gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chore(api): migrate from express-validator 5 to 6 (#40363)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2020-12-03 16:47:38 +01:00
committed by GitHub
parent c75b28faf2
commit 4f4bbfbb6c
9 changed files with 51 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api-server/package-lock.json generated
View File

@ -8669,18 +8669,18 @@
} }
}, },
"express-validator": { "express-validator": {
"version": "5.3.1", "version": "6.7.0",
"resolved": "https://registry.npmjs.org/express-validator/-/express-validator-5.3.1.tgz", "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.7.0.tgz",
"integrity": "sha512-g8xkipBF6VxHbO1+ksC7nxUU7+pWif0+OZXjZTybKJ/V0aTVhuCoHbyhIPgSYVldwQLocGExPtB2pE0DqK4jsw==", "integrity": "sha512-sLnTFlyKEvesC2Fyn1TY4Q05cWCZHQQ1ijQOVbBG7hFeTKt4CNzttoF4t6CqrYroKa+2DOzj0E09odPIYDTbRg==",
"requires": { "requires": {
"lodash": "^4.17.10", "lodash": "^4.17.20",
"validator": "^10.4.0" "validator": "^13.1.1"
}, },
"dependencies": { "dependencies": {
"validator": { "validator": {
"version": "10.10.0", "version": "13.5.1",
"resolved": "https://registry.npmjs.org/validator/-/validator-10.10.0.tgz", "resolved": "https://registry.npmjs.org/validator/-/validator-13.5.1.tgz",
"integrity": "sha512-DyZyLJlMXM3CGdVaVHE/EDzCagMRoPI3mmGdxxNQbqkGqh56+M3d1i0ZAWd69En8U21DHbPTn12aOdhO+hfm5w==" "integrity": "sha512-s+7LW1Xi0OzPNfGN7Hb2vk0YB/epp9KFHHGC5JtqZOE1dUkN4ULPFZAQ1inCu7ceAsWmOJu6sn9cnwm3R+ghWQ=="
} }
} }
}, },

2
api-server/package.json
View File

@ -31,7 +31,7 @@
"dotenv": "^6.2.0", "dotenv": "^6.2.0",
"express-flash": "~0.0.2", "express-flash": "~0.0.2",
"express-session": "^1.17.1", "express-session": "^1.17.1",
"express-validator": "^5.3.1", "express-validator": "^6.7.0",
"googleapis": "^42.0.0", "googleapis": "^42.0.0",
"helmet": "^3.23.3", "helmet": "^3.23.3",
"helmet-csp": "^2.10.0", "helmet-csp": "^2.10.0",

2
api-server/server/boot/authentication.js
View File

@ -1,6 +1,6 @@
import passport from 'passport'; import passport from 'passport';
import dedent from 'dedent'; import dedent from 'dedent';
import { check } from 'express-validator/check'; import { check } from 'express-validator';
import { isEmail } from 'validator'; import { isEmail } from 'validator';
import jwt from 'jsonwebtoken'; import jwt from 'jsonwebtoken';

2
api-server/server/boot/settings.js
View File

@ -1,5 +1,5 @@
import debug from 'debug'; import debug from 'debug';
import { check } from 'express-validator/check'; import { check } from 'express-validator';
import { ifNoUser401, createValidatorErrorHandler } from '../utils/middleware'; import { ifNoUser401, createValidatorErrorHandler } from '../utils/middleware';
import { themes } from '../../common/utils/themes.js'; import { themes } from '../../common/utils/themes.js';

