Adds reqParamChecker middleware

- Adds a utils method to check if a value is a number
- Adds a middleware to check if req params are valid integers
- Adds tests

Author: Raywire

server/middlewares/reqParamChecker.js

@@ -0,0 +1,44 @@
+const response = {
+  success: false,
+  message: 'Request params must be positive integers',
+};
+
+const responseTwo = {
+  success: false,
+  message: 'URL params must be greater than zero',
+};
+
+const checkParams = (req, res, next) => {
+  const { todoId, todoItemId } = req.params;
+
+  if (!Number.isInteger(Number(todoId))) {
+    return res.status(400).json(response);
+  }
+
+  if (todoItemId && !Number.isInteger(Number(todoItemId))) {
+    return res.status(400).json(response);
+  }
+
+  if (todoId < 1 || todoItemId < 1) {
+    return res.status(400).json(responseTwo);
+  }
+  return next();
+};
+
+const checkUserRouteParams = (req, res, next) => {
+  const { userId } = req.params;
+
+  if (!Number.isInteger(Number(userId))) {
+    return res.status(400).json(response);
+  }
+
+  if (userId < 1) {
+    return res.status(400).json(responseTwo);
+  }
+  return next();
+};
+
+module.exports = {
+  checkParams,
+  checkUserRouteParams,
+};

server/routes/todosRouter.js

@@ -5,6 +5,7 @@ const todoItemsController = require('../controllers').todoItems;
 const validator = require('../validators/validators');
 const checkOwner = require('../middlewares/checkOwner');
 const asyncHandler = require('../middlewares/asyncHandler');
+const { checkParams } = require('../middlewares/reqParamChecker');
 const { paginate } = require('../middlewares/pagination');
 
 function todosRoutes() {
@@ -13,7 +14,7 @@ function todosRoutes() {
   todosRouter.route('/todos')
     .post(celebrate({ body: validator.validateTodo }), asyncHandler(todosController.createTodo))
     .get(asyncHandler(todosController.list));
-  todosRouter.use('/todos/:todoId', asyncHandler(checkOwner.findTodo));
+  todosRouter.use('/todos/:todoId', checkParams, asyncHandler(checkOwner.findTodo));
   todosRouter.route('/todos/:todoId')
     .get(asyncHandler(todosController.retrieve))
     .put(celebrate({ body: validator.validateTodo }), asyncHandler(todosController.update))
@@ -22,6 +23,7 @@ function todosRoutes() {
     .post(celebrate({
       body: validator.validateTodoItem,
     }), asyncHandler(todoItemsController.createTodoItem));
+  todosRouter.use('/todos/:todoId/items/:todoItemId', checkParams);
   todosRouter.route('/todos/:todoId/items/:todoItemId')
     .put(celebrate({ body: validator.validateTodoItem }), asyncHandler(todoItemsController.update))
     .delete(asyncHandler(todoItemsController.destroy));

server/routes/usersRouter.js

@@ -3,10 +3,12 @@ const { celebrate } = require('celebrate');
 const usersController = require('../controllers').users;
 const validator = require('../validators/validators');
 const asyncHandler = require('../middlewares/asyncHandler');
+const { checkUserRouteParams } = require('../middlewares/reqParamChecker');
 
 function userRoutes() {
   const userRouter = express.Router();
 
+  userRouter.use('/users/:userId', checkUserRouteParams);
   userRouter.route('/users/:userId')
     .patch(celebrate({
       body: validator.validatePassword,

