fix: added validation on userID

fixes #132
roman-ojha · Jul 12, 2022 · 66b389e · 66b389e · roman-ojha · Jul 12, 2022
1 parent 921f243
commit 66b389e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/controllers/setting.controller.ts b/controllers/setting.controller.ts
@@ -7,6 +7,7 @@ import updateRedisUser from "../funcs/updateRedisUser.js";
 import uploadPost from "../funcs/uploadPost.js";
 import makeStandardUserID from "../funcs/makeStandardUserID.js";
 import PasswordValidator from "password-validator";
+import validator from "validator";
 
 export default {
   changeProfilePicture: async (
@@ -95,6 +96,12 @@ export default {
           msg: "Please Fill the userID Field",
         });
       }
+      if (!validator.matches(newUserID, "^[a-zA-Z0-9_.-]*$")) {
+        return res.status(400).json(<ResponseObject>{
+          success: false,
+          msg: "Try to avoid special symbols, not a valid userID",
+        });
+      }
       const userIDAlreadyExist = await userDetail.findOne(
         {
           userID: newUserID,

diff --git a/controllers/storage.controller.ts b/controllers/storage.controller.ts
@@ -12,6 +12,7 @@ import uploadPost from "../funcs/uploadPost.js";
 import setRedisUserData from "../funcs/setRedisUserData.js";
 const bucket = storage.bucket();
 import makeStandardUserID from "../funcs/makeStandardUserID.js";
+import validator from "validator";
 
 export default {
   post: async (req: Request, res: Response): Promise<object> => {
@@ -157,6 +158,12 @@ export default {
           .status(400)
           .json({ success: false, err: "Please fill the required field!!!" });
       }
+      if (!validator.matches(userID, "^[a-zA-Z0-9_.-]*$")) {
+        return res.status(400).json({
+          success: false,
+          err: "Try to avoid special symbols, not a valid userID",
+        });
+      }
       const userIDExist = await UserDetail.findOne(
         { userID: userID },
         { userID: 1, name: 1, email: 1 }

diff --git a/src/index.ts b/src/index.ts
@@ -14,11 +14,7 @@ import cors from "cors";
 import bodyParser from "body-parser";
 import { httpServer, app } from "../socket/io.js";
 import AuthAdmin from "../funcs/AuthAdmin.js";
-import {
-  connectRedis,
-  redisClient,
-} from "../middleware/auth/authUsingRedis.js";
-import validator from "validator";
+import { connectRedis } from "../middleware/auth/authUsingRedis.js";
 
 const PORT = process.env.PORT;
 
@@ -87,5 +83,3 @@ httpServer.listen(PORT, () => {
 
 // Admin SignIn
 AuthAdmin();
-// "^[a-zA-Z0-9_\.\-]*$"
-// validator.matches("roman", `^[a-zA-Z0-9_\.\-]*$`)