12
api-server/server/boot/user.js
View File

@ -2,6 +2,7 @@ import dedent from 'dedent';
import debugFactory from 'debug'; import debugFactory from 'debug';
import { pick } from 'lodash'; import { pick } from 'lodash';
import { Observable } from 'rx'; import { Observable } from 'rx';
import { body } from 'express-validator';
import { homeLocation } from '../../../config/env'; import { homeLocation } from '../../../config/env';
import { import {
@ -12,6 +13,7 @@ import {
import { fixCompletedChallengeItem } from '../../common/utils'; import { fixCompletedChallengeItem } from '../../common/utils';
import { ifNoUser401, ifNoUserRedirectTo } from '../utils/middleware'; import { ifNoUser401, ifNoUserRedirectTo } from '../utils/middleware';
import { removeCookies } from '../utils/getSetAccessToken'; import { removeCookies } from '../utils/getSetAccessToken';
import { trimTags } from '../utils/validators';
const log = debugFactory('fcc:boot:user'); const log = debugFactory('fcc:boot:user');
const sendNonUserToHome = ifNoUserRedirectTo(homeLocation); const sendNonUserToHome = ifNoUserRedirectTo(homeLocation);
@ -29,7 +31,12 @@ function bootUser(app) {
api.post('/account/delete', ifNoUser401, postDeleteAccount); api.post('/account/delete', ifNoUser401, postDeleteAccount);
api.post('/account/reset-progress', ifNoUser401, postResetProgress); api.post('/account/reset-progress', ifNoUser401, postResetProgress);
api.post('/user/report-user/', ifNoUser401, postReportUserProfile); api.post(
'/user/report-user/',
ifNoUser401,
body('reportDescription').customSanitizer(trimTags),
postReportUserProfile
);
app.use(api); app.use(api);
} }
@ -201,8 +208,7 @@ function createPostReportUserProfile(app) {
const { Email } = app.models; const { Email } = app.models;
return function postReportUserProfile(req, res, next) { return function postReportUserProfile(req, res, next) {
const { user } = req; const { user } = req;
const { username } = req.body; const { username, reportDescription: report } = req.body;
const report = req.sanitize('reportDescription').trimTags();
log(username); log(username);
log(report); log(report);

3
api-server/server/middleware.json
View File

@ -41,9 +41,6 @@
}, },
"method-override": {} "method-override": {}
}, },
"parse:after": {
"./middlewares/validator": {}
},
"routes:before": { "routes:before": {
"helmet#xssFilter": {}, "helmet#xssFilter": {},
"helmet#noSniff": {}, "helmet#noSniff": {},

63
api-server/server/middlewares/validator.js
View File

@ -1,63 +0,0 @@
import validator from 'express-validator';
import { isPoly } from '../../../utils/polyvinyl';
const isObject = val => !!val && typeof val === 'object';
export default function() {
return validator({
customValidators: {
matchRegex(param, regex) {
return regex.test(param);
},
isString(value) {
return typeof value === 'string';
},
isNumber(value) {
return typeof value === 'number';
},
isFiles(value) {
if (!isObject(value)) {
return false;
}
const keys = Object.keys(value);
return (
!!keys.length &&
// every key is a file
keys.every(key => isObject(value[key])) &&
// every file has contents
keys.map(key => value[key]).every(file => isPoly(file))
);
}
},
customSanitizers: {
// Refer : http://stackoverflow.com/a/430240/1932901
trimTags(value) {
const tagBody = '(?:[^"\'>]|"[^"]*"|\'[^\']*\')*';
const tagOrComment = new RegExp(
'<(?:' +
// Comment body.
'!--(?:(?:-*[^->])*--+|-?)' +
// Special "raw text" elements whose content should be elided.
'|script\\b' +
tagBody +
'>[\\s\\S]*?</script\\s*' +
'|style\\b' +
tagBody +
'>[\\s\\S]*?</style\\s*' +
// Regular name
'|/?[a-z]' +
tagBody +
')>',
'gi'
);
let rawValue;
do {
rawValue = value;
value = value.replace(tagOrComment, '');
} while (value !== rawValue);
return value.replace(/</g, '&lt;');
}
}
});
}

2
api-server/server/utils/middleware.js
View File

@ -1,5 +1,5 @@
import dedent from 'dedent'; import dedent from 'dedent';
import { validationResult } from 'express-validator/check'; import { validationResult } from 'express-validator';
import { createValidatorErrorFormatter } from './create-handled-error.js'; import { createValidatorErrorFormatter } from './create-handled-error.js';
import { homeLocation } from '../../../config/env'; import { homeLocation } from '../../../config/env';

30
api-server/server/utils/validators.js Normal file
View File

@ -0,0 +1,30 @@
// Refer : http://stackoverflow.com/a/430240/1932901
function trimTags(value) {
const tagBody = '(?:[^"\'>]|"[^"]*"|\'[^\']*\')*';
const tagOrComment = new RegExp(
'<(?:' +
// Comment body.
'!--(?:(?:-*[^->])*--+|-?)' +
// Special "raw text" elements whose content should be elided.
'|script\\b' +
tagBody +
'>[\\s\\S]*?</script\\s*' +
'|style\\b' +
tagBody +
'>[\\s\\S]*?</style\\s*' +
// Regular name
'|/?[a-z]' +
tagBody +
')>',
'gi'
);
let rawValue;
do {
rawValue = value;
value = value.replace(tagOrComment, '');
} while (value !== rawValue);
return value.replace(/</g, '&lt;');
}
export { trimTags };