server/tests/unit/reqParamChecker.spec.js

@@ -0,0 +1,261 @@
+const chai = require('chai');
+
+const { expect } = chai;
+const sinonChai = require('sinon-chai');
+const sinon = require('sinon');
+const { mockReq, mockRes } = require('sinon-express-mock');
+const { checkParams, checkUserRouteParams } = require('../../middlewares/reqParamChecker');
+
+chai.use(sinonChai);
+
+describe('Request param checker', () => {
+  describe('checkParams', () => {
+    it('should return 400 if todoId is not a positive integer', (done) => {
+      const request = {
+        params: {
+          todoId: -2,
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return 400 if the todoId is a string', (done) => {
+      const request = {
+        params: {
+          todoId: 's',
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return 400 if the todoId is a float', (done) => {
+      const request = {
+        params: {
+          todoId: 1.1,
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    xit('should return 400 if the todoId is a .0 float', (done) => {
+      const request = {
+        params: {
+          todoId: 1.0,
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return 400 if the todoId is a string that is alphanumeric', (done) => {
+      const request = {
+        params: {
+          todoId: '4s',
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return 400 if the todoItemId is not a positive integer', (done) => {
+      const request = {
+        params: {
+          todoId: 1,
+          todoItemId: -2,
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return 400 if the todoItemId is a string', (done) => {
+      const request = {
+        params: {
+          todoId: 1,
+          todoItemId: 's',
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return 400 if the todoItemId is an alphanumeric string', (done) => {
+      const request = {
+        params: {
+          todoId: 1,
+          todoItemId: '4s',
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return 400 if the todoItemId is a float', (done) => {
+      const request = {
+        params: {
+          todoId: 1,
+          todoItemId: 2.3,
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    xit('should return 400 if the todoItemId is a .0 float', (done) => {
+      const request = {
+        params: {
+          todoId: 1,
+          todoItemId: 2.0,
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(res.status).to.have.been.calledWith(400);
+      done()
+    });
+
+    it('should return call next if all checks pass', (done) => {
+      const request = {
+        params: {
+          todoId: 1,
+          todoItemId: 4,
+        }
+      };
+      const req = mockReq(request);
+      const res = mockRes();
+      const next = sinon.spy();
+
+      checkParams(req, res, next);
+      expect(next.called).to.be.true;
+      done()
+    });
+
+    describe('checkParams for user', () => {
+      it('should return 400 if userId is not a positive integer', (done) => {
+        const request = {
+          params: {
+            userId: -2,
+          }
+        };
+        const req = mockReq(request);
+        const res = mockRes();
+        const next = sinon.spy();
+
+        checkUserRouteParams(req, res, next);
+        expect(res.status).to.have.been.calledWith(400);
+        done()
+      });
+
+      it('should return 400 if the userId is a string', (done) => {
+        const request = {
+          params: {
+            userId: 's',
+          }
+        };
+        const req = mockReq(request);
+        const res = mockRes();
+        const next = sinon.spy();
+
+        checkUserRouteParams(req, res, next);
+        expect(res.status).to.have.been.calledWith(400);
+        done()
+      });
+
+      it('should return 400 if the userId is a float', (done) => {
+        const request = {
+          params: {
+            userId: 1.1,
+          }
+        };
+        const req = mockReq(request);
+        const res = mockRes();
+        const next = sinon.spy();
+
+        checkUserRouteParams(req, res, next);
+        expect(res.status).to.have.been.calledWith(400);
+        done()
+      });
+
+      xit('should return 400 if the userId is a .0 float', (done) => {
+        const request = {
+          params: {
+            userId: 1.0,
+          }
+        };
+        const req = mockReq(request);
+        const res = mockRes();
+        const next = sinon.spy();
+
+        checkUserRouteParams(req, res, next);
+        expect(res.status).to.have.been.calledWith(400);
+        done()
+      });
+
+      it('should return 400 if the userId is a string that is alphanumeric', (done) => {
+        const request = {
+          params: {
+            userId: '4s',
+          }
+        };
+        const req = mockReq(request);
+        const res = mockRes();
+        const next = sinon.spy();
+
+        checkUserRouteParams(req, res, next);
+        expect(res.status).to.have.been.calledWith(400);
+        done()
+      });
+    })
+  });
+});

server/tests/unit/typeChecker.spec.js

@@ -0,0 +1,43 @@
+const chai = require('chai');
+
+const { expect } = chai;
+const sinonChai = require('sinon-chai');
+const { isNumber } = require('../../utils/typeChecker');
+
+chai.use(sinonChai);
+
+describe('typeChecker', () => {
+  describe('isNumber', () => {
+    it('should return true if value is a positive integer', (done) => {
+      expect(isNumber(4)).to.be.true;
+      expect(isNumber(434)).to.be.true;
+      done()
+    });
+
+    it('should return false if value is a negative integer', (done) => {
+      expect(isNumber(-4)).to.be.false;
+      done()
+    });
+
+    it('should return false if value is a float', (done) => {
+      expect(isNumber(4.1)).to.be.false;
+      expect(isNumber(4.9)).to.be.false;
+      done()
+    });
+
+    xit('should return false if value is a .0 float', (done) => {
+      expect(isNumber(4.0)).to.be.false;
+      done()
+    });
+
+    it('should return true if value is a string of a valid number', (done) => {
+      expect(isNumber('4')).to.be.true;
+      done()
+    });
+
+    it('should return false if value is a string of a valid number', (done) => {
+      expect(isNumber('4s')).to.be.false;
+      done()
+    });
+  });
+});

server/utils/typeChecker.js

@@ -0,0 +1,5 @@
+const isNumber = (value) => /^\d+$/.test(value);
+
+module.exports = {
+  isNumber,
+};