feat(validation): introduce express-validator on CMS user and article endpoints
Replaces the broken fieldValidation helper (called next() without return, so execution continued on invalid input) with express-validator chains applied at the route level. Validation covers: email format, username constraints, password min length, field lengths, URL and phone formats. products and tags controllers retain their local fieldValidation pending a separate ecommerce validation pass.
This commit is contained in:
@@ -32,10 +32,6 @@ module.exports.authenticate = asyncHandler(async (req, res, next) => {
|
||||
|
||||
module.exports.createUser = asyncHandler(async (req, res, next) => {
|
||||
try {
|
||||
fieldValidation(req.body.user.username, next);
|
||||
fieldValidation(req.body.user.email, next);
|
||||
fieldValidation(req.body.user.password, next);
|
||||
|
||||
const { username, firstname, lastname, phone, email, password } = req.body.user;
|
||||
const userSlug = UserService.slugify(username);
|
||||
const slugInDB = await UserService.isUsernameUsed(userSlug);
|
||||
@@ -92,12 +88,6 @@ module.exports.getUser = asyncHandler(async (req, res, next) => {
|
||||
|
||||
module.exports.loginAsUser = asyncHandler(async (req, res, next) => {
|
||||
try {
|
||||
if (!req.body.user.email) {
|
||||
return res.status(422).json({ errors: { email: "email can't be blank" } });
|
||||
}
|
||||
if (!req.body.user.password) {
|
||||
return res.status(422).json({ errors: { password: " password can't be blank" } });
|
||||
}
|
||||
passport.authenticate('local', { session: false }, function (err, user, info) {
|
||||
if (err) {
|
||||
return next(err);
|
||||
@@ -161,7 +151,6 @@ module.exports.updateUserEmail = asyncHandler(async (req, res, next) => {
|
||||
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
||||
}
|
||||
|
||||
fieldValidation(req.body.user.email, next);
|
||||
if (typeof req.body.user.email !== 'undefined') {
|
||||
user.email = req.body.user.email;
|
||||
}
|
||||
@@ -205,7 +194,6 @@ module.exports.updateUserRole = asyncHandler(async (req, res, next) => {
|
||||
return next(new ErrorResponse("Forbidden", 403, "You are not allowed to change user roles."));
|
||||
}
|
||||
|
||||
fieldValidation(req.body.user.role, next);
|
||||
if (typeof req.body.user.role !== 'undefined') {
|
||||
user.role = req.body.user.role;
|
||||
}
|
||||
@@ -226,7 +214,6 @@ module.exports.updateUserUsername = asyncHandler(async (req, res, next) => {
|
||||
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
||||
}
|
||||
|
||||
fieldValidation(req.body.user.username, next);
|
||||
if (typeof req.body.user.username !== 'undefined') {
|
||||
user.username = req.body.user.username;
|
||||
}
|
||||
@@ -240,8 +227,3 @@ module.exports.updateUserUsername = asyncHandler(async (req, res, next) => {
|
||||
}
|
||||
});
|
||||
|
||||
const fieldValidation = (field, next) => {
|
||||
if (!field) {
|
||||
return next(new ErrorResponse(`Missing fields`, 400));
|
||||
}
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user