wip

author: syuilo <syuilotan@yahoo.co.jp> 2017-03-03 08:56:07 +0900
committer: syuilo <syuilotan@yahoo.co.jp> 2017-03-03 08:56:07 +0900
commit: dc45055f2ffcea2369f12d104999746220b22c90 (patch)
tree: d3ec8f4a03076fe804c906cd60656e197f3010f2 /src/api
parent: wip (diff)
download: sharkey-dc45055f2ffcea2369f12d104999746220b22c90.tar.gz
sharkey-dc45055f2ffcea2369f12d104999746220b22c90.tar.bz2
sharkey-dc45055f2ffcea2369f12d104999746220b22c90.zip
9 files changed, 101 insertions, 154 deletions
diff --git a/src/api/endpoints/i/appdata/get.js b/src/api/endpoints/i/appdata/get.ts
index 7f1bdf0713..7f1bdf0713 100644
--- a/src/api/endpoints/i/appdata/get.js
+++ b/src/api/endpoints/i/appdata/get.ts
diff --git a/src/api/endpoints/i/appdata/set.js b/src/api/endpoints/i/appdata/set.ts
index 57001f4e8b..57001f4e8b 100644
--- a/src/api/endpoints/i/appdata/set.js
+++ b/src/api/endpoints/i/appdata/set.ts
diff --git a/src/api/endpoints/i/authorized_apps.js b/src/api/endpoints/i/authorized_apps.ts
index 3c0cf75057..fb56a107e7 100644
--- a/src/api/endpoints/i/authorized_apps.js
+++ b/src/api/endpoints/i/authorized_apps.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import AccessToken from '../../models/access-token';
 import serialize from '../../serializers/app';
 
@@ -18,28 +18,16 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
-
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
 	// Get 'offset' parameter
-	let offset = params.offset;
-	if (offset !== undefined && offset !== null) {
-		offset = parseInt(offset, 10);
-	} else {
-		offset = 0;
-	}
+	const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed();
+	if (offsetErr) return rej('invalid offset param');
 
 	// Get 'sort' parameter
-	let sort = params.sort || 'desc';
+	const [sort, sortError] = it(params.sort).expect.string().or('desc asc').default('desc').qed();
+	if (sortError) return rej('invalid sort param');
 
 	// Get tokens
 	const tokens = await AccessToken
diff --git a/src/api/endpoints/i/favorites.js b/src/api/endpoints/i/favorites.ts
index 28e402e366..c04d318379 100644
--- a/src/api/endpoints/i/favorites.js
+++ b/src/api/endpoints/i/favorites.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Favorite from '../../models/favorite';
 import serialize from '../../serializers/post';
 
@@ -11,37 +11,26 @@ import serialize from '../../serializers/post';
  * Get followers of a user
  *
  * @param {any} params
+ * @param {any} user
  * @return {Promise<any>}
  */
-module.exports = (params) =>
+module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
-
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
 	// Get 'offset' parameter
-	let offset = params.offset;
-	if (offset !== undefined && offset !== null) {
-		offset = parseInt(offset, 10);
-	} else {
-		offset = 0;
-	}
+	const [offset, offsetErr] = it(params.offset).expect.number().min(0).default(0).qed();
+	if (offsetErr) return rej('invalid offset param');
 
 	// Get 'sort' parameter
-	let sort = params.sort || 'desc';
+	const [sort, sortError] = it(params.sort).expect.string().or('desc asc').default('desc').qed();
+	if (sortError) return rej('invalid sort param');
 
 	// Get favorites
-	const favorites = await Favorites
+	const favorites = await Favorite
 		.find({
 			user_id: user._id
 		}, {
diff --git a/src/api/endpoints/i/notifications.js b/src/api/endpoints/i/notifications.ts
index d5174439e2..21537ea799 100644
--- a/src/api/endpoints/i/notifications.js
+++ b/src/api/endpoints/i/notifications.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Notification from '../../models/notification';
 import serialize from '../../serializers/notification';
 import getFriends from '../../common/get-friends';
@@ -19,44 +19,38 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'following' parameter
-	const following = params.following;
+	const [following, followingError] =
+		it(params.following).expect.boolean().default(false).qed();
+	if (followingError) return rej('invalid following param');
 
