Skip to content

Commit

Permalink
fix(hermes): numeric param parsing, REST middleware running before pa…
Browse files Browse the repository at this point in the history
…ram validation (#491)
  • Loading branch information
kon14 committed Jan 20, 2023
1 parent a37d388 commit d0cff88
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 21 deletions.
4 changes: 2 additions & 2 deletions libraries/hermes/src/GraphQl/GraphQL.ts
Original file line number Diff line number Diff line change
Expand Up @@ -288,8 +288,8 @@ export class GraphQLController extends ConduitRouter {
},
parseLiteral(ast) {
if (ast.kind === Kind.INT || ast.kind === Kind.FLOAT) {
return ast.value;
} else if (ast.kind == Kind.STRING) {
return Number(ast.value);
} else if (ast.kind === Kind.STRING) {
if (Number.isInteger(ast.value)) {
return Number.parseInt(ast.value);
} else if (!Number.isNaN(ast.value)) {
Expand Down
20 changes: 11 additions & 9 deletions libraries/hermes/src/Rest/Rest.ts
Original file line number Diff line number Diff line change
Expand Up @@ -144,22 +144,24 @@ export class RestController extends ConduitRouter {
constructHandler(route: ConduitRoute): (req: Request, res: Response) => void {
const self = this;
return (req, res) => {
const context = extractRequestData(req);
const context = { ...extractRequestData(req), params: {} };
let hashKey: string;
const { caching, cacheAge, scope } = extractCaching(
route,
req.headers['cache-control'],
);
if (route.input.bodyParams)
validateParams(context.bodyParams, route.input.bodyParams);
if (route.input.queryParams)
validateParams(context.queryParams, route.input.queryParams);
if (route.input.urlParams) validateParams(context.urlParams, route.input.urlParams);
context.params = {
...context.bodyParams,
...context.queryParams,
...context.urlParams,
};
self
.checkMiddlewares(context, route.input.middlewares)
.then(r => {
validateParams(context.params, {
...route.input.bodyParams,
...route.input.queryParams,
...route.input.urlParams,
});
return r;
})
.then(r => {
Object.assign(context.context, r);
if (route.input.action !== ConduitRouteActions.GET) {
Expand Down
16 changes: 6 additions & 10 deletions libraries/hermes/src/Rest/util.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ type ConduitRequest = Request & { conduit?: Indexable };

export function extractRequestData(req: ConduitRequest) {
const context = req.conduit || {};
const params: any = {};
const urlParams: any = {};
const queryParams: any = {};
const bodyParams: any = {};
Expand All @@ -25,29 +24,26 @@ export function extractRequestData(req: ConduitRequest) {
newObj[k] = req.query[k];
}
});
Object.assign(params, newObj);
Object.assign(queryParams, newObj);
}

if (req.body) {
Object.assign(params, req.body);
Object.assign(bodyParams, req.body);
}

if (req.params) {
Object.assign(params, req.params);
Object.assign(urlParams, req.params);
}

if (params.populate) {
if (params.populate.includes(',')) {
params.populate = params.populate.split(',');
} else if (!Array.isArray(params.populate)) {
params.populate = [params.populate];
if (queryParams.populate) {
if (queryParams.populate.includes(',')) {
queryParams.populate = queryParams.populate.split(',');
} else if (!Array.isArray(queryParams.populate)) {
queryParams.populate = [queryParams.populate];
}
}
const path = req.baseUrl + req.path;
return { context, params, headers, cookies, path, urlParams, queryParams, bodyParams };
return { context, headers, cookies, path, urlParams, queryParams, bodyParams };
}

export function validateParams(params: Params, routeDefinedParams: Params) {
Expand Down

0 comments on commit d0cff88

Please sign in to comment.