added zod for post requests

2024-09-14 16:00:19 -04:00
parent a5b1952e0d
commit 1cf7421b76
24 changed files with 350 additions and 180 deletions
@@ -11,6 +11,7 @@ import fs from "fs";
 import verifyToken from "@/lib/api/verifyToken";
 import generatePreview from "@/lib/api/generatePreview";
 import createFolder from "@/lib/api/storage/createFolder";
+import { UploadFileSchema } from "@/lib/shared/schemaValidation";

 export const config = {
  api: {
@@ -138,6 +139,20 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
        "image/jpeg",
      ];

+      const dataValidation = UploadFileSchema.safeParse({
+        id: Number(req.query.linkId),
+        format: Number(req.query.format),
+        file: files.file,
+      });
+
+      if (!dataValidation.success) {
+        return res.status(400).json({
+          response: `Error: ${
+            dataValidation.error.issues[0].message
+          } [${dataValidation.error.issues[0].path.join(", ")}]`,
+        });
+      }
+
      if (
        err ||
        !files.file ||
@@ -1,5 +1,6 @@
 import { prisma } from "@/lib/api/db";
 import sendPasswordResetRequest from "@/lib/api/sendPasswordResetRequest";
+import { ForgotPasswordSchema } from "@/lib/shared/schemaValidation";
 import type { NextApiRequest, NextApiResponse } from "next";

 export default async function forgotPassword(
@@ -13,14 +14,18 @@ export default async function forgotPassword(
          "This action is disabled because this is a read-only demo of Linkwarden.",
      });

-    const email = req.body.email;
+    const dataValidation = ForgotPasswordSchema.safeParse(req.body);

-    if (!email) {
+    if (!dataValidation.success) {
      return res.status(400).json({
-        response: "Invalid email.",
+        response: `Error: ${
+          dataValidation.error.issues[0].message
+        } [${dataValidation.error.issues[0].path.join(", ")}]`,
      });
    }

+    const { email } = dataValidation.data;
+
    const recentPasswordRequestsCount = await prisma.passwordResetToken.count({
      where: {
        identifier: email,
@@ -45,7 +50,7 @@ export default async function forgotPassword(

    if (!user || !user.email) {
      return res.status(400).json({
-        response: "Invalid email.",
+        response: "No user found with that email.",
      });
    }

@@ -1,6 +1,7 @@
 import { prisma } from "@/lib/api/db";
 import type { NextApiRequest, NextApiResponse } from "next";
 import bcrypt from "bcrypt";
+import { ResetPasswordSchema } from "@/lib/shared/schemaValidation";

 export default async function resetPassword(
  req: NextApiRequest,
@@ -13,20 +14,17 @@ export default async function resetPassword(
          "This action is disabled because this is a read-only demo of Linkwarden.",
      });

-    const token = req.body.token;
-    const password = req.body.password;
+    const dataValidation = ResetPasswordSchema.safeParse(req.body);

-    if (!password || password.length < 8) {
+    if (!dataValidation.success) {
      return res.status(400).json({
-        response: "Password must be at least 8 characters.",
+        response: `Error: ${
+          dataValidation.error.issues[0].message
+        } [${dataValidation.error.issues[0].path.join(", ")}]`,
      });
    }

-    if (!token || typeof token !== "string") {
-      return res.status(400).json({
-        response: "Invalid token.",
-      });
-    }
+    const { token, password } = dataValidation.data;

    // Hashed password
    const saltRounds = 10;
@@ -1,5 +1,6 @@
 import { prisma } from "@/lib/api/db";
 import updateCustomerEmail from "@/lib/api/updateCustomerEmail";
+import { VerifyEmailSchema } from "@/lib/shared/schemaValidation";
 import type { NextApiRequest, NextApiResponse } from "next";

 export default async function verifyEmail(
@@ -13,14 +14,18 @@ export default async function verifyEmail(
          "This action is disabled because this is a read-only demo of Linkwarden.",
      });

-    const token = req.query.token;
+    const dataValidation = VerifyEmailSchema.safeParse(req.query);

-    if (!token || typeof token !== "string") {
+    if (!dataValidation.success) {
      return res.status(400).json({
-        response: "Invalid token.",
+        response: `Error: ${
+          dataValidation.error.issues[0].message
+        } [${dataValidation.error.issues[0].path.join(", ")}]`,
      });
    }

+    const { token } = dataValidation.data;
+
    // Check token in db
    const verifyToken = await prisma.verificationToken.findFirst({
      where: {
@@ -1,12 +1,23 @@
 import type { NextApiRequest, NextApiResponse } from "next";
 import verifyByCredentials from "@/lib/api/verifyByCredentials";
 import createSession from "@/lib/api/controllers/session/createSession";
+import { PostSessionSchema } from "@/lib/shared/schemaValidation";

 export default async function session(
  req: NextApiRequest,
  res: NextApiResponse
 ) {
-  const { username, password, sessionName } = req.body;
+  const dataValidation = PostSessionSchema.safeParse(req.body);
+
+  if (!dataValidation.success) {
+    return res.status(400).json({
+      response: `Error: ${
+        dataValidation.error.issues[0].message
+      } [${dataValidation.error.issues[0].path.join(", ")}]`,
+    });
+  }
+
+  const { username, password, sessionName } = dataValidation.data;

  const user = await verifyByCredentials({ username, password });

@@ -17,7 +17,7 @@ export default async function tokens(
          "This action is disabled because this is a read-only demo of Linkwarden.",
      });

-    const token = await postToken(JSON.parse(req.body), user.id);
+    const token = await postToken(req.body, user.id);
    return res.status(token.status).json({ response: token.response });
  } else if (req.method === "GET") {
    const token = await getTokens(user.id);