Merge pull request #232 from syuilo/#226

#226、あとTypeScriptにした

14 files changed, 180 insertions, 367 deletions

diff --git a/src/api/endpoints/posts/context.js b/src/api/endpoints/posts/context.ts
index b843044642..5b0a56f356 100644
--- a/src/api/endpoints/posts/context.js
+++ b/src/api/endpoints/posts/context.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Post from '../../models/post';
 import serialize from '../../serializers/post';
 
@@ -18,39 +18,24 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'post_id' parameter
-	const postId = params.post_id;
-	if (postId === undefined || postId === null) {
-		return rej('post_id is required');
-	}
+	const [postId, postIdErr] = it(params.post_id, 'id', true);
+	if (postIdErr) return rej('invalid post_id param');
 
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
-
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
 	// Get 'offset' parameter
-	let offset = params.offset;
-	if (offset !== undefined && offset !== null) {
-		offset = parseInt(offset, 10);
-	} else {
-		offset = 0;
-	}
+	const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed();
+	if (offsetErr) return rej('invalid offset param');
 
 	// Lookup post
 	const post = await Post.findOne({
-		_id: new mongo.ObjectID(postId)
+		_id: postId
 	});
 
 	if (post === null) {
-		return rej('post not found', 'POST_NOT_FOUND');
+		return rej('post not found');
 	}
 
 	const context = [];
diff --git a/src/api/endpoints/posts/create.js b/src/api/endpoints/posts/create.ts
index 57e95bd712..3dc121305c 100644
--- a/src/api/endpoints/posts/create.js
+++ b/src/api/endpoints/posts/create.ts
@@ -3,29 +3,19 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import parse from '../../../common/text';
 import Post from '../../models/post';
+import { isValidText } from '../../models/post';
 import User from '../../models/user';
 import Following from '../../models/following';
 import DriveFile from '../../models/drive-file';
 import serialize from '../../serializers/post';
-import createFile from '../../common/add-file-to-drive';
 import notify from '../../common/notify';
 import event from '../../event';
 import config from '../../../conf';
 
 /**
- * 最大文字数
- */
-const maxTextLength = 1000;
-
-/**
- * 添付できるファイルの数
- */
-const maxMediaCount = 4;
-
-/**
  * Create a post
  *
  * @param {any} params
@@ -37,55 +27,26 @@ module.exports = (params, user, app) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'text' parameter
-	let text = params.text;
-	if (text !== undefined && text !== null) {
-		if (typeof text != 'string') {
-			return rej('text must be a string');
-		}
-		text = text.trim();
-		if (text.length == 0) {
-			text = null;
-		} else if (text.length > maxTextLength) {
-			return rej('too long text');
-		}
-	} else {
-		text = null;
-	}
+	const [text, textErr] = it(params.text).must.be.a.string().validate(isValidText).qed();
+	if (textErr) return rej('invalid text');
 
 	// Get 'media_ids' parameter
-	let medias = params.media_ids;
-	let files = [];
-	if (medias !== undefined && medias !== null) {
-		if (!Array.isArray(medias)) {
-			return rej('media_ids must be an array');
-		}
-
-		if (medias.length > maxMediaCount) {
-			return rej('too many media');
-		}
-
-		// Drop duplications
-		medias = medias.filter((x, i, s) => s.indexOf(x) == i);
+	const [mediaIds, mediaIdsErr] = it(params.media_ids).must.be.an.array().unique().range(1, 4).qed();
+	if (mediaIdsErr) return rej('invalid media_ids');
 
+	let files = [];
+	if (mediaIds !== null) {
 		// Fetch files
 		// forEach だと途中でエラーなどがあっても return できないので
 		// 敢えて for を使っています。
-		for (let i = 0; i < medias.length; i++) {
-			const media = medias[i];
-
-			if (typeof media != 'string') {
-				return rej('media id must be a string');
-			}
-
-			// Validate id
-			if (!mongo.ObjectID.isValid(media)) {
-				return rej('incorrect media id');
-			}
+		for (let i = 0; i < mediaIds.length; i++) {
+			const [mediaId, mediaIdErr] = it(mediaIds[i]).must.be.an.id().required().qed();
+			if (mediaIdErr) return rej('invalid media id');
 
