Halaman utama Jelajahi Bantuan
Masuk
Vieraw
/
Kutt
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: 29fea8b43b
Ranting Tag
Kutt
/
server
/
controllers
/
validateBodyController.js

validateBodyController.js 4.2 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. const axios = require('axios');
    2. 

  2. const urlRegex = require('url-regex');
    3. 

  3. const validator = require('express-validator/check');
    4. 

  4. const { subHours } = require('date-fns/');
    5. 

  5. const { validationResult } = require('express-validator/check');
    6. 

  6. const { addCooldown, banUser, getCooldowns } = require('../db/user');
    7. 

  7. const config = require('../config');
    8. 

  8. 

  9. exports.validationCriterias = [
    10. 

  10.   validator
    11. 

  11.     .body('email')
    12. 

  12.     .exists()
    13. 

  13.     .withMessage('Email must be provided.')
    14. 

  14.     .isEmail()
    15. 

  15.     .withMessage('Email is not valid.')
    16. 

  16.     .trim()
    17. 

  17.     .normalizeEmail(),
    18. 

  18.   validator
    19. 

  19.     .body('password', 'Password must be at least 8 chars long.')
    20. 

  20.     .exists()
    21. 

  21.     .withMessage('Password must be provided.')
    22. 

  22.     .isLength({ min: 8 }),
    23. 

  23. ];
    24. 

  24. 

  25. exports.validateBody = (req, res, next) => {
    26. 

  26.   const errors = validationResult(req);
    27. 

  27.   if (!errors.isEmpty()) {
    28. 

  28.     const errorsObj = errors.mapped();
    29. 

  29.     const emailError = errorsObj.email && errorsObj.email.msg;
    30. 

  30.     const passwordError = errorsObj.password && errorsObj.password.msg;
    31. 

  31.     return res.status(400).json({ error: emailError || passwordError });
    32. 

  32.   }
    33. 

  33.   return next();
    34. 

  34. };
    35. 

  35. 

  36. const preservedUrls = [
    37. 

  37.   'login',
    38. 

  38.   'logout',
    39. 

  39.   'signup',
    40. 

  40.   'reset-password',
    41. 

  41.   'resetpassword',
    42. 

  42.   'url-password',
    43. 

  43.   'url-info',
    44. 

  44.   'settings',
    45. 

  45.   'stats',
    46. 

  46.   'verify',
    47. 

  47.   'api',
    48. 

  48.   '404',
    49. 

  49.   'static',
    50. 

  50.   'images',
    51. 

  51.   'banned',
    52. 

  52.   'terms',
    53. 

  53.   'privacy',
    54. 

  54.   'report',
    55. 

  55. ];
    56. 

  56. 

  57. exports.preservedUrls = preservedUrls;
    58. 

  58. 

  59. exports.validateUrl = async ({ body, user }, res, next) => {
    60. 

  60.   // Validate URL existence
    61. 

  61.   if (!body.target) return res.status(400).json({ error: 'No target has been provided.' });
    62. 

  62. 

  63.   // validate URL length
    64. 

  64.   if (body.target.length > 3000) {
    65. 

  65.     return res.status(400).json({ error: 'Maximum URL length is 3000.' });
    66. 

  66.   }
    67. 

  67. 

  68.   // Validate URL
    69. 

  69.   const isValidUrl = urlRegex({ exact: true, strict: false }).test(body.target);
    70. 

  70.   if (!isValidUrl) return res.status(400).json({ error: 'URL is not valid.' });
    71. 

  71. 

  72.   // Validate password length
    73. 

  73.   if (body.password && body.password.length > 64) {
    74. 

  74.     return res.status(400).json({ error: 'Maximum password length is 64.' });
    75. 

  75.   }
    76. 

  76. 

  77.   // Custom URL validations
    78. 

  78.   if (user && body.customurl) {
    79. 

  79.     // Validate custom URL
    80. 

  80.     if (!/^[a-zA-Z0-9-_]+$/g.test(body.customurl.trim())) {
    81. 

  81.       return res.status(400).json({ error: 'Custom URL is not valid.' });
    82. 

  82.     }
    83. 

  83. 

  84.     // Prevent from using preserved URLs
    85. 

  85.     if (preservedUrls.some(url => url === body.customurl)) {
    86. 

  86.       return res.status(400).json({ error: "You can't use this custom URL name." });
    87. 

  87.     }
    88. 

  88. 

  89.     // Validate custom URL length
    90. 

  90.     if (body.customurl.length > 64) {
    91. 

  91.       return res.status(400).json({ error: 'Maximum custom URL length is 64.' });
    92. 

  92.     }
    93. 

  93.   }
    94. 

  94. 

  95.   return next();
    96. 

  96. };
    97. 

  97. 

  98. exports.cooldownCheck = async ({ user }, res, next) => {
    99. 

  99.   if (user) {
    100. 

  100.     const { cooldowns } = await getCooldowns(user);
    101. 

  101.     if (cooldowns.length > 4) {
    102. 

  102.       await banUser(user);
    103. 

  103.       return res.status(400).json({ error: 'Too much malware requests. You are now banned.' });
    104. 

  104.     }
    105. 

  105.     const hasCooldownNow = cooldowns.some(cooldown => cooldown > subHours(new Date(), 12).toJSON());
    106. 

  106.     if (hasCooldownNow) {
    107. 

  107.       return res.status(400).json({ error: 'Cooldown because of a malware URL. Wait 12h' });
    108. 

  108.     }
    109. 

  109.   }
    110. 

  110.   return next();
    111. 

  111. };
    112. 

  112. 

  113. exports.malwareCheck = async ({ body, user }, res, next) => {
    114. 

  114.   const isMalware = await axios.post(
    115. 

  115.     `https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${
    116. 

  116.       config.GOOGLE_SAFE_BROWSING_KEY
    117. 

  117.     }`,
    118. 

  118.     {
    119. 

  119.       client: {
    120. 

  120.         clientId: config.DEFAULT_DOMAIN.toLowerCase().replace('.', ''),
    121. 

  121.         clientVersion: '1.0.0',
    122. 

  122.       },
    123. 

  123.       threatInfo: {
    124. 

  124.         threatTypes: [
    125. 

  125.           'THREAT_TYPE_UNSPECIFIED',
    126. 

  126.           'MALWARE',
    127. 

  127.           'SOCIAL_ENGINEERING',
    128. 

  128.           'UNWANTED_SOFTWARE',
    129. 

  129.           'POTENTIALLY_HARMFUL_APPLICATION',
    130. 

  130.         ],
    131. 

  131.         platformTypes: ['ANY_PLATFORM', 'PLATFORM_TYPE_UNSPECIFIED'],
    132. 

  132.         threatEntryTypes: ['EXECUTABLE', 'URL', 'THREAT_ENTRY_TYPE_UNSPECIFIED'],
    133. 

  133.         threatEntries: [{ url: body.target }],
    134. 

  134.       },
    135. 

  135.     }
    136. 

  136.   );
    137. 

  137.   if (isMalware.data && isMalware.data.matches) {
    138. 

  138.     if (user) {
    139. 

  139.       await addCooldown(user);
    140. 

  140.     }
    141. 

  141.     return res
    142. 

  142.       .status(400)
    143. 

  143.       .json({ error: user ? 'Malware detected! Cooldown for 12h.' : 'Malware detected!' });
    144. 

  144.   }
    145. 

  145.   return next();
    146. 

  146. };
    147.