 	// Get 'mark_as_read' parameter
-	let markAsRead = params.mark_as_read;
-	if (markAsRead == null) {
-		markAsRead = true;
-	}
+	const [markAsRead, markAsReadErr] = it(params.mark_as_read).expect.boolean().default(true).qed();
+	if (markAsReadErr) return rej('invalid mark_as_read param');
 
 	// Get 'type' parameter
-	let type = params.type;
-	if (type !== undefined && type !== null) {
-		type = type.split(',').map(x => x.trim());
-	}
+	const [type, typeErr] = it(params.type).expect.array().unique().allString().qed();
+	if (typeErr) return rej('invalid type param');
 
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	// Get 'since_id' parameter
+	const [sinceId, sinceIdErr] = it(params.since_id).expect.id().qed();
+	if (sinceIdErr) return rej('invalid since_id param');
 
-	const since = params.since_id || null;
-	const max = params.max_id || null;
+	// Get 'max_id' parameter
+	const [maxId, maxIdErr] = it(params.max_id).expect.id().qed();
+	if (maxIdErr) return rej('invalid max_id param');
 
 	// Check if both of since_id and max_id is specified
-	if (since !== null && max !== null) {
+	if (sinceId !== null && maxId !== null) {
 		return rej('cannot set since_id and max_id');
 	}
 
 	const query = {
 		notifiee_id: user._id
-	};
+	} as any;
 
 	const sort = {
 		_id: -1
@@ -77,14 +71,14 @@ module.exports = (params, user) =>
 		};
 	}
 
-	if (since !== null) {
+	if (sinceId) {
 		sort._id = 1;
 		query._id = {
-			$gt: new mongo.ObjectID(since)
+			$gt: sinceId
 		};
-	} else if (max !== null) {
+	} else if (maxId) {
 		query._id = {
-			$lt: new mongo.ObjectID(max)
+			$lt: maxId
 		};
 	}
 
diff --git a/src/api/endpoints/i/signin_history.js b/src/api/endpoints/i/signin_history.ts
index ede821e3cf..db36438bfe 100644
--- a/src/api/endpoints/i/signin_history.js
+++ b/src/api/endpoints/i/signin_history.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import Signin from '../../models/signin';
 import serialize from '../../serializers/signin';
 
@@ -18,42 +18,38 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'limit' parameter
-	let limit = params.limit;
-	if (limit !== undefined && limit !== null) {
-		limit = parseInt(limit, 10);
+	const [limit, limitErr] = it(params.limit).expect.number().range(1, 100).default(10).qed();
+	if (limitErr) return rej('invalid limit param');
 
-		// From 1 to 100
-		if (!(1 <= limit && limit <= 100)) {
-			return rej('invalid limit range');
-		}
-	} else {
-		limit = 10;
-	}
+	// Get 'since_id' parameter
+	const [sinceId, sinceIdErr] = it(params.since_id).expect.id().qed();
+	if (sinceIdErr) return rej('invalid since_id param');
 
-	const since = params.since_id || null;
-	const max = params.max_id || null;
+	// Get 'max_id' parameter
+	const [maxId, maxIdErr] = it(params.max_id).expect.id().qed();
+	if (maxIdErr) return rej('invalid max_id param');
 
 	// Check if both of since_id and max_id is specified
-	if (since !== null && max !== null) {
+	if (sinceId !== null && maxId !== null) {
 		return rej('cannot set since_id and max_id');
 	}
 
 	const query = {
 		user_id: user._id
-	};
+	} as any;
 
 	const sort = {
 		_id: -1
 	};
 