 			// Fetch file
 			// SELECT _id
 			const entity = await DriveFile.findOne({
-				_id: new mongo.ObjectID(media),
+				_id: mediaId,
 				user_id: user._id
 			}, {
 				_id: true
@@ -102,20 +63,14 @@ module.exports = (params, user, app) =>
 	}
 
 	// Get 'repost_id' parameter
-	let repost = params.repost_id;
-	if (repost !== undefined && repost !== null) {
-		if (typeof repost != 'string') {
-			return rej('repost_id must be a string');
-		}
-
-		// Validate id
-		if (!mongo.ObjectID.isValid(repost)) {
-			return rej('incorrect repost_id');
-		}
+	const [repostId, repostIdErr] = it(params.repost_id).must.be.an.id().qed();
+	if (repostIdErr) return rej('invalid repost_id');
 
+	let repost = null;
+	if (repostId !== null) {
 		// Fetch repost to post
 		repost = await Post.findOne({
-			_id: new mongo.ObjectID(repost)
+			_id: repostId
 		});
 
 		if (repost == null) {
@@ -147,92 +102,56 @@ module.exports = (params, user, app) =>
 				text === null && files === null) {
 			return rej('二重Repostです(NEED TRANSLATE)');
 		}
-	} else {
-		repost = null;
 	}
 
-	// Get 'reply_to_id' parameter
-	let replyTo = params.reply_to_id;
-	if (replyTo !== undefined && replyTo !== null) {
-		if (typeof replyTo != 'string') {
-			return rej('reply_to_id must be a string');
-		}
-
-		// Validate id
-		if (!mongo.ObjectID.isValid(replyTo)) {
-			return rej('incorrect reply_to_id');
-		}
+	// Get 'in_reply_to_post_id' parameter
+	const [inReplyToPostId, inReplyToPostIdErr] = it(params.reply_to_id, 'id');
+	if (inReplyToPostIdErr) return rej('invalid in_reply_to_post_id');
 
+	let inReplyToPost = null;
+	if (inReplyToPostId !== null) {
 		// Fetch reply
-		replyTo = await Post.findOne({
-			_id: new mongo.ObjectID(replyTo)
+		inReplyToPost = await Post.findOne({
+			_id: inReplyToPostId
 		});
 
-		if (replyTo === null) {
-			return rej('reply to post is not found');
+		if (inReplyToPost === null) {
+			return rej('in reply to post is not found');
 		}
 
 		// 返信対象が引用でないRepostだったらエラー
-		if (replyTo.repost_id && !replyTo.text && !replyTo.media_ids) {
+		if (inReplyToPost.repost_id && !inReplyToPost.text && !inReplyToPost.media_ids) {
 			return rej('cannot reply to repost');
 		}
-	} else {
-		replyTo = null;
 	}
 
 	// Get 'poll' parameter
-	let poll = params.poll;
-	if (poll !== undefined && poll !== null) {
-		// 選択肢が無かったらエラー
-		if (poll.choices == null) {
-			return rej('poll choices is required');
-		}
+	const [_poll, pollErr] = it(params.poll, 'object');
+	if (pollErr) return rej('invalid poll');
 
-		// 選択肢が配列でなかったらエラー
-		if (!Array.isArray(poll.choices)) {
-			return rej('poll choices must be an array');
-		}
-
-		// 選択肢が空の配列でエラー
-		if (poll.choices.length == 0) {
-			return rej('poll choices is required');
-		}
+	let poll = null;
+	if (_poll !== null) {
+		const [pollChoices, pollChoicesErr] =
+			it(params.poll).expect.array()
+				.unique()
+				.allString()
+				.range(1, 10)
+				.validate(choices => !choices.some(choice => {
+					if (typeof choice != 'string') return true;
+					if (choice.trim().length == 0) return true;
+					if (choice.trim().length > 50) return true;
+					return false;
+				}))
+				.qed();
+		if (pollChoicesErr) return rej('invalid poll choices');
 
