From 3e3a46248b4ff1b47ad19359a91d634d6ae64279 Mon Sep 17 00:00:00 2001 From: Nial <48334675+nmcc1212@users.noreply.github.com> Date: Fri, 16 Feb 2024 15:32:03 +0000 Subject: [PATCH] Add validation and error handling to postRoutes --- newAPI/src/routes/postRoutes.ts | 45 ++++++++++++++++++++++++++++++--- newAPI/src/routes/userRoutes.ts | 1 - 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/newAPI/src/routes/postRoutes.ts b/newAPI/src/routes/postRoutes.ts index a1c2047..6966661 100644 --- a/newAPI/src/routes/postRoutes.ts +++ b/newAPI/src/routes/postRoutes.ts @@ -1,10 +1,20 @@ import { Router, Response, Request } from "express"; +import { body, validationResult, query, param } from "express-validator"; import Post from "../schemas/postsSchema"; import authenticateUser from "../middlewares/userAuth"; const postRouter = Router(); -// auth required, returns all posts, can filter by userID or _id -postRouter.get("/", async (req: Request, res: Response) => { + +const getValidation = [ + query("userID").optional(), // Add validation for other query parameters as needed + query("_id").optional().isMongoId().withMessage("Invalid _id format"), +]; +// returns all posts, can filter by userID or _id +postRouter.get("/", getValidation, async (req: Request, res: Response) => { + const errors = validationResult(req); + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }); + } if (req.query.userID !== undefined) { const posts = await Post.find({ userID: req.query.userID }); return res.json(posts); @@ -18,10 +28,20 @@ postRouter.get("/", async (req: Request, res: Response) => { }); // auth required, _id required in params +const deleteValidation = [ + param("_id").isMongoId().withMessage("Invalid _id format"), + body("auth").isObject().withMessage("Auth object is required"), + body("auth.username").notEmpty().withMessage("Username is required in auth object"), + body("auth.password").notEmpty().withMessage("Password is required in auth object"), +]; postRouter.delete( "/:_id", - authenticateUser, + authenticateUser, deleteValidation, async (req: Request, res: Response) => { + const errors = validationResult(req); + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }); + } try { const _id = req.params._id; if (!req.params._id) { @@ -51,11 +71,22 @@ postRouter.delete( } } ); +const patchValidation = [ + param("_id").isMongoId().withMessage("Invalid _id format"), + body("auth").isObject().withMessage("Auth object is required"), + body("auth.username").notEmpty().withMessage("Username is required in auth object"), + body("auth.password").notEmpty().withMessage("Password is required in auth object"), + body("content").notEmpty().withMessage("Content needed"), // Add validation for other fields as needed +]; // auth required, _id required in url, content required in body,returns updated post postRouter.patch( "/:_id", - authenticateUser, + authenticateUser, patchValidation, async (req: Request, res: Response) => { + const errors = validationResult(req); + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }); + } if (!req.params._id) { return res.status(400).json({ message: "_id is required" }); } @@ -85,6 +116,12 @@ postRouter.patch( } ); +const postValidation = [ + body("auth").isObject().withMessage("Auth object is required"), + body("auth.username").notEmpty().withMessage("Username is required in auth object"), + body("auth.password").notEmpty().withMessage("Password is required in auth object"), + body("content").notEmpty().withMessage("Content is required"), +]; // content required in body, returns created post postRouter.post("/", authenticateUser, async (req: Request, res: Response) => { if (!req.body.content) { diff --git a/newAPI/src/routes/userRoutes.ts b/newAPI/src/routes/userRoutes.ts index 2f34224..ccad6e3 100644 --- a/newAPI/src/routes/userRoutes.ts +++ b/newAPI/src/routes/userRoutes.ts @@ -11,7 +11,6 @@ const PostValidation = [ body("email").isEmail().withMessage("Invalid email format"), body("password").notEmpty().withMessage("Password is required"), ]; - // username, email, and password required userRouter.post("/", PostValidation, async (req: Request, res: Response) => { const errors = validationResult(req);