-	if (since !== null) {
+	if (sinceId) {
 		sort._id = 1;
 		query._id = {
-			$gt: new mongo.ObjectID(since)
+			$gt: sinceId
 		};
-	} else if (max !== null) {
+	} else if (maxId) {
 		query._id = {
-			$lt: new mongo.ObjectID(max)
+			$lt: maxId
 		};
 	}
 
diff --git a/src/api/endpoints/i/update.js b/src/api/endpoints/i/update.ts
index 4abb4fcb7b..1e46315ceb 100644
--- a/src/api/endpoints/i/update.js
+++ b/src/api/endpoints/i/update.ts
@@ -3,7 +3,7 @@
 /**
  * Module dependencies
  */
-import * as mongo from 'mongodb';
+import it from '../../it';
 import User from '../../models/user';
 import { isValidName, isValidBirthday } from '../../models/user';
 import serialize from '../../serializers/user';
@@ -23,18 +23,9 @@ module.exports = async (params, user, _, isSecure) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'name' parameter
-	const name = params.name;
-	if (name !== undefined && name !== null) {
-		if (typeof name != 'string') {
-			return rej('name must be a string');
-		}
-
-		if (!isValidName(name)) {
-			return rej('invalid name');
-		}
-
-		user.name = name;
-	}
+	const [name, nameErr] = it(params.name).expect.string().validate(isValidName).qed();
+	if (nameErr) return rej('invalid name param');
+	user.name = name;
 
 	// Get 'description' parameter
 	const description = params.description;
diff --git a/src/api/endpoints/posts/create.ts b/src/api/endpoints/posts/create.ts
index 686c3a67d0..3dc121305c 100644
--- a/src/api/endpoints/posts/create.ts
+++ b/src/api/endpoints/posts/create.ts
@@ -131,21 +131,18 @@ module.exports = (params, user, app) =>
 
 	let poll = null;
 	if (_poll !== null) {
-		const [pollChoices, pollChoicesErr] = it(params.poll, 'set', false, [
-			choices => {
-				const shouldReject = choices.some(choice => {
+		const [pollChoices, pollChoicesErr] =
+			it(params.poll).expect.array()
+				.unique()
+				.allString()
+				.range(1, 10)
+				.validate(choices => !choices.some(choice => {
 					if (typeof choice != 'string') return true;
 					if (choice.trim().length == 0) return true;
 					if (choice.trim().length > 50) return true;
 					return false;
-				});
-				return shouldReject ? new Error('invalid poll choices') : true;
-			},
-			// 選択肢がひとつならエラー
-			choices => choices.length == 1 ? new Error('poll choices must be ひとつ以上') : true,
-			// 選択肢が多すぎてもエラー
-			choices => choices.length > 10 ? new Error('many poll choices') : true,
-		]);
+				}))
+				.qed();
 		if (pollChoicesErr) return rej('invalid poll choices');
 
 		_poll.choices = pollChoices.map((choice, i) => ({
diff --git a/src/api/it.ts b/src/api/it.ts
index 039f879957..b08612c709 100644
--- a/src/api/it.ts
+++ b/src/api/it.ts
@@ -48,23 +48,27 @@ class QueryCore implements Query {
 	value: any;
 	error: Error;
 
-	constructor() {
-		this.value = null;
+	constructor(value: any) {
+		this.value = value;
 		this.error = null;
 	}
 
+	get isEmpty() {
+		return this.value === undefined || this.value === null;
+	}
+
 	/**
-	 * このインスタンスの値が null、またはエラーが存在しているなどして、処理をスキップするべきか否か
+	 * このインスタンスの値が空、またはエラーが存在しているなどして、処理をスキップするべきか否か
 	 */
 	get shouldSkip() {
-		return this.error !== null || this.value === null;
+		return this.error !== null || this.isEmpty;
 	}
 
 	/**
-	 * このインスタンスの値が undefined または　null の場合エラーにします
+	 * このインスタンスの値が空の場合エラーにします
 	 */
 	required() {
-		if (this.error === null && this.value === null) {
+		if (this.error === null && this.isEmpty) {
 			this.error = new Error('required');
 		}
 		return this;
@@ -74,7 +78,7 @@ class QueryCore implements Query {
 	 * このインスタンスの値が設定されていないときにデフォルトで設定する値を設定します
 	 */
 	default(value: any) {
-		if (this.value === null) {
+		if (this.isEmpty) {
 			this.value = value;
 		}
 		return this;
@@ -109,13 +113,9 @@ class BooleanQuery extends QueryCore {
 	error: Error;
 
 	constructor(value) {
-		super();
-		if (value === undefined || value === null) {
-			this.value = null;
-		} else if (typeof value != 'boolean') {
+		super(value);
+		if (!this.isEmpty && typeof value != 'boolean') {
 			this.error = new Error('must-be-a-boolean');
-		} else {
-			this.value = value;
 		}
 	}
 
