✨ Different validation types

src/helpers/mysql.ts

@@ -87,6 +87,7 @@ export const cleanValues = (
   values: (string | number | boolean | Date | undefined)[]
 ) => {
   values = values.map(value => {
+    if (!value) return;
     // Clean up strings
     if (typeof value === "string") value = value.trim();
     // Convert true to 1, false to 0

src/helpers/utils.ts

@@ -82,7 +82,11 @@ export const readOnlyValues = ["createdAt", "id"];
 /**
  * Validate strings to type
  */
-export const validate = (text: string, type: ValidationTypes) => {
+export const validate = (
+  text: string,
+  type: ValidationTypes,
+  maxLength?: number
+) => {
   if (type === ValidationTypes.EMAIL)
     if (!isEmail(text)) throw new Error(ErrorCode.VALIDATION_EMAIL);
 
@@ -92,4 +96,29 @@ export const validate = (text: string, type: ValidationTypes) => {
   if (type === ValidationTypes.PHONE)
     if (!isMobilePhone(text, "any"))
       throw new Error(ErrorCode.VALIDATION_PHONE);
+
+  if (type === ValidationTypes.TEXT)
+    if (!text || !text.trim()) throw new Error(ErrorCode.VALIDATION_TEXT);
+
+  if (maxLength && type === ValidationTypes.TEXT)
+    if (text.length > maxLength)
+      throw new Error(ErrorCode.VALIDATION_TEXT_LENGTH);
+
+  if (type === ValidationTypes.DOMAIN)
+    if (!text || !text.includes("."))
+      throw new Error(ErrorCode.VALIDATION_DOMAIN);
+
+  if (type === ValidationTypes.COUNTRY_CODE)
+    if (!text || text.length !== 2)
+      throw new Error(ErrorCode.VALIDATION_COUNTRY_CODE);
+
+  if (type === ValidationTypes.GENDER)
+    if (!text || text.length !== 1)
+      throw new Error(ErrorCode.VALIDATION_GENDER);
+
+  if (type === ValidationTypes.LANGUAGE)
+    if (!text || !text.trim()) throw new Error(ErrorCode.VALIDATION_LANGUAGE);
+
+  if (type === ValidationTypes.TIMEZONE)
+    if (!text || !text.trim()) throw new Error(ErrorCode.VALIDATION_TIMEZONE);
 };

src/interfaces/enum.ts

@@ -64,6 +64,13 @@ export enum ErrorCode {
   VALIDATION_EMAIL = "400/validation-email",
   VALIDATION_PHONE = "400/validation-phone",
   VALIDATION_URL = "400/validation-url",
+  VALIDATION_DOMAIN = "400/validation-domain",
+  VALIDATION_LANGUAGE = "400/validation-language",
+  VALIDATION_TIMEZONE = "400/validation-timezone",
+  VALIDATION_GENDER = "400/validation-gender",
+  VALIDATION_COUNTRY_CODE = "400/validation-country-code",
+  VALIDATION_TEXT = "400/validation-text",
+  VALIDATION_TEXT_LENGTH = "400/validation-text-length",
   CANNOT_DELETE_SOLE_OWNER = "400/cannot-delete-sole-owner",
   CANNOT_UPDATE_SOLE_OWNER = "400/cannot-update-sole-owner",
   USER_IS_MEMBER_ALREADY = "400/user-is-member-already",
@@ -123,5 +130,11 @@ export enum Genders {
 export enum ValidationTypes {
   EMAIL = "email",
   PHONE = "phone",
-  URL = "url"
+  URL = "url",
+  GENDER = "gender",
+  DOMAIN = "domain",
+  LANGUAGE = "language",
+  TIMEZONE = "timezone",
+  COUNTRY_CODE = "country-code",
+  TEXT = "text"
 }