-		// Validate each choices
-		const shouldReject = poll.choices.some(choice => {
-			if (typeof choice !== 'string') return true;
-			if (choice.trim().length === 0) return true;
-			if (choice.trim().length > 100) return true;
-		});
-
-		if (shouldReject) {
-			return rej('invalid poll choices');
-		}
-
-		// Trim choices
-		poll.choices = poll.choices.map(choice => choice.trim());
-
-		// Drop duplications
-		poll.choices = poll.choices.filter((x, i, s) => s.indexOf(x) == i);
-
-		// 選択肢がひとつならエラー
-		if (poll.choices.length == 1) {
-			return rej('poll choices must be ひとつ以上');
-		}
-
-		// 選択肢が多すぎてもエラー
-		if (poll.choices.length > 10) {
-			return rej('many poll choices');
-		}
-
-		// serialize
-		poll.choices = poll.choices.map((choice, i) => ({
+		_poll.choices = pollChoices.map((choice, i) => ({
 			id: i, // IDを付与
-			text: choice,
+			text: choice.trim(),
 			votes: 0
 		}));
-	} else {
-		poll = null;
+
+		poll = _poll;
 	}
 
 	// テキストが無いかつ添付ファイルが無いかつRepostも無いかつ投票も無かったらエラー
@@ -244,7 +163,7 @@ module.exports = (params, user, app) =>
 	const post = await Post.insert({
 		created_at: new Date(),
 		media_ids: files ? files.map(file => file._id) : undefined,
-		reply_to_id: replyTo ? replyTo._id : undefined,
+		reply_to_id: inReplyToPost ? inReplyToPost._id : undefined,
 		repost_id: repost ? repost._id : undefined,
 		poll: poll ? poll : undefined,
 		text: text,
@@ -302,21 +221,21 @@ module.exports = (params, user, app) =>
 	});
 
 	// If has in reply to post
-	if (replyTo) {
+	if (inReplyToPost) {
 		// Increment replies count
-		Post.update({ _id: replyTo._id }, {
+		Post.update({ _id: inReplyToPost._id }, {
 			$inc: {
 				replies_count: 1
 			}
 		});
 
 		// 自分自身へのリプライでない限りは通知を作成
-		notify(replyTo.user_id, user._id, 'reply', {
+		notify(inReplyToPost.user_id, user._id, 'reply', {
 			post_id: post._id
 		});
 
 		// Add mention
-		addMention(replyTo.user_id, 'reply');
+		addMention(inReplyToPost.user_id, 'reply');
 	}
 
 	// If it is repost
@@ -361,7 +280,7 @@ module.exports = (params, user, app) =>
 	if (text) {
 		// Analyze
 		const tokens = parse(text);
-
+/*
 		// Extract a hashtags
 		const hashtags = tokens
 			.filter(t => t.type == 'hashtag')
@@ -370,8 +289,8 @@ module.exports = (params, user, app) =>
 			.filter((v, i, s) => s.indexOf(v) == i);
 
 		// ハッシュタグをデータベースに登録
-		//registerHashtags(user, hashtags);
-
+		registerHashtags(user, hashtags);
+*/
 		// Extract an '@' mentions
 		const atMentions = tokens
 			.filter(t => t.type == 'mention')
@@ -392,7 +311,7 @@ module.exports = (params, user, app) =>
 			if (mentionee == null) return;
 
 			// 既に言及されたユーザーに対する返信や引用repostの場合も無視
-			if (replyTo && replyTo.user_id.equals(mentionee._id)) return;
+			if (inReplyToPost && inReplyToPost.user_id.equals(mentionee._id)) return;
 			if (repost && repost.user_id.equals(mentionee._id)) return;
 
 			// Add mention
diff --git a/src/api/endpoints/posts/favorites/create.js b/src/api/endpoints/posts/favorites/create.ts
index 7ee7c0d3fb..45a347ebb3 100644
--- a/src/api/endpoints/posts/favorites/create.js
+++ b/src/api/endpoints/posts/favorites/create.ts
@@ -3,9 +3,9 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
-import Favorite from '../../models/favorite';
-import Post from '../../models/post';
+import it from '../../../it';
+import Favorite from '../../../models/favorite';
+import Post from '../../../models/post';
 
 /**
  * Favorite a post
@@ -17,14 +17,12 @@ import Post from '../../models/post';
 module.exports = (params, user) =>
 	new Promise(async (res, rej) => {
 		// Get 'post_id' parameter
-		let postId = params.post_id;
-		if (postId === undefined || postId === null) {
-			return rej('post_id is required');
-		}
+		const [postId, postIdErr] = it(params.post_id, 'id', true);
+		if (postIdErr) return rej('invalid post_id param');
 
