Add api validations.

2026-02-09 23:27:12 +01:00 · 2023-08-19 22:23:15 -07:00 · 2023-08-19 22:23:15 -07:00 · 7a7233ead4
commit 7a7233ead4
parent 7d5a24044a
41 changed files with 690 additions and 180 deletions
--- a/pages/api/me/password.ts
+++ b/pages/api/me/password.ts
@ -1,15 +1,16 @@
+import { useAuth, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody, User } from 'lib/types';
-import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
 import {
  badRequest,
  checkPassword,
+  forbidden,
  hashPassword,
  methodNotAllowed,
-  forbidden,
  ok,
 } from 'next-basics';
 import { getUserById, updateUser } from 'queries';
+import * as yup from 'yup';

 export interface UserPasswordRequestQuery {
  id: string;
@ -20,6 +21,14 @@ export interface UserPasswordRequestBody {
  newPassword: string;
 }

+const schema = {
+  POST: yup.object().shape({
+    id: yup.string().uuid().required(),
+    currentPassword: yup.string().required(),
+    newPassword: yup.string().min(8).required(),
+  }),
+};
+
 export default async (
  req: NextApiRequestQueryBody<UserPasswordRequestQuery, UserPasswordRequestBody>,
  res: NextApiResponse<User>,
@ -30,6 +39,9 @@ export default async (

  await useAuth(req, res);

+  req.yup = schema;
+  await useValidate(req, res);
+
  const { currentPassword, newPassword } = req.body;
  const { id } = req.auth.user;

--- a/pages/api/me/teams.ts
+++ b/pages/api/me/teams.ts
@ -1,10 +1,20 @@
-import { useCors } from 'lib/middleware';
+import { useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody, SearchFilter, TeamSearchFilterType } from 'lib/types';
+import { getFilterValidation } from 'lib/yup';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed } from 'next-basics';
 import userTeams from 'pages/api/users/[id]/teams';
+import * as yup from 'yup';

-export interface MyTeamsRequestQuery extends SearchFilter<TeamSearchFilterType> {}
+export interface MyTeamsRequestQuery extends SearchFilter<TeamSearchFilterType> {
+  id: string;
+}
+
+const schema = {
+  GET: yup.object().shape({
+    ...getFilterValidation(/All|Name|Owner/i),
+  }),
+};

 export default async (
  req: NextApiRequestQueryBody<MyTeamsRequestQuery, any>,
@ -12,7 +22,12 @@ export default async (
 ) => {
  await useCors(req, res);

+  req.yup = schema;
+  await useValidate(req, res);
+
  if (req.method === 'GET') {
+    req.query.id = req.auth.user.id;
+
    return userTeams(req, res);
  }

--- a/pages/api/me/websites.ts
+++ b/pages/api/me/websites.ts
@ -1,11 +1,20 @@
-import { useAuth, useCors } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody, SearchFilter, WebsiteSearchFilterType } from 'lib/types';
+import { getFilterValidation } from 'lib/yup';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed } from 'next-basics';
-
 import userWebsites from 'pages/api/users/[id]/websites';
+import * as yup from 'yup';

-export interface MyWebsitesRequestQuery extends SearchFilter<WebsiteSearchFilterType> {}
+export interface MyWebsitesRequestQuery extends SearchFilter<WebsiteSearchFilterType> {
+  id: string;
+}
+
+const schema = {
+  GET: yup.object().shape({
+    ...getFilterValidation(/All|Name|Domain/i),
+  }),
+};

 export default async (
  req: NextApiRequestQueryBody<MyWebsitesRequestQuery, any>,
@ -14,6 +23,9 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

+  req.yup = schema;
+  await useValidate(req, res);
+
  if (req.method === 'GET') {
    req.query.id = req.auth.user.id;