD);
+    joiValidate(
+      {
+        token: Joi.string().required(),
+        subject: Joi.string().required()
+      },
+      { token, subject }
+    );
     try {
       const data = await verifyToken(token, subject);
       res.json({ verified: true, data });
@@ -86,14 +116,21 @@ export class AuthController {
   async postRefreshToken(req: Request, res: Response) {
     const token =
       req.body.token || (req.get("Authorization") || "").replace("Bearer ", "");
-    if (!token) throw new Error(ErrorCode.MISSING_TOKEN);
+    joiValidate({ token: Joi.string().required() }, { token });
     res.json(await validateRefreshToken(token, res.locals));
   }
 
   @Post("reset-password/request")
   async postResetPasswordRequest(req: Request, res: Response) {
-    const email = req.body && req.body.email;
-    if (!email) throw new Error(ErrorCode.MISSING_FIELD);
+    const email = req.body.email;
+    joiValidate(
+      {
+        email: Joi.string()
+          .email()
+          .required()
+      },
+      { email }
+    );
     await sendPasswordReset(email, res.locals);
     res.json({ queued: true });
   }
@@ -103,7 +140,15 @@ export class AuthController {
     const token =
       req.body.token || (req.get("Authorization") || "").replace("Bearer ", "");
     const password = req.body.password;
-    if (!token || !password) throw new Error(ErrorCode.MISSING_FIELD);
+    joiValidate(
+      {
+        token: Joi.string().required(),
+        password: Joi.string()
+          .min(6)
+          .required()
+      },
+      { token, password }
+    );
     await updatePassword(token, password, res.locals);
     res.json({ success: true });
   }
@@ -119,7 +164,7 @@ export class AuthController {
   async postLoginWithGoogleVerify(req: Request, res: Response) {
     const code =
       req.body.code || (req.get("Authorization") || "").replace("Bearer ", "");
-    if (!code) throw new Error(ErrorCode.MISSING_TOKEN);
+    joiValidate({ code: Joi.string().required() }, { code });
     res.json(await loginWithGoogleVerify(code, res.locals));
   }
 
@@ -128,8 +173,16 @@ export class AuthController {
   async getImpersonate(req: Request, res: Response) {
     const tokenUserId = res.locals.token.id;
     const impersonateUserId = req.params.id;
-    if (!tokenUserId || !impersonateUserId)
-      throw new Error(ErrorCode.MISSING_FIELD);
+    joiValidate(
+      {
+        tokenUserId: Joi.number().required(),
+        impersonateUserId: Joi.number().required()
+      },
+      {
+        tokenUserId,
+        impersonateUserId
+      }
+    );
     res.json(await impersonate(tokenUserId, impersonateUserId));
   }
 
@@ -138,14 +191,14 @@ export class AuthController {
   async getApproveLocation(req: Request, res: Response) {
     const token =
       req.body.token || (req.get("Authorization") || "").replace("Bearer ", "");
-    if (!token) throw new Error(ErrorCode.MISSING_FIELD);
+    joiValidate({ token: Joi.string().required() }, { token });
     res.json(await approveLocation(token, res.locals));
   }
 
   @Post("verify-email")
   async postVerifyEmail(req: Request, res: Response) {
     const token = req.body.token || req.params.token;
-    if (!token) throw new Error(ErrorCode.MISSING_FIELD);
+    joiValidate({ token: Joi.string().required() }, { token });
     await verifyEmail(token, res.locals);
     res.json({ success: true });
   }

diff --git a/src/controllers/membership.ts b/src/controllers/membership.ts
@@ -16,53 +16,54 @@ import {
   ClassWrapper
 } from "@overnightjs/core";
 import { authHandler } from "../helpers/middleware";
-import { CREATED } from "http-status-codes";
 import asyncHandler from "express-async-handler";
+import Joi from "@hapi/joi";
+import { joiValidate } from "../helpers/utils";
 
 @Controller("memberships")
 @ClassWrapper(asyncHandler)
 @ClassMiddleware(authHandler)
 export class MembershipController {
-  @Put()
-  async put(req: Request, res: Response) {
-    const organizationId = req.params.organizationId;
-    const newMemberName = req.body.name;
-    const newMemberEmail = req.body.email;
-    const role = req.body.role;
-    if (!organizationId || !newMemberName || !newMemberEmail || !role)
-      throw new Error(ErrorCode.MISSING_FIELD);
-    await inviteMemberToOrganization(
-      res.locals.token.id,
-      organizationId,
-      newMemberName,
-      newMemberEmail,
-      role,
-      res.locals
-    );
-    res.status(CREATED).json({ invited: true });
-  }
-
   @Get(":id")
   async get(req: Request, res: Response) {
-    const id = req.params.id;
-    if (!id) throw new Error(ErrorCode.MISSING_FIELD);
-    res.json(await getMembershipDetailsForUser(res.locals.token.id, id));
+    const membershipId = req.params.id;
+    const userId = res.locals.token.id;
+    joiValidate(
+      {
+        membershipId: Joi.number().required(),
+        userId: Joi.number().required()
+      },
+      { membershipId, userId }
+    );
+    res.json(await getMembershipDetailsForUser(userId, membershipId));
   }
 
   @Delete(":id")
   async delete(req: Request, res: Response) {
-    const id = res.locals.token.id;
+    const userId = res.locals.token.id;
     const membershipId = req.params.id;
-    if (!id || !membershipId) throw new Error(ErrorCode.MISSING_FIELD);
-    await deleteMembershipForUser(id, membershipId, res.locals);
+    joiValidate(
+      {
+        membershipId: Joi.number().required(),
+        userId: Joi.number().required()
+      },
+      { membershipId, userId }
+    );
+    await deleteMembershipForUser(userId, membershipId, res.locals);
     res.json({ deleted: true });
   }
 
   @Patch(":id")
   async patch(req: Request, res: Response) {
     const userId = res.locals.token.id;
     const membershipId = req.params.id;
-    if (!userId || !membershipId) throw new Error(ErrorCode.MISSING_FIELD);
+    joiValidate(
+      {
+        membershipId: Joi.number().required(),
+        userId: Joi.number().required()
+      },
+      { membershipId, userId }
+    );
     const data = req.body;
     delete req.body.id;
     await updateMembershipForUser(userId, membershipId, data, res.locals);