From 912edceeaf9964348ec0b2bc56310b8101e3fdce Mon Sep 17 00:00:00 2001 From: Wind-Explorer Date: Fri, 21 Jun 2024 23:19:29 +0800 Subject: [PATCH] POST input validation --- server/package.json | 3 ++- server/pnpm-lock.yaml | 29 +++++++++++++++++++++++++++++ server/routes/users.js | 21 +++++++++++++++++++-- 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/server/package.json b/server/package.json index cffb45b..aaae287 100644 --- a/server/package.json +++ b/server/package.json @@ -15,6 +15,7 @@ "express": "^4.19.2", "mysql2": "^3.10.1", "nodemon": "^3.1.3", - "sequelize": "^6.37.3" + "sequelize": "^6.37.3", + "yup": "^1.4.0" } } diff --git a/server/pnpm-lock.yaml b/server/pnpm-lock.yaml index 7a906a0..d5cbca4 100644 --- a/server/pnpm-lock.yaml +++ b/server/pnpm-lock.yaml @@ -23,6 +23,9 @@ dependencies: sequelize: specifier: ^6.37.3 version: 6.37.3(mysql2@3.10.1) + yup: + specifier: ^1.4.0 + version: 1.4.0 packages: @@ -632,6 +635,10 @@ packages: engines: {node: '>=8.6'} dev: false + /property-expr@2.0.6: + resolution: {integrity: sha512-SVtmxhRE/CGkn3eZY1T6pC8Nln6Fr/lu1mKSgRud0eC73whjGfoAogbn78LkD8aFL0zz3bAFerKSnOl7NlErBA==} + dev: false + /proxy-addr@2.0.7: resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==} engines: {node: '>= 0.10'} @@ -837,6 +844,10 @@ packages: has-flag: 3.0.0 dev: false + /tiny-case@1.0.3: + resolution: {integrity: sha512-Eet/eeMhkO6TX8mnUteS9zgPbUMQa4I6Kkp5ORiBD5476/m+PIRiumP5tmh5ioJpH7k51Kehawy2UDfsnxxY8Q==} + dev: false + /to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} @@ -853,11 +864,20 @@ packages: resolution: {integrity: sha512-OsLcGGbYF3rMjPUf8oKktyvCiUxSbqMMS39m33MAjLTC1DVIH6x3WSt63/M77ihI09+Sdfk1AXvfhCEeUmC7mg==} dev: false + /toposort@2.0.2: + resolution: {integrity: sha512-0a5EOkAUp8D4moMi2W8ZF8jcga7BgZd91O/yabJCFY8az+XSzeGyTKs0Aoo897iV1Nj6guFq8orWDS96z91oGg==} + dev: false + /touch@3.1.1: resolution: {integrity: sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==} hasBin: true dev: false + /type-fest@2.19.0: + resolution: {integrity: sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==} + engines: {node: '>=12.20'} + dev: false + /type-is@1.6.18: resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==} engines: {node: '>= 0.6'} @@ -904,3 +924,12 @@ packages: dependencies: '@types/node': 20.14.6 dev: false + + /yup@1.4.0: + resolution: {integrity: sha512-wPbgkJRCqIf+OHyiTBQoJiP5PFuAXaWiJK6AmYkzQAh5/c2K9hzSApBZG5wV9KoKSePF7sAxmNSvh/13YHkFDg==} + dependencies: + property-expr: 2.0.6 + tiny-case: 1.0.3 + toposort: 2.0.2 + type-fest: 2.19.0 + dev: false diff --git a/server/routes/users.js b/server/routes/users.js index bf73398..734457d 100644 --- a/server/routes/users.js +++ b/server/routes/users.js @@ -1,12 +1,29 @@ const express = require("express"); +const yup = require("yup"); const { Op } = require("sequelize"); const { User } = require("../models"); const router = express.Router(); router.post("/", async (req, res) => { let data = req.body; - let result = await User.create(data); - res.json(result); + // Validate request body + let validationSchema = yup.object({ + id: yup.number().min(0).required(), + firstName: yup.string().trim().min(1).max(100).required(), + lastName: yup.string().trim().min(1).max(100).required(), + email: yup.string().trim().min(5).max(69).email().required(), + phoneNumber: yup.string().trim().length(8).required(), + passwordHash: yup.string().trim().min(128).max(255).required(), + description: yup.string().trim().min(3).max(500).required(), + }); + try { + data = await validationSchema.validate(data, { abortEarly: false }); + // Process valid data + let result = await User.create(data); + res.json(result); + } catch (err) { + res.status(400).json({ errors: err.errors }); + } }); router.get("/", async (req, res) => {