 		// Get favoritee
 		const post = await Post.findOne({
-			_id: new mongo.ObjectID(postId)
+			_id: postId
 		});
 
 		if (post === null) {
diff --git a/src/api/endpoints/posts/favorites/delete.js b/src/api/endpoints/posts/favorites/delete.ts
index 4b36b9bde3..df11215903 100644
--- a/src/api/endpoints/posts/favorites/delete.js
+++ b/src/api/endpoints/posts/favorites/delete.ts
@@ -3,9 +3,9 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
-import Favorite from '../../models/favorite';
-import Post from '../../models/post';
+import it from '../../../it';
+import Favorite from '../../../models/favorite';
+import Post from '../../../models/post';
 
 /**
  * Unfavorite a post
@@ -17,14 +17,12 @@ import Post from '../../models/post';
 module.exports = (params, user) =>
 	new Promise(async (res, rej) => {
 		// Get 'post_id' parameter
-		let postId = params.post_id;
-		if (postId === undefined || postId === null) {
-			return rej('post_id is required');
-		}
+		const [postId, postIdErr] = it(params.post_id, 'id', true);
+		if (postIdErr) return rej('invalid post_id param');
 
 		// Get favoritee
 		const post = await Post.findOne({
-			_id: new mongo.ObjectID(postId)
+			_id: postId
 		});
 
 		if (post === null) {
diff --git a/src/api/endpoints/posts/likes.js b/src/api/endpoints/posts/likes.ts
index 67898218cf..f299de7492 100644
--- a/src/api/endpoints/posts/likes.js
+++ b/src/api/endpoints/posts/likes.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Post from '../../models/post';
 import Like from '../../models/like';
 import serialize from '../../serializers/user';
@@ -19,38 +19,24 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'post_id' parameter
-	const postId = params.post_id;
-	if (postId === undefined || postId === null) {
-		return rej('post_id is required');
-	}
+	const [postId, postIdErr] = it(params.post_id, 'id', true);
+	if (postIdErr) return rej('invalid post_id param');
 
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
-
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
 	// Get 'offset' parameter
-	let offset = params.offset;
-	if (offset !== undefined && offset !== null) {
-		offset = parseInt(offset, 10);
-	} else {
-		offset = 0;
-	}
+	const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed();
+	if (offsetErr) return rej('invalid offset param');
 
 	// Get 'sort' parameter
-	let sort = params.sort || 'desc';
+	const [sort, sortError] = it(params.sort).expect.string().or('desc asc').default('desc').qed();
+	if (sortError) return rej('invalid sort param');
 
 	// Lookup post
 	const post = await Post.findOne({
-		_id: new mongo.ObjectID(postId)
+		_id: postId
 	});
 
 	if (post === null) {
diff --git a/src/api/endpoints/posts/likes/create.js b/src/api/endpoints/posts/likes/create.ts
index 3b2c778a03..0ae417e239 100644
--- a/src/api/endpoints/posts/likes/create.js
+++ b/src/api/endpoints/posts/likes/create.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../../it';
 import Like from '../../../models/like';
 import Post from '../../../models/post';
 import User from '../../../models/user';
@@ -19,19 +19,12 @@ import notify from '../../../common/notify';
 module.exports = (params, user) =>
 	new Promise(async (res, rej) => {
 		// Get 'post_id' parameter
-		let postId = params.post_id;
-		if (postId === undefined || postId === null) {
-			return rej('post_id is required');
-		}
-
-		// Validate id
-		if (!mongo.ObjectID.isValid(postId)) {
-			return rej('incorrect post_id');
-		}
+		const [postId, postIdErr] = it(params.post_id, 'id', true);
+		if (postIdErr) return rej('invalid post_id param');
 
