Adding validation to pages to protect against screen/page creation with no parameters.
This commit is contained in:
parent
c26eca48ae
commit
f1ff7a0b7c
|
@ -1,5 +1,7 @@
|
||||||
const Router = require("@koa/router")
|
const Router = require("@koa/router")
|
||||||
const StatusCodes = require("../../utilities/statusCodes")
|
const StatusCodes = require("../../utilities/statusCodes")
|
||||||
|
const joiValidator = require("../../middleware/joi-validator")
|
||||||
|
const Joi = require("joi")
|
||||||
const {
|
const {
|
||||||
listScreens,
|
listScreens,
|
||||||
saveScreen,
|
saveScreen,
|
||||||
|
@ -12,6 +14,33 @@ const { BUILDER } = require("../../utilities/accessLevels")
|
||||||
|
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
|
||||||
|
function generateSaveValidation() {
|
||||||
|
// prettier-ignore
|
||||||
|
return joiValidator.body(Joi.object({
|
||||||
|
_css: Joi.string().allow(""),
|
||||||
|
name: Joi.string().required(),
|
||||||
|
route: Joi.string().required(),
|
||||||
|
props: Joi.object({
|
||||||
|
_id: Joi.string().required(),
|
||||||
|
_component: Joi.string().required(),
|
||||||
|
_children: Joi.array().required(),
|
||||||
|
_instanceName: Joi.string().required(),
|
||||||
|
_styles: Joi.object().required(),
|
||||||
|
type: Joi.string().optional(),
|
||||||
|
table: Joi.string().optional(),
|
||||||
|
}).required().unknown(true),
|
||||||
|
}).unknown(true))
|
||||||
|
}
|
||||||
|
|
||||||
|
function generatePatchValidation() {
|
||||||
|
return joiValidator.body(
|
||||||
|
Joi.object({
|
||||||
|
oldname: Joi.string().required(),
|
||||||
|
newname: Joi.string().required(),
|
||||||
|
}).unknown(true)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
router.post(
|
router.post(
|
||||||
"/_builder/api/:appId/pages/:pageName",
|
"/_builder/api/:appId/pages/:pageName",
|
||||||
authorized(BUILDER),
|
authorized(BUILDER),
|
||||||
|
@ -42,6 +71,7 @@ router.get(
|
||||||
router.post(
|
router.post(
|
||||||
"/_builder/api/:appId/pages/:pagename/screen",
|
"/_builder/api/:appId/pages/:pagename/screen",
|
||||||
authorized(BUILDER),
|
authorized(BUILDER),
|
||||||
|
generateSaveValidation(),
|
||||||
async ctx => {
|
async ctx => {
|
||||||
ctx.body = await saveScreen(
|
ctx.body = await saveScreen(
|
||||||
ctx.config,
|
ctx.config,
|
||||||
|
@ -56,6 +86,7 @@ router.post(
|
||||||
router.patch(
|
router.patch(
|
||||||
"/_builder/api/:appname/pages/:pagename/screen",
|
"/_builder/api/:appname/pages/:pagename/screen",
|
||||||
authorized(BUILDER),
|
authorized(BUILDER),
|
||||||
|
generatePatchValidation(),
|
||||||
async ctx => {
|
async ctx => {
|
||||||
await renameScreen(
|
await renameScreen(
|
||||||
ctx.config,
|
ctx.config,
|
||||||
|
|
Loading…
Reference in New Issue