Add api validations.

pages/api/reports/index.ts

@@ -1,10 +1,11 @@
-import { canViewWebsite } from 'lib/auth';
 import { uuid } from 'lib/crypto';
-import { useAuth, useCors } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody, ReportSearchFilterType, SearchFilter } from 'lib/types';
+import { getFilterValidation } from 'lib/yup';
 import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { createReport, getReportsByUserId, getReportsByWebsiteId } from 'queries';
+import { methodNotAllowed, ok } from 'next-basics';
+import { createReport, getReportsByUserId } from 'queries';
+import * as yup from 'yup';
 
 export interface ReportsRequestQuery extends SearchFilter<ReportSearchFilterType> {}
 
@@ -14,11 +15,28 @@ export interface ReportRequestBody {
   type: string;
   description: string;
   parameters: {
-    window: string;
-    urls: string[];
+    [key: string]: any;
   };
 }
 
+const schema = {
+  GET: yup.object().shape({
+    ...getFilterValidation(/All|Name|Description|Type|Username|Website Name|Website Domain/i),
+  }),
+  POST: yup.object().shape({
+    websiteId: yup.string().uuid().required(),
+    name: yup.string().max(200).required(),
+    type: yup
+      .string()
+      .matches(/funnel|insights|retention/i)
+      .required(),
+    description: yup.string().max(500),
+    parameters: yup
+      .object()
+      .test('len', 'Must not exceed 6000 characters.', val => JSON.stringify(val).length < 6000),
+  }),
+};
+
 export default async (
   req: NextApiRequestQueryBody<any, ReportRequestBody>,
   res: NextApiResponse,
@@ -26,6 +44,9 @@ export default async (
   await useCors(req, res);
   await useAuth(req, res);
 
+  req.yup = schema;
+  await useValidate(req, res);
+
   const {
     user: { id: userId },
   } = req.auth;