Add api validations.

2026-02-17 19:15:37 +01:00 · 2023-08-19 22:23:15 -07:00 · 2023-08-19 22:23:15 -07:00 · 7a7233ead4
commit 7a7233ead4
parent 7d5a24044a
41 changed files with 690 additions and 180 deletions
--- a/pages/api/websites/[id]/events.ts
+++ b/pages/api/websites/[id]/events.ts
@ -1,6 +1,6 @@
 import { WebsiteMetric, NextApiRequestQueryBody } from 'lib/types';
 import { canViewWebsite } from 'lib/auth';
-import { useAuth, useCors } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import moment from 'moment-timezone';
 import { NextApiResponse } from 'next';
 import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
@ -16,9 +16,21 @@ export interface WebsiteEventsRequestQuery {
  unit: string;
  timezone: string;
  url: string;
-  eventName: string;
 }

+import * as yup from 'yup';
+
+const schema = {
+  GET: yup.object().shape({
+    id: yup.string().uuid().required(),
+    startAt: yup.number().integer().required(),
+    endAt: yup.number().integer().moreThan(yup.ref('startAt')).required(),
+    unit: yup.string().required(),
+    timezone: yup.string().required(),
+    url: yup.string(),
+  }),
+};
+
 export default async (
  req: NextApiRequestQueryBody<WebsiteEventsRequestQuery>,
  res: NextApiResponse<WebsiteMetric>,
@ -26,7 +38,10 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

-  const { id: websiteId, timezone, url, eventName } = req.query;
+  req.yup = schema;
+  await useValidate(req, res);
+
+  const { id: websiteId, timezone, url } = req.query;
  const { startDate, endDate, unit } = await parseDateRangeQuery(req);

  if (req.method === 'GET') {
@ -44,7 +59,6 @@ export default async (
      timezone,
      unit,
      url,
-      eventName,
    });

    return ok(res, events);