POST input validation
This commit is contained in:
@@ -15,6 +15,7 @@
|
|||||||
"express": "^4.19.2",
|
"express": "^4.19.2",
|
||||||
"mysql2": "^3.10.1",
|
"mysql2": "^3.10.1",
|
||||||
"nodemon": "^3.1.3",
|
"nodemon": "^3.1.3",
|
||||||
"sequelize": "^6.37.3"
|
"sequelize": "^6.37.3",
|
||||||
|
"yup": "^1.4.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
29
server/pnpm-lock.yaml
generated
29
server/pnpm-lock.yaml
generated
@@ -23,6 +23,9 @@ dependencies:
|
|||||||
sequelize:
|
sequelize:
|
||||||
specifier: ^6.37.3
|
specifier: ^6.37.3
|
||||||
version: 6.37.3(mysql2@3.10.1)
|
version: 6.37.3(mysql2@3.10.1)
|
||||||
|
yup:
|
||||||
|
specifier: ^1.4.0
|
||||||
|
version: 1.4.0
|
||||||
|
|
||||||
packages:
|
packages:
|
||||||
|
|
||||||
@@ -632,6 +635,10 @@ packages:
|
|||||||
engines: {node: '>=8.6'}
|
engines: {node: '>=8.6'}
|
||||||
dev: false
|
dev: false
|
||||||
|
|
||||||
|
/property-expr@2.0.6:
|
||||||
|
resolution: {integrity: sha512-SVtmxhRE/CGkn3eZY1T6pC8Nln6Fr/lu1mKSgRud0eC73whjGfoAogbn78LkD8aFL0zz3bAFerKSnOl7NlErBA==}
|
||||||
|
dev: false
|
||||||
|
|
||||||
/proxy-addr@2.0.7:
|
/proxy-addr@2.0.7:
|
||||||
resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==}
|
resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==}
|
||||||
engines: {node: '>= 0.10'}
|
engines: {node: '>= 0.10'}
|
||||||
@@ -837,6 +844,10 @@ packages:
|
|||||||
has-flag: 3.0.0
|
has-flag: 3.0.0
|
||||||
dev: false
|
dev: false
|
||||||
|
|
||||||
|
/tiny-case@1.0.3:
|
||||||
|
resolution: {integrity: sha512-Eet/eeMhkO6TX8mnUteS9zgPbUMQa4I6Kkp5ORiBD5476/m+PIRiumP5tmh5ioJpH7k51Kehawy2UDfsnxxY8Q==}
|
||||||
|
dev: false
|
||||||
|
|
||||||
/to-regex-range@5.0.1:
|
/to-regex-range@5.0.1:
|
||||||
resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
|
resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
|
||||||
engines: {node: '>=8.0'}
|
engines: {node: '>=8.0'}
|
||||||
@@ -853,11 +864,20 @@ packages:
|
|||||||
resolution: {integrity: sha512-OsLcGGbYF3rMjPUf8oKktyvCiUxSbqMMS39m33MAjLTC1DVIH6x3WSt63/M77ihI09+Sdfk1AXvfhCEeUmC7mg==}
|
resolution: {integrity: sha512-OsLcGGbYF3rMjPUf8oKktyvCiUxSbqMMS39m33MAjLTC1DVIH6x3WSt63/M77ihI09+Sdfk1AXvfhCEeUmC7mg==}
|
||||||
dev: false
|
dev: false
|
||||||
|
|
||||||
|
/toposort@2.0.2:
|
||||||
|
resolution: {integrity: sha512-0a5EOkAUp8D4moMi2W8ZF8jcga7BgZd91O/yabJCFY8az+XSzeGyTKs0Aoo897iV1Nj6guFq8orWDS96z91oGg==}
|
||||||
|
dev: false
|
||||||
|
|
||||||
/touch@3.1.1:
|
/touch@3.1.1:
|
||||||
resolution: {integrity: sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==}
|
resolution: {integrity: sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==}
|
||||||
hasBin: true
|
hasBin: true
|
||||||
dev: false
|
dev: false
|
||||||
|
|
||||||
|
/type-fest@2.19.0:
|
||||||
|
resolution: {integrity: sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==}
|
||||||
|
engines: {node: '>=12.20'}
|
||||||
|
dev: false
|
||||||
|
|
||||||
/type-is@1.6.18:
|
/type-is@1.6.18:
|
||||||
resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==}
|
resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==}
|
||||||
engines: {node: '>= 0.6'}
|
engines: {node: '>= 0.6'}
|
||||||
@@ -904,3 +924,12 @@ packages:
|
|||||||
dependencies:
|
dependencies:
|
||||||
'@types/node': 20.14.6
|
'@types/node': 20.14.6
|
||||||
dev: false
|
dev: false
|
||||||
|
|
||||||
|
/yup@1.4.0:
|
||||||
|
resolution: {integrity: sha512-wPbgkJRCqIf+OHyiTBQoJiP5PFuAXaWiJK6AmYkzQAh5/c2K9hzSApBZG5wV9KoKSePF7sAxmNSvh/13YHkFDg==}
|
||||||
|
dependencies:
|
||||||
|
property-expr: 2.0.6
|
||||||
|
tiny-case: 1.0.3
|
||||||
|
toposort: 2.0.2
|
||||||
|
type-fest: 2.19.0
|
||||||
|
dev: false
|
||||||
|
|||||||
@@ -1,12 +1,29 @@
|
|||||||
const express = require("express");
|
const express = require("express");
|
||||||
|
const yup = require("yup");
|
||||||
const { Op } = require("sequelize");
|
const { Op } = require("sequelize");
|
||||||
const { User } = require("../models");
|
const { User } = require("../models");
|
||||||
const router = express.Router();
|
const router = express.Router();
|
||||||
|
|
||||||
router.post("/", async (req, res) => {
|
router.post("/", async (req, res) => {
|
||||||
let data = req.body;
|
let data = req.body;
|
||||||
let result = await User.create(data);
|
// Validate request body
|
||||||
res.json(result);
|
let validationSchema = yup.object({
|
||||||
|
id: yup.number().min(0).required(),
|
||||||
|
firstName: yup.string().trim().min(1).max(100).required(),
|
||||||
|
lastName: yup.string().trim().min(1).max(100).required(),
|
||||||
|
email: yup.string().trim().min(5).max(69).email().required(),
|
||||||
|
phoneNumber: yup.string().trim().length(8).required(),
|
||||||
|
passwordHash: yup.string().trim().min(128).max(255).required(),
|
||||||
|
description: yup.string().trim().min(3).max(500).required(),
|
||||||
|
});
|
||||||
|
try {
|
||||||
|
data = await validationSchema.validate(data, { abortEarly: false });
|
||||||
|
// Process valid data
|
||||||
|
let result = await User.create(data);
|
||||||
|
res.json(result);
|
||||||
|
} catch (err) {
|
||||||
|
res.status(400).json({ errors: err.errors });
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
router.get("/", async (req, res) => {
|
router.get("/", async (req, res) => {
|
||||||
|
|||||||
Reference in New Issue
Block a user