feat(validation): introduce express-validator on CMS user and article endpoints
Replaces the broken fieldValidation helper (called next() without return, so execution continued on invalid input) with express-validator chains applied at the route level. Validation covers: email format, username constraints, password min length, field lengths, URL and phone formats. products and tags controllers retain their local fieldValidation pending a separate ecommerce validation pass.
This commit is contained in:
@@ -5,6 +5,8 @@ const {
|
||||
updateUser, updateUserEmail, updateUserPassword, updateUserRole, updateUserUsername
|
||||
} = require('../../../controllers/users.controller');
|
||||
const auth = require('../../../middlewares/auth');
|
||||
const validate = require('../../../middlewares/validate');
|
||||
const { createUserRules, loginRules, updateUserRules, updateEmailRules, updateUsernameRules, updateRoleRules } = require('../../../middlewares/validators/users.validators');
|
||||
|
||||
const userRouter = express.Router();
|
||||
|
||||
@@ -17,15 +19,15 @@ const authLimiter = rateLimit({
|
||||
});
|
||||
|
||||
userRouter.get('/', auth.required, getUser);
|
||||
userRouter.put('/', auth.required, updateUser);
|
||||
userRouter.post('/', authLimiter, auth.optional, createUser);
|
||||
userRouter.put('/', auth.required, updateUserRules, validate, updateUser);
|
||||
userRouter.post('/', authLimiter, auth.optional, createUserRules, validate, createUser);
|
||||
userRouter.get('/authenticate', auth.optional, authenticate);
|
||||
userRouter.post('/login', authLimiter, auth.optional, loginAsUser);
|
||||
userRouter.post('/login', authLimiter, auth.optional, loginRules, validate, loginAsUser);
|
||||
//userRouter.post('/register', auth.optional, createUser);
|
||||
//userRouter.get('/users', auth.required, getAllUsers);
|
||||
userRouter.put('/update/email', auth.required, updateUserEmail);
|
||||
userRouter.put('/update/email', auth.required, updateEmailRules, validate, updateUserEmail);
|
||||
userRouter.put('/update/password', auth.required, updateUserPassword);
|
||||
userRouter.put('/update/role', auth.required, updateUserRole);
|
||||
userRouter.put('/update/username', auth.required, updateUserUsername);
|
||||
userRouter.put('/update/role', auth.required, updateRoleRules, validate, updateUserRole);
|
||||
userRouter.put('/update/username', auth.required, updateUsernameRules, validate, updateUserUsername);
|
||||
|
||||
module.exports = userRouter;
|
||||
|
||||
Reference in New Issue
Block a user