Adding validation to pages to protect against screen/page creation with no parameters.

This commit is contained in:
mike12345567 2020-10-21 17:35:39 +01:00
parent d08c1f7140
commit 122c34e65c
1 changed files with 31 additions and 0 deletions

View File

@ -1,5 +1,7 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const StatusCodes = require("../../utilities/statusCodes") const StatusCodes = require("../../utilities/statusCodes")
const joiValidator = require("../../middleware/joi-validator")
const Joi = require("joi")
const { const {
listScreens, listScreens,
saveScreen, saveScreen,
@ -12,6 +14,33 @@ const { BUILDER } = require("../../utilities/accessLevels")
const router = Router() const router = Router()
function generateSaveValidation() {
// prettier-ignore
return joiValidator.body(Joi.object({
_css: Joi.string().allow(""),
name: Joi.string().required(),
route: Joi.string().required(),
props: Joi.object({
_id: Joi.string().required(),
_component: Joi.string().required(),
_children: Joi.array().required(),
_instanceName: Joi.string().required(),
_styles: Joi.object().required(),
type: Joi.string().optional(),
table: Joi.string().optional(),
}).required().unknown(true),
}).unknown(true))
}
function generatePatchValidation() {
return joiValidator.body(
Joi.object({
oldname: Joi.string().required(),
newname: Joi.string().required(),
}).unknown(true)
)
}
router.post( router.post(
"/_builder/api/:appId/pages/:pageName", "/_builder/api/:appId/pages/:pageName",
authorized(BUILDER), authorized(BUILDER),
@ -42,6 +71,7 @@ router.get(
router.post( router.post(
"/_builder/api/:appId/pages/:pagename/screen", "/_builder/api/:appId/pages/:pagename/screen",
authorized(BUILDER), authorized(BUILDER),
generateSaveValidation(),
async ctx => { async ctx => {
ctx.body = await saveScreen( ctx.body = await saveScreen(
ctx.config, ctx.config,
@ -56,6 +86,7 @@ router.post(
router.patch( router.patch(
"/_builder/api/:appname/pages/:pagename/screen", "/_builder/api/:appname/pages/:pagename/screen",
authorized(BUILDER), authorized(BUILDER),
generatePatchValidation(),
async ctx => { async ctx => {
await renameScreen( await renameScreen(
ctx.config, ctx.config,