src/rest/auth.ts

@@ -53,6 +53,7 @@ export const login = async (
   locals: Locals
 ) => {
   validate(email, ValidationTypes.EMAIL);
+  validate(password, ValidationTypes.TEXT);
   const user = await getUserByEmail(email, true);
   if (!user.password) throw new Error(ErrorCode.MISSING_PASSWORD);
   if (!user.id) throw new Error(ErrorCode.USER_NOT_FOUND);
@@ -72,6 +73,14 @@ export const register = async (
 ) => {
   if (email) await checkIfNewEmail(email);
   // Create user
+  if (user.name) validate(user.name, ValidationTypes.TEXT);
+  if (user.nickname) validate(user.name, ValidationTypes.TEXT);
+  if (user.countryCode) validate(user.name, ValidationTypes.COUNTRY_CODE);
+  if (user.password) validate(user.password, ValidationTypes.TEXT);
+  if (user.gender) validate(user.gender, ValidationTypes.GENDER);
+  if (user.preferredLanguage)
+    validate(user.preferredLanguage, ValidationTypes.LANGUAGE);
+  if (user.timezone) validate(user.timezone, ValidationTypes.TIMEZONE);
   const result = <InsertResult>await createUser(user);
   const userId = result.insertId;
   // Set email
@@ -131,6 +140,7 @@ export const updatePassword = async (
   password: string,
   locals: Locals
 ) => {
+  validate(password, ValidationTypes.TEXT);
   const userId = (<KeyValue>await verifyToken(token, Tokens.PASSWORD_RESET)).id;
   const hashedPassword = await hash(password || "", 8);
   await updateUser(userId, { password: hashedPassword });

src/rest/membership.ts

@@ -39,6 +39,7 @@ export const inviteMemberToOrganization = async (
   role: MembershipRole,
   locals: Locals
 ) => {
+  validate(newMemberName, ValidationTypes.TEXT);
   validate(newMemberEmail, ValidationTypes.EMAIL);
   if (
     await can(

src/rest/organization.ts

@@ -15,7 +15,8 @@ import {
   MembershipRole,
   ErrorCode,
   EventType,
-  Authorizations
+  Authorizations,
+  ValidationTypes
 } from "../interfaces/enum";
 import {
   createEvent,
@@ -39,6 +40,8 @@ import {
   deleteStripeCustomer
 } from "../helpers/stripe";
 import { customers, cards } from "stripe";
+import { validate } from "../helpers/utils";
+import { getUser } from "../crud/user";
 
 export const getOrganizationForUser = async (
   userId: number,
@@ -54,6 +57,14 @@ export const newOrganizationForUser = async (
   organization: Organization,
   locals: Locals
 ) => {
+  if (organization.name) {
+    validate(organization.name, ValidationTypes.TEXT);
+  } else {
+    const user = await getUser(userId);
+    organization.name = `${user.name}'s Team`;
+  }
+  if (organization.invitationDomain)
+    validate(organization.invitationDomain, ValidationTypes.DOMAIN);
   const org = <InsertResult>await createOrganization(organization);
   const organizationId = org.insertId;
   await createMembership({
@@ -79,6 +90,9 @@ export const updateOrganizationForUser = async (
   data: Organization,
   locals: Locals
 ) => {
+  if (data.name) validate(data.name, ValidationTypes.TEXT);
+  if (data.invitationDomain)
+    validate(data.invitationDomain, ValidationTypes.DOMAIN);
   if (
     await can(userId, Authorizations.UPDATE, "organization", organizationId)
   ) {

src/rest/user.ts

@@ -1,4 +1,9 @@
-import { ErrorCode, EventType, Authorizations } from "../interfaces/enum";
+import {
+  ErrorCode,
+  EventType,
+  Authorizations,
+  ValidationTypes
+} from "../interfaces/enum";
 import {
   getUser,
   updateUser,
@@ -20,6 +25,7 @@ import {
 } from "../crud/event";
 import { getUserEmails, deleteAllUserEmails } from "../crud/email";
 import { can } from "../helpers/authorization";
+import { validate } from "../helpers/utils";
 
 export const getUserFromId = async (userId: number, tokenUserId: number) => {
   if (await can(tokenUserId, Authorizations.READ, "user", userId))
@@ -33,6 +39,14 @@ export const updateUserForUser = async (
   data: User,
   locals: Locals
 ) => {
+  if (data.name) validate(data.name, ValidationTypes.TEXT);
+  if (data.nickname) validate(data.name, ValidationTypes.TEXT);
+  if (data.countryCode) validate(data.name, ValidationTypes.COUNTRY_CODE);
+  if (data.password) validate(data.password, ValidationTypes.TEXT);
+  if (data.gender) validate(data.gender, ValidationTypes.GENDER);
+  if (data.preferredLanguage)
+    validate(data.preferredLanguage, ValidationTypes.LANGUAGE);
+  if (data.timezone) validate(data.timezone, ValidationTypes.TIMEZONE);
   if (await can(tokenUserId, Authorizations.UPDATE, "user", updateUserId)) {
     await updateUser(updateUserId, data);
     await createEvent(