 		// Get likee
 		const post = await Post.findOne({
-			_id: new mongo.ObjectID(postId)
+			_id: postId
 		});
 
 		if (post === null) {
diff --git a/src/api/endpoints/posts/likes/delete.js b/src/api/endpoints/posts/likes/delete.ts
index 1dd0f5b29a..2b642c107f 100644
--- a/src/api/endpoints/posts/likes/delete.js
+++ b/src/api/endpoints/posts/likes/delete.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../../it';
 import Like from '../../../models/like';
 import Post from '../../../models/post';
 import User from '../../../models/user';
@@ -19,19 +19,12 @@ import User from '../../../models/user';
 module.exports = (params, user) =>
 	new Promise(async (res, rej) => {
 		// Get 'post_id' parameter
-		let postId = params.post_id;
-		if (postId === undefined || postId === null) {
-			return rej('post_id is required');
-		}
-
-		// Validate id
-		if (!mongo.ObjectID.isValid(postId)) {
-			return rej('incorrect post_id');
-		}
+		const [postId, postIdErr] = it(params.post_id, 'id', true);
+		if (postIdErr) return rej('invalid post_id param');
 
 		// Get likee
 		const post = await Post.findOne({
-			_id: new mongo.ObjectID(postId)
+			_id: postId
 		});
 
 		if (post === null) {
diff --git a/src/api/endpoints/posts/mentions.js b/src/api/endpoints/posts/mentions.ts
index 5a3d72aab8..59802c558a 100644
--- a/src/api/endpoints/posts/mentions.js
+++ b/src/api/endpoints/posts/mentions.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Post from '../../models/post';
 import getFriends from '../../common/get-friends';
 import serialize from '../../serializers/post';
@@ -19,33 +19,31 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'following' parameter
-	const following = params.following;
+	const [following, followingError] =
+		it(params.following).expect.boolean().default(false).qed();
+	if (followingError) return rej('invalid following param');
 
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	// Get 'since_id' parameter
+	const [sinceId, sinceIdErr] = it(params.since_id).expect.id().qed();
+	if (sinceIdErr) return rej('invalid since_id param');
 
-	const since = params.since_id || null;
-	const max = params.max_id || null;
+	// Get 'max_id' parameter
+	const [maxId, maxIdErr] = it(params.max_id).expect.id().qed();
+	if (maxIdErr) return rej('invalid max_id param');
 
 	// Check if both of since_id and max_id is specified
-	if (since !== null && max !== null) {
+	if (sinceId !== null && maxId !== null) {
 		return rej('cannot set since_id and max_id');
 	}
 
 	// Construct query
 	const query = {
 		mentions: user._id
-	};
+	} as any;
 
 	const sort = {
 		_id: -1
@@ -59,14 +57,14 @@ module.exports = (params, user) =>
 		};
 	}
 
-	if (since) {
+	if (sinceId) {
 		sort._id = 1;
 		query._id = {
-			$gt: new mongo.ObjectID(since)
+			$gt: sinceId
 		};
-	} else if (max) {
+	} else if (maxId) {
 		query._id = {
-			$lt: new mongo.ObjectID(max)
+			$lt: maxId
 		};
 	}
 
diff --git a/src/api/endpoints/posts/polls/vote.js b/src/api/endpoints/posts/polls/vote.ts
index 9f9a5171a0..d0caf7da95 100644
--- a/src/api/endpoints/posts/polls/vote.js
+++ b/src/api/endpoints/posts/polls/vote.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../../it';
 import Vote from '../../../models/poll-vote';
 import Post from '../../../models/post';
 import notify from '../../../common/notify';
@@ -18,19 +18,12 @@ import notify from '../../../common/notify';
 module.exports = (params, user) =>
 	new Promise(async (res, rej) => {
 		// Get 'post_id' parameter
-		const postId = params.post_id;
-		if (postId === undefined || postId === null) {
-			return rej('post_id is required');
-		}
-
-		// Validate id
-		if (!mongo.ObjectID.isValid(postId)) {
-			return rej('incorrect post_id');
-		}
+		const [postId, postIdErr] = it(params.post_id, 'id', true);
+		if (postIdErr) return rej('invalid post_id param');
 
 		// Get votee
 		const post = await Post.findOne({
-			_id: new mongo.ObjectID(postId)
+			_id: postId
 		});
 
 		if (post === null) {
@@ -42,15 +35,12 @@ module.exports = (params, user) =>
 		}
 
 		// Get 'choice' parameter
-		const choice = params.choice;
-		if (choice == null) {
-			return rej('choice is required');
-		}
-
-		// Validate choice
-		if (!post.poll.choices.some(x => x.id == choice)) {
-			return rej('invalid choice');
-		}
+		const [choice, choiceError] =
+			it(params.choice).expect.string()
+				.required()
+				.validate(c => post.poll.choices.some(x => x.id == c))
+				.qed();
+		if (choiceError) return rej('invalid choice param');
 
