いい感じにした

author: syuilo <syuilotan@yahoo.co.jp> 2017-02-13 01:49:17 +0900
committer: syuilo <syuilotan@yahoo.co.jp> 2017-02-13 01:49:17 +0900
commit: 15fff9622429e4c061a26e8d73c8eaf3e0375c0a (patch)
tree: 9433639396f0582f5b6ee4cc9b0888fd6f057079 /src/api
parent: [Test] Add some tests (diff)
download: sharkey-15fff9622429e4c061a26e8d73c8eaf3e0375c0a.tar.gz
sharkey-15fff9622429e4c061a26e8d73c8eaf3e0375c0a.tar.bz2
sharkey-15fff9622429e4c061a26e8d73c8eaf3e0375c0a.zip
7 files changed, 30 insertions, 21 deletions
diff --git a/src/api/endpoints/drive/files.js b/src/api/endpoints/drive/files.js
index 5399461a37..7df8b81eac 100644
--- a/src/api/endpoints/drive/files.js
+++ b/src/api/endpoints/drive/files.js
@@ -41,7 +41,7 @@ module.exports = (params, user, app) =>
 
 	// Get 'folder_id' parameter
 	let folder = params.folder_id;
-	if (folder === undefined || folder === null || folder === 'null') {
+	if (folder === undefined || folder === null) {
 		folder = null;
 	} else {
 		folder = new mongo.ObjectID(folder);
diff --git a/src/api/endpoints/drive/files/create.js b/src/api/endpoints/drive/files/create.js
index 9f34a551d1..a04cd5dde4 100644
--- a/src/api/endpoints/drive/files/create.js
+++ b/src/api/endpoints/drive/files/create.js
@@ -46,7 +46,7 @@ module.exports = (file, params, user) =>
 
 	// Get 'folder_id' parameter
 	let folder = params.folder_id;
-	if (folder === undefined || folder === null || folder === 'null') {
+	if (folder === undefined || folder === null) {
 		folder = null;
 	} else {
 		folder = new mongo.ObjectID(folder);
diff --git a/src/api/endpoints/drive/files/find.js b/src/api/endpoints/drive/files/find.js
index a0a0e0b417..26c45c564b 100644
--- a/src/api/endpoints/drive/files/find.js
+++ b/src/api/endpoints/drive/files/find.js
@@ -25,7 +25,7 @@ module.exports = (params, user) =>
 
 	// Get 'folder_id' parameter
 	let folder = params.folder_id;
-	if (folder === undefined || folder === null || folder === 'null') {
+	if (folder === undefined || folder === null) {
 		folder = null;
 	} else {
 		folder = new mongo.ObjectID(folder);
diff --git a/src/api/endpoints/drive/files/update.js b/src/api/endpoints/drive/files/update.js
index 74ff012ecb..5af2b8e6da 100644
--- a/src/api/endpoints/drive/files/update.js
+++ b/src/api/endpoints/drive/files/update.js
@@ -58,16 +58,18 @@ module.exports = (params, user) =>
 
 	// Get 'folder_id' parameter
 	let folderId = params.folder_id;
-	if (folderId !== undefined && folderId !== 'null') {
-		folderId = new mongo.ObjectID(folderId);
-	}
-
-	let folder = null;
-	if (folderId !== undefined && folderId !== null) {
-		if (folderId === 'null') {
+	if (folderId !== undefined) {
+		if (folderId === null) {
 			file.folder_id = null;
 		} else {
-			folder = await DriveFolder
+			// Validate id
+			if (!mongo.ObjectID.isValid(folderId)) {
+				return rej('incorrect folder_id');
+			}
+
+			folderId = new mongo.ObjectID(folderId);
+
+			const folder = await DriveFolder
 				.findOne({
 					_id: folderId,
 					user_id: user._id
diff --git a/src/api/endpoints/drive/folders.js b/src/api/endpoints/drive/folders.js
index f233de25a1..672ae21789 100644
--- a/src/api/endpoints/drive/folders.js
+++ b/src/api/endpoints/drive/folders.js
@@ -41,7 +41,7 @@ module.exports = (params, user, app) =>
 
 	// Get 'folder_id' parameter
 	let folder = params.folder_id;
-	if (folder === undefined || folder === null || folder === 'null') {
+	if (folder === undefined || folder === null) {
 		folder = null;
 	} else {
 		folder = new mongo.ObjectID(folder);
diff --git a/src/api/endpoints/drive/folders/find.js b/src/api/endpoints/drive/folders/find.js
index 9a2faf6d82..be05427f57 100644
--- a/src/api/endpoints/drive/folders/find.js
+++ b/src/api/endpoints/drive/folders/find.js
@@ -25,7 +25,7 @@ module.exports = (params, user) =>
 
 	// Get 'parent_id' parameter
 	let parentId = params.parent_id;
-	if (parentId === undefined || parentId === null || parentId === 'null') {
+	if (parentId === undefined || parentId === null) {
 		parentId = null;
 	} else {
 		parentId = new mongo.ObjectID(parentId);
diff --git a/src/api/endpoints/drive/folders/update.js b/src/api/endpoints/drive/folders/update.js
index d04173158d..475cd205df 100644
--- a/src/api/endpoints/drive/folders/update.js
+++ b/src/api/endpoints/drive/folders/update.js
@@ -25,6 +25,11 @@ module.exports = (params, user) =>
 		return rej('folder_id is required');
 	}
 
+	// Validate id
+	if (!mongo.ObjectID.isValid(folderId)) {
+		return rej('incorrect folder_id');
+	}
+
 	// Fetch folder
 	const folder = await DriveFolder
 		.findOne({
@@ -49,17 +54,19 @@ module.exports = (params, user) =>
 
 	// Get 'parent_id' parameter
 	let parentId = params.parent_id;
-	if (parentId !== undefined && parentId !== 'null') {
-		parentId = new mongo.ObjectID(parentId);
-	}
-
-	let parent = null;
-	if (parentId !== undefined && parentId !== null) {
-		if (parentId === 'null') {
+	if (parentId !== undefined) {
+		if (parentId === null) {
 			folder.parent_id = null;
 		} else {
+			// Validate id
+			if (!mongo.ObjectID.isValid(parentId)) {
+				return rej('incorrect parent_id');
+			}
+
+			parentId = new mongo.ObjectID(parentId);
+
 			// Get parent folder
-			parent = await DriveFolder
+			const parent = await DriveFolder
 				.findOne({
 					_id: parentId,
 					user_id: user._id
author	syuilo <syuilotan@yahoo.co.jp>	2017-02-13 01:49:17 +0900
committer	syuilo <syuilotan@yahoo.co.jp>	2017-02-13 01:49:17 +0900
commit	15fff9622429e4c061a26e8d73c8eaf3e0375c0a (patch)
tree	9433639396f0582f5b6ee4cc9b0888fd6f057079 /src/api
parent	[Test] Add some tests (diff)
download	sharkey-15fff9622429e4c061a26e8d73c8eaf3e0375c0a.tar.gz sharkey-15fff9622429e4c061a26e8d73c8eaf3e0375c0a.tar.bz2 sharkey-15fff9622429e4c061a26e8d73c8eaf3e0375c0a.zip