fix: leverage the fastify schema to validate input (#278)

* fix: set valid values * fix: use shorthand * chore: refactor to use fastify validations * fix: set lower case restrict org email * chore: update the error message handling * fix: use fastify validation for the request body bonus: fixed how the deletion of files is handled, as currently it did not work as intended * chore: use fastify validation * fix: use fastify validation * fix: use fastify validation
HemmeligOrg · Mar 9, 2024 · 4b3fb88 · 4b3fb88
1 parent 57f290f
commit 4b3fb88
Show file tree

Hide file tree

Showing 10 changed files with 229 additions and 198 deletions.
diff --git a/src/client/routes/account/account.jsx b/src/client/routes/account/account.jsx
@@ -73,11 +73,12 @@ const Account = () => {
         try {
             const updatedUserInfo = await updateUser(values);
 
-            if (updatedUserInfo.error || [401, 500].includes(updatedUserInfo.statusCode)) {
+            if (updatedUserInfo.error || [400, 401, 500].includes(updatedUserInfo.statusCode)) {
                 setError(
-                    updatedUserInfo.error
-                        ? updatedUserInfo.error
+                    updatedUserInfo.message
+                        ? updatedUserInfo.message
                         : t('account.account.can_not_update_profile')
+
                 );
 
                 return;

diff --git a/src/client/routes/account/settings.jsx b/src/client/routes/account/settings.jsx
@@ -22,7 +22,7 @@ const Settings = () => {
             disable_users: false,
             disable_user_account_creation: false,
             disable_file_upload: false,
-            Restrict_organization_email: '',
+            restrict_organization_email: '',
         },
     });
 

diff --git a/src/client/routes/home/index.jsx b/src/client/routes/home/index.jsx
@@ -173,14 +173,14 @@ const Home = () => {
         const json = await createSecret(body);
 
         if (json.statusCode !== 201) {
-            if (json.statusCode === 403) {
-                setError(json.error);
+            if (json.statusCode === 400) {
+                setError(json.message);
             }
 
             if (json.message === 'request file too large, please check multipart config') {
                 form.setErrors({ files: 'The file size is too large' });
             } else {
-                form.setErrors({ files: json.error });
+                form.setErrors({ files: json.message });
             }
 
             setCreatingSecret(false);

diff --git a/src/client/routes/signup/index.jsx b/src/client/routes/signup/index.jsx
@@ -30,19 +30,19 @@ const SignUp = () => {
     const onSignUp = async (values) => {
         const data = await signUp(values.email, values.username, values.password);
 
-        if (data.statusCode === 403) {
-            setError(data.error);
+        if ([400, 403].indexOf(data.statusCode) > -1) {
+            setError(data.message);
 
             setSuccess(false);
 
             return;
         }
 
-        if (data.error) {
+        if (data.type && data.message) {
             form.setErrors({
-                username: data.type == 'username' ? data.error : '',
-                password: data.type == 'password' ? data.error : '',
-                email: data.type == 'email' ? data.error : '',
+                username: data.type == 'username' ? data.message : '',
+                password: data.type == 'password' ? data.message : '',
+                email: data.type == 'email' ? data.message : '',
             });
 
             setSuccess(false);

diff --git a/src/server/controllers/account.js b/src/server/controllers/account.js
@@ -2,8 +2,6 @@ import emailValidator from 'email-validator';
 import { compare, hash } from '../helpers/password.js';
 import prisma from '../services/prisma.js';
 
-const PASSWORD_LENGTH = 5;
-
 async function account(fastify) {
     fastify.get(
         '/',
@@ -29,15 +27,23 @@ async function account(fastify) {
         '/update',
         {
             preValidation: [fastify.authenticate],
+            schema: {
+                body: {
+                    type: 'object',
+                    required: ['currentPassword', 'newPassword', 'confirmNewPassword', 'email'],
+                    properties: {
+                        currentPassword: { type: 'string', default: '' },
+                        newPassword: { type: 'string', maxLength: 50, minLength: 5, default: '' },
+                        confirmNewPassword: { type: 'string', default: '' },
+                        email: { type: 'string', default: '' },
+                        generated: { type: 'boolean', default: false },
+                    },
+                },
+            },
         },
         async (request, reply) => {
-            const {
-                currentPassword = '',
-                newPassword = '',
-                email = '',
-                confirmNewPassword = '',
-                generated = false,
-            } = request.body;
+            const { currentPassword, newPassword, email, confirmNewPassword, generated } =
+                request.body;
 
             const data = {
                 generated,
@@ -54,13 +60,6 @@ async function account(fastify) {
             }
 
             if (newPassword) {
-                if (newPassword.length < PASSWORD_LENGTH) {
-                    return reply.code(403).send({
-                        type: 'newPassword',
-                        error: `Password has to be longer than ${PASSWORD_LENGTH} characters`,
-                    });
-                }
-
                 data.password = await hash(newPassword);
             }
 
@@ -75,13 +74,6 @@ async function account(fastify) {
                 data.email = email;
             }
 
-            if (!email && !newPassword) {
-                return reply.code(412).send({
-                    type: 'no-data',
-                    error: `Could not update your profile. Please set the fields you want to update.`,
-                });
-            }
-
             if (newPassword !== confirmNewPassword) {
                 return reply.code(400).send({
                     type: 'confirmNewPassword',

diff --git a/src/server/controllers/admin/settings.js b/src/server/controllers/admin/settings.js
@@ -23,14 +23,26 @@ async function settings(fastify) {
         '/',
         {
             preValidation: [fastify.authenticate, fastify.admin],
+            schema: {
+                body: {
+                    type: 'object',
+                    properties: {
+                        disable_users: { type: 'boolean', default: false },
+                        disable_user_account_creation: { type: 'boolean', default: false },
+                        read_only: { type: 'boolean', default: false },
+                        disable_file_upload: { type: 'boolean', default: false },
+                        restrict_organization_email: { type: 'string', default: '' },
+                    },
+                },
+            },
         },
         async (request) => {
             const {
-                disable_users = false,
-                disable_user_account_creation = false,
-                read_only = false,
-                disable_file_upload = false,
-                restrict_organization_email = '',
+                disable_users,
+                disable_user_account_creation,
+                read_only,
+                disable_file_upload,
+                restrict_organization_email,
             } = request.body;
 
             const settings = await prisma.settings.upsert({