Vérification des entrées avec celebrate

e12cff25 · Damien · ad27da44 · e12cff25 · e12cff25 · e12cff25
Commit e12cff25 authored 6 years ago by Damien
--- a/backend/package.json
+++ b/backend/package.json
@@ -7,6 +7,7 @@
  "license": "MIT",
  "dependencies": {
    "body-parser": "^1.18.3",
+    "celebrate": "^9.1.0",
    "express": "^4.16.4",
    "mongoose": "^5.5.3"
  }

--- a/backend/routes/routesToucan.js
+++ b/backend/routes/routesToucan.js
 var express = require("express");
 var fs = require("fs");
 var path = require("path");
+var { celebrate } = require("celebrate");
+var { newToucan, validId } = require("../utils/schema");
 var env = require("../.env");
 var upload = require("../utils/fileSaver");
 var Toucan = require("../models/modelToucan");
@@ -19,8 +21,12 @@ router.route("/toucans")
                }
            });
    })
+
    // Une route pour créer un toucan
-    .post(upload.fields([{name:"toucan", maxCount:1 }, {name:"cover", maxCount:1 }]),function(req,res) {
+    .post(
+        upload.fields([{name:"toucan", maxCount:1 }, {name:"cover", maxCount:1 }]),
+        celebrate({body:newToucan}),
+        function(req,res) {
            var toucan = new Toucan(req.body);
            var id = (toucan._id).toString();
            var index;
@@ -45,19 +51,17 @@ router.route("/toucans")
        });

 router.route("/pdf/:id")
-    .get(function (req,res) {
-        //var pdfPath= path.join(env.savedExtensions[1].path,"/",req.params.id,".pdf");
+    .get(celebrate({params: validId}), function (req,res) {
        var pdfPath = path.format({
            dir: env.savedExtensions[1].path,
            name: req.params.id,
            ext: ".pdf"
        });
-        console.log(pdfPath);
        res.sendFile(pdfPath);
    });

 router.route("/img/:id")
-    .get(function(req,res) {
+    .get(celebrate({params: validId}),function(req,res) {
        var imgPath = path.join(env.savedExtensions[0].path,"/",req.params.id);
        var fileKnown = false;
        env.savedExtensions[0].extensions.forEach(ext => {
@@ -67,7 +71,7 @@ router.route("/img/:id")
            }
        });
        if (fileKnown) {
-            res.sendfile(imgPath);
+            res.sendFile(imgPath);
        } else {
            res.send(404,"Image non trouvée");
        }

--- a/backend/utils/schema.js
+++ b/backend/utils/schema.js
+var { Joi } = require("celebrate");
+
+var newToucan = Joi.object({
+    title: Joi.string().alphanum().required(),
+    date: Joi.date().required()
+});
+
+var validId = Joi.object({id: Joi.string().hex().length(24)});
+
+module.exports = { newToucan, validId };
\ No newline at end of file
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -53,6 +53,14 @@ bytes@3.0.0:
  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048"
  integrity sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg=

+celebrate@^9.1.0:
+  version "9.1.0"
+  resolved "https://registry.yarnpkg.com/celebrate/-/celebrate-9.1.0.tgz#cf5870729100d741c88ade891d6b5ccd15d7b496"
+  integrity sha512-QFVB7HazVEWUFbzyHkzw/f1Mq9Zg6uJ4MYcpl/Snpfa9wkUHn//HUlMvN0BWyZyc/X09HczNGnLBwSQFtMz1QQ==
+  dependencies:
+    escape-html "1.0.3"
+    joi "14.x.x"
+
 content-disposition@0.5.2:
  version "0.5.2"
  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.2.tgz#0cf68bb9ddf5f2be7961c3a85178cb85dba78cb4"
@@ -107,7 +115,7 @@ encodeurl@~1.0.2:
  resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59"
  integrity sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=

-escape-html@~1.0.3:
+escape-html@1.0.3, escape-html@~1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
  integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
@@ -176,6 +184,11 @@ fresh@0.5.2:
  resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7"
  integrity sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=

+hoek@6.x.x:
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/hoek/-/hoek-6.1.3.tgz#73b7d33952e01fe27a38b0457294b79dd8da242c"
+  integrity sha512-YXXAAhmF9zpQbC7LEcREFtXfGq5K1fmd+4PHkBq8NUqmzW3G+Dq10bI/i0KucLRwss3YYFQ0fSfoxBZYiGUqtQ==
+
 http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3:
  version "1.6.3"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.6.3.tgz#8b55680bb4be283a0b5bf4ea2e38580be1d9320d"
@@ -203,6 +216,22 @@ ipaddr.js@1.9.0:
  resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.0.tgz#37df74e430a0e47550fe54a2defe30d8acd95f65"
  integrity sha512-M4Sjn6N/+O6/IXSJseKqHoFc+5FdGJ22sXqnjTpdZweHK64MzEPAyQZyEU3R/KRv2GLoa7nNtg/C2Ev6m7z+eA==

+isemail@3.x.x:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/isemail/-/isemail-3.2.0.tgz#59310a021931a9fb06bbb51e155ce0b3f236832c"
+  integrity sha512-zKqkK+O+dGqevc93KNsbZ/TqTUFd46MwWjYOoMrjIMZ51eU7DtQG3Wmd9SQQT7i7RVnuTPEiYEWHU3MSbxC1Tg==
+  dependencies:
+    punycode "2.x.x"
+
+joi@14.x.x:
+  version "14.3.1"
+  resolved "https://registry.yarnpkg.com/joi/-/joi-14.3.1.tgz#164a262ec0b855466e0c35eea2a885ae8b6c703c"
+  integrity sha512-LQDdM+pkOrpAn4Lp+neNIFV3axv1Vna3j38bisbQhETPMANYRbFJFUyOZcOClYvM/hppMhGWuKSFEK9vjrB+bQ==
+  dependencies:
+    hoek "6.x.x"
+    isemail "3.x.x"
+    topo "3.x.x"
+
 kareem@2.3.0:
  version "2.3.0"
  resolved "https://registry.yarnpkg.com/kareem/-/kareem-2.3.0.tgz#ef33c42e9024dce511eeaf440cd684f3af1fc769"
@@ -349,6 +378,11 @@ proxy-addr@~2.0.4:
    forwarded "~0.1.2"
    ipaddr.js "1.9.0"

+punycode@2.x.x:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
+  integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
+
 qs@6.5.2:
  version "6.5.2"
  resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36"
@@ -470,6 +504,13 @@ statuses@~1.4.0:
  resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.4.0.tgz#bb73d446da2796106efcc1b601a253d6c46bd087"
  integrity sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==

+topo@3.x.x:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/topo/-/topo-3.0.3.tgz#d5a67fb2e69307ebeeb08402ec2a2a6f5f7ad95c"
+  integrity sha512-IgpPtvD4kjrJ7CRA3ov2FhWQADwv+Tdqbsf1ZnPUSAtCJ9e1Z44MmoSGDXGk4IppoZA7jd/QRkNddlLJWlUZsQ==
+  dependencies:
+    hoek "6.x.x"
+
 type-is@~1.6.16:
  version "1.6.16"
  resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.16.tgz#f89ce341541c672b25ee7ae3c73dee3b2be50194"