From 673675311eac692f358ec496fc1787285438245a Mon Sep 17 00:00:00 2001 From: bjarneo Date: Sat, 9 Mar 2024 10:16:48 +0100 Subject: [PATCH] chore: use fastify validation --- src/client/routes/signup/index.jsx | 12 +- src/server/controllers/account.js | 2 - src/server/controllers/authentication.js | 156 ++++++++++++----------- 3 files changed, 89 insertions(+), 81 deletions(-) diff --git a/src/client/routes/signup/index.jsx b/src/client/routes/signup/index.jsx index 4fdbacd8..d848d1b8 100644 --- a/src/client/routes/signup/index.jsx +++ b/src/client/routes/signup/index.jsx @@ -30,19 +30,19 @@ const SignUp = () => { const onSignUp = async (values) => { const data = await signUp(values.email, values.username, values.password); - if (data.statusCode === 403) { - setError(data.error); + if ([400, 403].indexOf(data.statusCode) > -1) { + setError(data.message); setSuccess(false); return; } - if (data.error) { + if (data.type && data.message) { form.setErrors({ - username: data.type == 'username' ? data.error : '', - password: data.type == 'password' ? data.error : '', - email: data.type == 'email' ? data.error : '', + username: data.type == 'username' ? data.message : '', + password: data.type == 'password' ? data.message : '', + email: data.type == 'email' ? data.message : '', }); setSuccess(false); diff --git a/src/server/controllers/account.js b/src/server/controllers/account.js index 6a2340f8..35d34650 100644 --- a/src/server/controllers/account.js +++ b/src/server/controllers/account.js @@ -2,8 +2,6 @@ import emailValidator from 'email-validator'; import { compare, hash } from '../helpers/password.js'; import prisma from '../services/prisma.js'; -const PASSWORD_LENGTH = 5; - async function account(fastify) { fastify.get( '/', diff --git a/src/server/controllers/authentication.js b/src/server/controllers/authentication.js index c58d0beb..b927c197 100644 --- a/src/server/controllers/authentication.js +++ b/src/server/controllers/authentication.js @@ -27,88 +27,98 @@ const PUBLIC_COOKIE_SETTINGS = { }; async function authentication(fastify) { - fastify.post('/signup', async (request, reply) => { - const { email = '', username = '', password = '' } = request.body; - - if (!emailValidator.validate(email)) { - return reply.code(403).send({ - type: 'email', - error: `Your email: "${email}" is not valid.`, - }); - } + fastify.post( + '/signup', + { + schema: { + body: { + type: 'object', + required: ['email', 'username', 'password'], + properties: { + email: { type: 'string' }, + username: { type: 'string', minLength: 4, maxLength: 20 }, + password: { type: 'string', minLength: 5, maxLength: 50 }, + }, + }, + }, + }, + async (request, reply) => { + const { email, username, password } = request.body; - if (!validUsername.test(username) || username.length < USERNAME_LENGTH) { - return reply.code(403).send({ - type: 'username', - error: `Username has to be longer than ${USERNAME_LENGTH}, and can only contain these characters. [A-Za-z0-9_-]`, - }); - } + if (!emailValidator.validate(email)) { + return reply.code(400).send({ + type: 'email', + message: `Your email: "${email}" is not valid.`, + }); + } - if (password.length < PASSWORD_LENGTH) { - return reply.code(403).send({ - type: 'password', - error: `Password has to be longer than ${PASSWORD_LENGTH} characters`, + if (!validUsername.test(username)) { + return reply.code(400).send({ + type: 'username', + message: `Username can only contain these characters. [A-Za-z0-9_-]`, + }); + } + + const userExist = await prisma.user.findFirst({ where: { username } }); + if (userExist) { + return reply + .code(403) + .send({ type: 'username', message: `This username has already been taken.` }); + } + + const emailExist = await prisma.user.findFirst({ where: { email } }); + if (emailExist) { + return reply + .code(403) + .send({ type: 'email', message: `This email has already been registered.` }); + } + + const userPassword = await hash(password); + + const user = await prisma.user.create({ + data: { + username, + email, + password: userPassword, + role: 'user', + }, }); - } - const userExist = await prisma.user.findFirst({ where: { username } }); - if (userExist) { - return reply - .code(403) - .send({ type: 'username', error: `This username has already been taken.` }); - } + if (!user) { + return reply.code(400).send({ + message: + 'Something happened while creating a new user. Please try again later.', + }); + } - const emailExist = await prisma.user.findFirst({ where: { email } }); - if (emailExist) { - return reply - .code(403) - .send({ type: 'email', error: `This email has already been registered.` }); - } + const sacredToken = await reply.jwtSign( + { + username: user.username, + email: user.email, + user_id: user.id, + }, + { expiresIn: '7d' } // expires in seven days + ); - const userPassword = await hash(password); + const expirationDate = new Date(); + expirationDate.setDate(expirationDate.getDate() + 6); - const user = await prisma.user.create({ - data: { - username, - email, - password: userPassword, - role: 'user', - }, - }); + const publicToken = Buffer.from( + JSON.stringify({ + username: user.username, + expirationDate: expirationDate, + }) + ).toString('base64'); - if (!user) { - return reply.code(403).send({ - error: 'Something happened while creating a new user. Please try again later.', - }); + reply + .setCookie(COOKIE_KEY, sacredToken, SACRED_COOKIE_SETTINGS) + .setCookie(COOKIE_KEY_PUBLIC, publicToken, PUBLIC_COOKIE_SETTINGS) + .code(200) + .send({ + username: user.username, + }); } - - const sacredToken = await reply.jwtSign( - { - username: user.username, - email: user.email, - user_id: user.id, - }, - { expiresIn: '7d' } // expires in seven days - ); - - const expirationDate = new Date(); - expirationDate.setDate(expirationDate.getDate() + 6); - - const publicToken = Buffer.from( - JSON.stringify({ - username: user.username, - expirationDate: expirationDate, - }) - ).toString('base64'); - - reply - .setCookie(COOKIE_KEY, sacredToken, SACRED_COOKIE_SETTINGS) - .setCookie(COOKIE_KEY_PUBLIC, publicToken, PUBLIC_COOKIE_SETTINGS) - .code(200) - .send({ - username: user.username, - }); - }); + ); fastify.post('/signin', async (request, reply) => { const { username = '', password = '' } = request.body;