 		// if already voted
 		const exist = await Vote.findOne({
@@ -76,8 +66,6 @@ module.exports = (params, user) =>
 		const inc = {};
 		inc[`poll.choices.${findWithAttr(post.poll.choices, 'id', choice)}.votes`] = 1;
 
-		console.log(inc);
-
 		// Increment likes count
 		Post.update({ _id: post._id }, {
 			$inc: inc
diff --git a/src/api/endpoints/posts/replies.js b/src/api/endpoints/posts/replies.ts
index cbbb5dc312..3f448d1632 100644
--- a/src/api/endpoints/posts/replies.js
+++ b/src/api/endpoints/posts/replies.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Post from '../../models/post';
 import serialize from '../../serializers/post';
 
@@ -18,42 +18,28 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'post_id' parameter
-	const postId = params.post_id;
-	if (postId === undefined || postId === null) {
-		return rej('post_id is required');
-	}
+	const [postId, postIdErr] = it(params.post_id, 'id', true);
+	if (postIdErr) return rej('invalid post_id param');
 
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
-
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
 	// Get 'offset' parameter
-	let offset = params.offset;
-	if (offset !== undefined && offset !== null) {
-		offset = parseInt(offset, 10);
-	} else {
-		offset = 0;
-	}
+	const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed();
+	if (offsetErr) return rej('invalid offset param');
 
 	// Get 'sort' parameter
-	let sort = params.sort || 'desc';
+	const [sort, sortError] = it(params.sort).expect.string().or('desc asc').default('desc').qed();
+	if (sortError) return rej('invalid sort param');
 
 	// Lookup post
 	const post = await Post.findOne({
-		_id: new mongo.ObjectID(postId)
+		_id: postId
 	});
 
 	if (post === null) {
-		return rej('post not found', 'POST_NOT_FOUND');
+		return rej('post not found');
 	}
 
 	// Issue query
diff --git a/src/api/endpoints/posts/reposts.js b/src/api/endpoints/posts/reposts.ts
index 0ffe44cb16..d8410b322b 100644
--- a/src/api/endpoints/posts/reposts.js
+++ b/src/api/endpoints/posts/reposts.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Post from '../../models/post';
 import serialize from '../../serializers/post';
 
@@ -18,39 +18,33 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'post_id' parameter
-	const postId = params.post_id;
-	if (postId === undefined || postId === null) {
-		return rej('post_id is required');
-	}
+	const [postId, postIdErr] = it(params.post_id, 'id', true);
+	if (postIdErr) return rej('invalid post_id param');
 
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	// Get 'since_id' parameter
+	const [sinceId, sinceIdErr] = it(params.since_id).expect.id().qed();
+	if (sinceIdErr) return rej('invalid since_id param');
 
-	const since = params.since_id || null;
-	const max = params.max_id || null;
+	// Get 'max_id' parameter
+	const [maxId, maxIdErr] = it(params.max_id).expect.id().qed();
+	if (maxIdErr) return rej('invalid max_id param');
 
 	// Check if both of since_id and max_id is specified
-	if (since !== null && max !== null) {
+	if (sinceId !== null && maxId !== null) {
 		return rej('cannot set since_id and max_id');
 	}
 
 	// Lookup post
 	const post = await Post.findOne({
-		_id: new mongo.ObjectID(postId)
+		_id: postId
 	});
 
 	if (post === null) {
-		return rej('post not found', 'POST_NOT_FOUND');
+		return rej('post not found');
 	}
 
