Add api validations.

pages/api/event-data/events.ts

@@ -1,26 +1,37 @@
 import { canViewWebsite } from 'lib/auth';
-import { useCors, useAuth } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { ok, methodNotAllowed, unauthorized } from 'next-basics';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { getEventDataEvents } from 'queries';
+import * as yup from 'yup';
 
-export interface EventDataEventsRequestQuery {
+export interface EventDataFieldsRequestQuery {
   websiteId: string;
-  dateRange: {
-    startDate: string;
-    endDate: string;
-  };
-  event?: string;
+  startAt: string;
+  endAt: string;
+  event: string;
 }
 
+const schema = {
+  GET: yup.object().shape({
+    websiteId: yup.string().uuid().required(),
+    startAt: yup.number().integer().required(),
+    endAt: yup.number().integer().moreThan(yup.ref('startAt')).required(),
+    event: yup.string().required(),
+  }),
+};
+
 export default async (
-  req: NextApiRequestQueryBody<EventDataEventsRequestQuery>,
+  req: NextApiRequestQueryBody<EventDataFieldsRequestQuery, any>,
   res: NextApiResponse<any>,
 ) => {
   await useCors(req, res);
   await useAuth(req, res);
 
+  req.yup = schema;
+  await useValidate(req, res);
+
   if (req.method === 'GET') {
     const { websiteId, startAt, endAt, event } = req.query;
 

pages/api/event-data/fields.ts

@@ -1,19 +1,27 @@
 import { canViewWebsite } from 'lib/auth';
-import { useCors, useAuth } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { ok, methodNotAllowed, unauthorized } from 'next-basics';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { getEventDataFields } from 'queries';
+import * as yup from 'yup';
 
 export interface EventDataFieldsRequestQuery {
   websiteId: string;
-  dateRange: {
-    startDate: string;
-    endDate: string;
-  };
+  startAt: string;
+  endAt: string;
   field?: string;
 }
 
+const schema = {
+  GET: yup.object().shape({
+    websiteId: yup.string().uuid().required(),
+    startAt: yup.number().integer().required(),
+    endAt: yup.number().integer().moreThan(yup.ref('startAt')).required(),
+    field: yup.string(),
+  }),
+};
+
 export default async (
   req: NextApiRequestQueryBody<EventDataFieldsRequestQuery>,
   res: NextApiResponse<any>,
@@ -21,6 +29,9 @@ export default async (
   await useCors(req, res);
   await useAuth(req, res);
 
+  req.yup = schema;
+  await useValidate(req, res);
+
   if (req.method === 'GET') {
     const { websiteId, startAt, endAt, field } = req.query;
 

pages/api/event-data/stats.ts

@@ -1,18 +1,24 @@
 import { canViewWebsite } from 'lib/auth';
-import { useCors, useAuth } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { ok, methodNotAllowed, unauthorized } from 'next-basics';
-import { getEventDataStats } from 'queries';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
+import * as yup from 'yup';
 
 export interface EventDataStatsRequestQuery {
   websiteId: string;
-  dateRange: {
-    startDate: string;
-    endDate: string;
-  };
+  startAt: string;
+  endAt: string;
 }
 
+const schema = {
+  GET: yup.object().shape({
+    websiteId: yup.string().uuid().required(),
+    startAt: yup.number().integer().required(),
+    endAt: yup.number().integer().moreThan(yup.ref('startAt')).required(),
+  }),
+};
+
 export default async (
   req: NextApiRequestQueryBody<EventDataStatsRequestQuery>,
   res: NextApiResponse<any>,
@@ -20,6 +26,9 @@ export default async (
   await useCors(req, res);
   await useAuth(req, res);
 
+  req.yup = schema;
+  await useValidate(req, res);
+
   if (req.method === 'GET') {
     const { websiteId, startAt, endAt } = req.query;