feat(validation): introduce express-validator on CMS user and article endpoints

Replaces the broken fieldValidation helper (called next() without return,
so execution continued on invalid input) with express-validator chains
applied at the route level. Validation covers: email format, username
constraints, password min length, field lengths, URL and phone formats.
products and tags controllers retain their local fieldValidation pending
a separate ecommerce validation pass.
This commit is contained in:
2026-04-26 22:06:28 +02:00
parent f1f913f63f
commit 61cdec00e7
7 changed files with 113 additions and 35 deletions
+4 -2
View File
@@ -10,14 +10,16 @@ const {
deleteFavoriteArticle
} = require('../../../controllers/articles.controller');
const auth = require('../../../middlewares/auth');
const validate = require('../../../middlewares/validate');
const { createArticleRules, updateArticleRules } = require('../../../middlewares/validators/articles.validators');
const articleRouter = express.Router();
articleRouter.get('/', auth.optional, getArticles);
articleRouter.post('/', auth.required, createArticle);
articleRouter.post('/', auth.required, createArticleRules, validate, createArticle);
articleRouter.get('/feed', auth.required, articlesFeed);
articleRouter.get('/:slug', auth.optional, getArticle);
articleRouter.put('/:slug', auth.required, updateArticle);
articleRouter.put('/:slug', auth.required, updateArticleRules, validate, updateArticle);
articleRouter.delete('/:slug', auth.required, deleteArticle);
articleRouter.post('/:slug/favorite', auth.required, addFavoriteArticle);
articleRouter.delete('/:slug/favorite', auth.required, deleteFavoriteArticle);
+8 -6
View File
@@ -5,6 +5,8 @@ const {
updateUser, updateUserEmail, updateUserPassword, updateUserRole, updateUserUsername
} = require('../../../controllers/users.controller');
const auth = require('../../../middlewares/auth');
const validate = require('../../../middlewares/validate');
const { createUserRules, loginRules, updateUserRules, updateEmailRules, updateUsernameRules, updateRoleRules } = require('../../../middlewares/validators/users.validators');
const userRouter = express.Router();
@@ -17,15 +19,15 @@ const authLimiter = rateLimit({
});
userRouter.get('/', auth.required, getUser);
userRouter.put('/', auth.required, updateUser);
userRouter.post('/', authLimiter, auth.optional, createUser);
userRouter.put('/', auth.required, updateUserRules, validate, updateUser);
userRouter.post('/', authLimiter, auth.optional, createUserRules, validate, createUser);
userRouter.get('/authenticate', auth.optional, authenticate);
userRouter.post('/login', authLimiter, auth.optional, loginAsUser);
userRouter.post('/login', authLimiter, auth.optional, loginRules, validate, loginAsUser);
//userRouter.post('/register', auth.optional, createUser);
//userRouter.get('/users', auth.required, getAllUsers);
userRouter.put('/update/email', auth.required, updateUserEmail);
userRouter.put('/update/email', auth.required, updateEmailRules, validate, updateUserEmail);
userRouter.put('/update/password', auth.required, updateUserPassword);
userRouter.put('/update/role', auth.required, updateUserRole);
userRouter.put('/update/username', auth.required, updateUserUsername);
userRouter.put('/update/role', auth.required, updateRoleRules, validate, updateUserRole);
userRouter.put('/update/username', auth.required, updateUsernameRules, validate, updateUserUsername);
module.exports = userRouter;