Skip to content

Commit

Permalink
🔨 Reserve user register/update form-data payload format for App env (#…
Browse files Browse the repository at this point in the history 
…238)

* Revert "⏪ Revert removing deprecated register/update avatar APIs and CSRF"

This reverts commit 56ef0a3.

* 🔨 Reserve user register/update form-data payload format for App env

* 🔥 Remove form-data entry for user update endpoint

* 🥅 Add user register content-type error handler

* ✅ Add user register content-type test cases

* 🩹 Use next rather than throw to emit error

* 🩹 Add brackets to improve readability

Co-authored-by: William Chong <[email protected]>

Co-authored-by: William Chong <[email protected]>
  • Loading branch information
@WeiJun0827 @williamchong
WeiJun0827 and williamchong authored Apr 23, 2021
1 parent 71b4a24 commit de581b7
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 4 deletions.
22 changes: 22 additions & 0 deletions src/routes/users/registerLogin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,30 @@ const apiLimiter = new RateLimit({

router.use(loginPlatforms);

function isJson(req) {
return !!req.is('application/json');
}

function isApp(req) {
const { 'user-agent': userAgent = '' } = req.headers;
return userAgent.includes('LikeCoinApp');
}

function formdataParserForApp(req, res, next) {
if (!isJson(req)) {
if (isApp(req)) {
multer.none()(req, res, next);
} else {
next(new ValidationError('INVALID_CONTENT_TYPE'));
}
} else {
next();
}
}

router.post(
'/new',
formdataParserForApp,
apiLimiter,
async (req, res, next) => {
const {
Expand Down
51 changes: 47 additions & 4 deletions test/api/user.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,15 +53,15 @@ test.serial('USER: Login user. Case: success', async (t) => {
t.is(res.status, 200);
});

test.serial('USER: Edit user. Case: success', async (t) => {
test.serial('USER: Edit user by JSON from Web. Case: success', async (t) => {
const user = testingUser1;
const token = jwtSign({ user });
const payload = {
user,
displayName: testingDisplayName1,
ts: Date.now(),
wallet: testingWallet1,
email: '[email protected]',
email: testingEmail1,
};
const res = await axiosist.post('/api/users/update', payload, {
headers: {
Expand All @@ -72,15 +72,15 @@ test.serial('USER: Edit user. Case: success', async (t) => {
t.is(res.status, 200);
});

test.serial('USER: Edit user by form-data. Case: invalid content type', async (t) => {
test.serial('USER: Edit user by form-data from Web. Case: invalid content-type', async (t) => {
const user = testingUser1;
const token = jwtSign({ user });
const payload = new FormData();
payload.append('user', user);
payload.append('displayName', testingDisplayName1);
payload.append('ts', Date.now());
payload.append('wallet', testingWallet1);
payload.append('email', '[email protected]');
payload.append('email', testingEmail1);
const res = await axiosist.post('/api/users/update', payload, {
headers: {
Cookie: `likecoin_auth=${token};`,
Expand Down Expand Up @@ -151,6 +151,49 @@ test.serial('USER: Verify uuid. Case: success (Need restart server for clean mem
t.is(res.data.wallet, testingWallet2);
});

test.serial('USER: Register user by form-data from Web. Case: invalid content-type', async (t) => {
const user = testingUser1;
const token = jwtSign({ user });
const payload = new FormData();
payload.append('user', user);
payload.append('displayName', testingDisplayName1);
payload.append('ts', Date.now());
payload.append('wallet', testingWallet1);
payload.append('email', testingEmail1);
payload.append('platform', 'wallet');
const res = await axiosist.post('/api/users/new', payload, {
headers: {
Cookie: `likecoin_auth=${token};`,
...payload.getHeaders(),
},
}).catch(err => err.response);

t.is(res.status, 400);
t.is(res.data, 'INVALID_CONTENT_TYPE');
});

test.serial('USER: Register user by form-data from App. Case: invalid platform', async (t) => {
const user = testingUser1;
const token = jwtSign({ user });
const payload = new FormData();
payload.append('user', user);
payload.append('displayName', testingDisplayName1);
payload.append('ts', Date.now());
payload.append('wallet', testingWallet1);
payload.append('email', testingEmail1);
payload.append('platform', 'wallet');
const res = await axiosist.post('/api/users/new', payload, {
headers: {
Cookie: `likecoin_auth=${token};`,
'User-Agent': 'LikeCoinApp',
...payload.getHeaders(),
},
}).catch(err => err.response);

t.is(res.status, 400);
t.is(res.data, 'INVALID_PLATFORM');
});

//
// concurrent cases
//
Expand Down

0 comments on commit de581b7

Please sign in to comment.