Home Esplora Aiuto
Accedi
Vieraw
/
Kutt
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): bfd2381ab3
Rami (Branch) Tag
Kutt
/
server
/
controllers
/
validateBodyController.js

validateBodyController.js 3.1 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. const axios = require('axios');
    2. 

  2. const urlRegex = require('url-regex');
    3. 

  3. const validator = require('express-validator/check');
    4. 

  4. const { validationResult } = require('express-validator/check');
    5. 

  5. const config = require('../config');
    6. 

  6. 

  7. exports.validationCriterias = [
    8. 

  8.   validator
    9. 

  9.     .body('email')
    10. 

  10.     .exists()
    11. 

  11.     .withMessage('Email must be provided.')
    12. 

  12.     .isEmail()
    13. 

  13.     .withMessage('Email is not valid.')
    14. 

  14.     .trim()
    15. 

  15.     .normalizeEmail(),
    16. 

  16.   validator
    17. 

  17.     .body('password', 'Password must be at least 8 chars long.')
    18. 

  18.     .exists()
    19. 

  19.     .withMessage('Password must be provided.')
    20. 

  20.     .isLength({ min: 8 }),
    21. 

  21. ];
    22. 

  22. 

  23. exports.validateBody = (req, res, next) => {
    24. 

  24.   const errors = validationResult(req);
    25. 

  25.   if (!errors.isEmpty()) {
    26. 

  26.     const errorsObj = errors.mapped();
    27. 

  27.     const emailError = errorsObj.email && errorsObj.email.msg;
    28. 

  28.     const passwordError = errorsObj.password && errorsObj.password.msg;
    29. 

  29.     return res.status(400).json({ error: emailError || passwordError });
    30. 

  30.   }
    31. 

  31.   return next();
    32. 

  32. };
    33. 

  33. 

  34. const preservedUrls = [
    35. 

  35.   'login',
    36. 

  36.   'logout',
    37. 

  37.   'signup',
    38. 

  38.   'reset-password',
    39. 

  39.   'resetpassword',
    40. 

  40.   'url-password',
    41. 

  41.   'settings',
    42. 

  42.   'stats',
    43. 

  43.   'verify',
    44. 

  44.   'api',
    45. 

  45.   '404',
    46. 

  46.   'static',
    47. 

  47.   'images',
    48. 

  48. ];
    49. 

  49. 

  50. exports.preservedUrls = preservedUrls;
    51. 

  51. 

  52. exports.validateUrl = async ({ body, user }, res, next) => {
    53. 

  53.   // Validate URL existence
    54. 

  54.   if (!body.target) return res.status(400).json({ error: 'No target has been provided.' });
    55. 

  55. 

  56.   // validate URL length
    57. 

  57.   if (body.target.length > 1024) {
    58. 

  58.     return res.status(400).json({ error: 'Maximum URL length is 1024.' });
    59. 

  59.   }
    60. 

  60. 

  61.   // Validate URL
    62. 

  62.   const isValidUrl = urlRegex({ exact: true, strict: false }).test(body.target);
    63. 

  63.   if (!isValidUrl) return res.status(400).json({ error: 'URL is not valid.' });
    64. 

  64. 

  65.   // Validate password length
    66. 

  66.   if (body.password && body.password.length > 64) {
    67. 

  67.     return res.status(400).json({ error: 'Maximum password length is 64.' });
    68. 

  68.   }
    69. 

  69. 

  70.   // Custom URL validations
    71. 

  71.   if (user && body.customurl) {
    72. 

  72.     // Validate custom URL
    73. 

  73.     if (!/^[a-zA-Z1-9-_]+$/g.test(body.customurl.trim())) {
    74. 

  74.       return res.status(400).json({ error: 'Custom URL is not valid.' });
    75. 

  75.     }
    76. 

  76. 

  77.     // Prevent from using preserved URLs
    78. 

  78.     if (preservedUrls.some(url => url === body.customurl)) {
    79. 

  79.       return res.status(400).json({ error: "You can't use this custom URL name." });
    80. 

  80.     }
    81. 

  81. 

  82.     // Validate custom URL length
    83. 

  83.     if (body.customurl.length > 64) {
    84. 

  84.       return res.status(400).json({ error: 'Maximum custom URL length is 64.' });
    85. 

  85.     }
    86. 

  86.   }
    87. 

  87. 

  88.   return next();
    89. 

  89. };
    90. 

  90. 

  91. exports.malwareCheck = async ({ body }, res, next) => {
    92. 

  92.   const isMalware = await axios.post(
    93. 

  93.     `https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${
    94. 

  94.       config.GOOGLE_SAFE_BROWSING_KEY
    95. 

  95.     }`,
    96. 

  96.     {
    97. 

  97.       client: {
    98. 

  98.         clientId: config.DEFAULT_DOMAIN.toLowerCase().replace('.', ''),
    99. 

  99.         clientVersion: '1.0.0',
    100. 

  100.       },
    101. 

  101.       threatInfo: {
    102. 

  102.         threatTypes: ['MALWARE', 'SOCIAL_ENGINEERING'],
    103. 

  103.         platformTypes: ['WINDOWS'],
    104. 

  104.         threatEntryTypes: ['URL'],
    105. 

  105.         threatEntries: [{ url: body.target }],
    106. 

  106.       },
    107. 

  107.     }
    108. 

  108.   );
    109. 

  109.   if (isMalware.data && isMalware.data.matches) {
    110. 

  110.     return res.status(400).json({ error: 'Malware detected!' });
    111. 

  111.   }
    112. 

  112.   return next();
    113. 

  113. };
    114.