From 97aa4ae4d3ec7f698b4be491cb6eab5724149419 Mon Sep 17 00:00:00 2001 From: Jonasz Bigda Date: Thu, 4 Feb 2021 18:07:17 +0100 Subject: [PATCH] additional validation of data --- models/restaurant.js | 3 ++- routes/routeRestaurant.js | 6 ++++-- services/validations.js | 21 ++++++++++++++++++--- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/models/restaurant.js b/models/restaurant.js index bf73dfa..25206ec 100644 --- a/models/restaurant.js +++ b/models/restaurant.js @@ -39,7 +39,8 @@ const restaurantSchema = mongoose.Schema({ }, imgUrl: { type: String, - maxlength: 128 + maxlength: 128, + required: true }, workingHours: { pn: { diff --git a/routes/routeRestaurant.js b/routes/routeRestaurant.js index 74cb409..d43a82a 100644 --- a/routes/routeRestaurant.js +++ b/routes/routeRestaurant.js @@ -23,7 +23,7 @@ const { checkPassword, } = require("../services/services.js"); const Restaurant = require("../models/restaurant.js"); -const { validateRestaurant } = require("../services/validations.js"); +const { validateRestaurantData, validateLunchSet } = require("../services/validations.js"); var router = express.Router(); @@ -45,7 +45,7 @@ router.post("/", async (req, res) => { try { const token = req.headers["x-auth-token"]; const user = validateUserToken(token); - validateRestaurant(req.body); + validateRestaurantData(req.body); const restaurant = await createRestaurant(req.body).catch((err) => { throw newError("Nie udało się zapisać zdjęcia.", 500); }); @@ -63,6 +63,7 @@ router.put("/", async (req, res) => { try { const token = req.headers["x-auth-token"]; const user = validateUserToken(token); + validateRestaurantData(req.body); const oldRestaurant = await fetchRestaurant(req.body.restaurantId); const newRestaurant = await createRestaurant(req.body, oldRestaurant); await verifyRestaurantAccess(req.body.restaurantId, user); @@ -113,6 +114,7 @@ router.post("/lunchSet", async (req, res) => { try { const token = req.headers["x-auth-token"]; const user = validateUserToken(token); + validateLunchSet(req.body.set); await validateRestaurant(req.body.restaurantId); await verifyRestaurantAccess(req.body.restaurantId, user); await changeLunchMenuSet( diff --git a/services/validations.js b/services/validations.js index a94517d..05a1753 100644 --- a/services/validations.js +++ b/services/validations.js @@ -43,11 +43,25 @@ const validateSearch = function(string){ } } -const validateRestaurant = function(requestBody){ +const validateRestaurantData = function(requestBody){ const name = validator.isLength(requestBody.name, { max: 64 }) const city = validator.isLength(requestBody.city, { max: 64 }) const adress = validator.isLength(requestBody.adress, { max: 64 }) - const imgURL = validator.isURL(requestBody.imgUrl) && validator.contains(requestBody.imgUrl, "https://menuicdn.fra1.digitaloceanspaces.com/") + const type = validator.isLength(requestBody.type, { max: 64 }) + const description = true; + if(requestBody.description){ + description = validator.isLength(requestBody.description, { max: 400 }) + } + if(!name || !city || !adress || !type || !description){ + throw newError("Dane nieprawidłowe", 400) + } +} + +const validateLunchSet = function(set){ + const name = validator.isLength(set.lunchSetName, { min: 2, max: 64 }) + if(!name){ + throw newError("Nieprawidłowe dane", 400) + } } // EXPORTS @@ -56,4 +70,5 @@ exports.validateLogin = validateLogin; exports.validateRegister = validateRegister; exports.validatePassword = validatePassword; exports.validateSearch = validateSearch; -exports.validateRestaurant = validateRestaurant; \ No newline at end of file +exports.validateRestaurantData = validateRestaurantData; +exports.validateLunchSet = validateLunchSet; \ No newline at end of file