foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2025-01-03 15:16:52 -05:00
Code Issues Releases Wiki Activity

Fix string coercion of number types in body verifier

Browse Source
This commit is contained in:
Jack Foltz 2019-01-01 16:29:37 -05:00
parent e2985de01d
commit d1610db1fe
Signed by: foltik
GPG Key ID: D1F0331758D1F29A
2 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/util/verifyBody.js
View File

@ -8,18 +8,26 @@ const verifyProp = async (prop, expected) => {
return;
if (expected.type) {
if (expected.type === 'date' && isNaN(new Date(prop)))
throw {code: 400, message: `${expected.name} malformed.`};
else if (expected.type === 'array' && !(prop instanceof Array))
throw {code: 400, message: `${expected.name} malformed.`};
else if (typeof prop !== expected.type)
throw {code: 400, message: `${expected.name} malformed.`};
if (expected.type === 'date') {
if (isNaN(new Date(prop)))
throw {code: 400, message: `${expected.name} malformed.`};
} else if (expected.type === 'array') {
if (!(prop instanceof Array))
throw {code: 400, message: `${expected.name} malformed.`};
} else if (expected.type === 'number') {
if (isNaN(parseInt(prop)))
throw {code: 400, message: `${expected.name} malformed.`};
} else {
if (typeof prop !== expected.type)
throw {code: 400, message: `${expected.name} malformed.`};
}
}
if (expected.min && prop < expected.min)
if (expected.min && parseInt(prop) < expected.min)
throw {code: 400, message: `${expected.name} too small.`};
if (expected.max && prop > expected.max)
if (expected.max && parseInt(prop) > expected.max)
throw {code: 400, message: `${expected.name} too large.`};
if (expected.maxLength && prop.length > expected.maxLength)

6
test/middleware.js
View File

@ -28,11 +28,11 @@ describe('Body Verification', () => {
expected: [{name: 'test', type: 'date'}],
body: {test: '11/12/2018'}
}, {
expected: [{name: 'test', type: 'date'}],
body: {test: 1546368715}
expected: [{name: 'test', type: 'number'}],
body: {test: '1546368715'}
}, {
expected: [{name: 'test', type: 'number', min: 12, max: 16}],
body: {test: 16}
body: {test: '16'}
}];
return Promise.all(tests.map(test => testVerifyBody(test.body, test.expected)));