@@ -155,13 +155,9 @@ class NumberQuery extends QueryCore {
 	error: Error;
 
 	constructor(value) {
-		super();
-		if (value === undefined || value === null) {
-			this.value = null;
-		} else if (!Number.isFinite(value)) {
+		super(value);
+		if (!this.isEmpty && !Number.isFinite(value)) {
 			this.error = new Error('must-be-a-number');
-		} else {
-			this.value = value;
 		}
 	}
 
@@ -238,13 +234,9 @@ class StringQuery extends QueryCore {
 	error: Error;
 
 	constructor(value) {
-		super();
-		if (value === undefined || value === null) {
-			this.value = null;
-		} else if (typeof value != 'string') {
+		super(value);
+		if (!this.isEmpty && typeof value != 'string') {
 			this.error = new Error('must-be-a-string');
-		} else {
-			this.value = value;
 		}
 	}
 
@@ -327,13 +319,9 @@ class ArrayQuery extends QueryCore {
 	error: Error;
 
 	constructor(value) {
-		super();
-		if (value === undefined || value === null) {
-			this.value = null;
-		} else if (!Array.isArray(value)) {
+		super(value);
+		if (!this.isEmpty && !Array.isArray(value)) {
 			this.error = new Error('must-be-an-array');
-		} else {
-			this.value = value;
 		}
 	}
 
@@ -362,6 +350,18 @@ class ArrayQuery extends QueryCore {
 	}
 
 	/**
+	 * このインスタンスの配列内の要素すべてが文字列であるか検証します
+	 * ひとつでも文字列以外の要素が存在する場合エラーにします
+	 */
+	allString() {
+		if (this.shouldSkip) return this;
+		if (this.value.some(x => typeof x != 'string')) {
+			this.error = new Error('dirty-array');
+		}
+		return this;
+	}
+
+	/**
 	 * このインスタンスの値が undefined または　null の場合エラーにします
 	 */
 	required() {
@@ -397,13 +397,9 @@ class IdQuery extends QueryCore {
 	error: Error;
 
 	constructor(value) {
-		super();
-		if (value === undefined || value === null) {
-			this.value = null;
-		} else if (typeof value != 'string' || !mongo.ObjectID.isValid(value)) {
+		super(value);
+		if (!this.isEmpty && (typeof value != 'string' || !mongo.ObjectID.isValid(value))) {
 			this.error = new Error('must-be-an-id');
-		} else {
-			this.value = new mongo.ObjectID(value);
 		}
 	}
 
@@ -443,13 +439,9 @@ class ObjectQuery extends QueryCore {
 	error: Error;
 
 	constructor(value) {
-		super();
-		if (value === undefined || value === null) {
-			this.value = null;
-		} else if (typeof value != 'object') {
+		super(value);
+		if (!this.isEmpty && typeof value != 'object') {
 			this.error = new Error('must-be-an-object');
-		} else {
-			this.value = value;
 		}
 	}
author	syuilo <syuilotan@yahoo.co.jp>	2017-03-03 08:56:07 +0900
committer	syuilo <syuilotan@yahoo.co.jp>	2017-03-03 08:56:07 +0900
commit	dc45055f2ffcea2369f12d104999746220b22c90 (patch)
tree	d3ec8f4a03076fe804c906cd60656e197f3010f2 /src/api
parent	wip (diff)
download	sharkey-dc45055f2ffcea2369f12d104999746220b22c90.tar.gz sharkey-dc45055f2ffcea2369f12d104999746220b22c90.tar.bz2 sharkey-dc45055f2ffcea2369f12d104999746220b22c90.zip