 	// Construct query
@@ -59,15 +53,15 @@ module.exports = (params, user) =>
 	};
 	const query = {
 		repost_id: post._id
-	};
-	if (since !== null) {
+	} as any;
+	if (sinceId) {
 		sort._id = 1;
 		query._id = {
-			$gt: new mongo.ObjectID(since)
+			$gt: sinceId
 		};
-	} else if (max !== null) {
+	} else if (maxId) {
 		query._id = {
-			$lt: new mongo.ObjectID(max)
+			$lt: maxId
 		};
 	}
 
diff --git a/src/api/endpoints/posts/search.js b/src/api/endpoints/posts/search.ts
index bc06340fda..1d02f6775d 100644
--- a/src/api/endpoints/posts/search.js
+++ b/src/api/endpoints/posts/search.ts
@@ -4,6 +4,7 @@
  * Module dependencies
  */
 import * as mongo from 'mongodb';
+import it from '../../it';
 const escapeRegexp = require('escape-regexp');
 import Post from '../../models/post';
 import serialize from '../../serializers/post';
@@ -20,31 +21,16 @@ module.exports = (params, me) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'query' parameter
-	let query = params.query;
-	if (query === undefined || query === null || query.trim() === '') {
-		return rej('query is required');
-	}
+	const [query, queryError] = it(params.query).expect.string().required().trim().validate(x => x != '').qed();
+	if (queryError) return rej('invalid query param');
 
 	// Get 'offset' parameter
-	let offset = params.offset;
-	if (offset !== undefined && offset !== null) {
-		offset = parseInt(offset, 10);
-	} else {
-		offset = 0;
-	}
+	const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed();
+	if (offsetErr) return rej('invalid offset param');
 
 	// Get 'max' parameter
-	let max = params.max;
-	if (max !== undefined && max !== null) {
-		max = parseInt(max, 10);
-
-		// From 1 to 30
-		if (!(1 <= max && max <= 30)) {
-			return rej('invalid max range');
-		}
-	} else {
-		max = 10;
-	}
+	const [max, maxErr] = it(params.max).expect.number().range(1, 30).default(10).qed();
+	if (maxErr) return rej('invalid max param');
 
 	// If Elasticsearch is available, search by it
 	// If not, search by MongoDB
diff --git a/src/api/endpoints/posts/show.js b/src/api/endpoints/posts/show.ts
index 4938199cdb..712ef1e160 100644
--- a/src/api/endpoints/posts/show.js
+++ b/src/api/endpoints/posts/show.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Post from '../../models/post';
 import serialize from '../../serializers/post';
 
@@ -18,19 +18,12 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'post_id' parameter
-	const postId = params.post_id;
-	if (postId === undefined || postId === null) {
-		return rej('post_id is required');
-	}
-
-	// Validate id
-	if (!mongo.ObjectID.isValid(postId)) {
-		return rej('incorrect post_id');
-	}
+	const [postId, postIdErr] = it(params.post_id, 'id', true);
+	if (postIdErr) return rej('invalid post_id param');
 
 	// Get post
 	const post = await Post.findOne({
-		_id: new mongo.ObjectID(postId)
+		_id: postId
 	});
 
 	if (post === null) {
diff --git a/src/api/endpoints/posts/timeline.js b/src/api/endpoints/posts/timeline.ts
index 48f7c26940..5744084932 100644
--- a/src/api/endpoints/posts/timeline.js
+++ b/src/api/endpoints/posts/timeline.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Post from '../../models/post';
 import getFriends from '../../common/get-friends';
 import serialize from '../../serializers/post';
@@ -20,23 +20,19 @@ module.exports = (params, user, app) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	// Get 'since_id' parameter
+	const [sinceId, sinceIdErr] = it(params.since_id).expect.id().qed();
+	if (sinceIdErr) return rej('invalid since_id param');
 
-	const since = params.since_id || null;
-	const max = params.max_id || null;
+	// Get 'max_id' parameter
+	const [maxId, maxIdErr] = it(params.max_id).expect.id().qed();
+	if (maxIdErr) return rej('invalid max_id param');
 
 	// Check if both of since_id and max_id is specified
-	if (since !== null && max !== null) {
+	if (sinceId !== null && maxId !== null) {
 		return rej('cannot set since_id and max_id');
 	}
 
@@ -51,15 +47,15 @@ module.exports = (params, user, app) =>
 		user_id: {
 			$in: followingIds
 		}
-	};
-	if (since !== null) {
+	} as any;
+	if (sinceId) {
 		sort._id = 1;
 		query._id = {
-			$gt: new mongo.ObjectID(since)
+			$gt: sinceId
 		};
-	} else if (max !== null) {
+	} else if (maxId) {
 		query._id = {
-			$lt: new mongo.ObjectID(max)
+			$lt: maxId
 		};
 	}