update express-validator

app.js

@@ -36,7 +36,6 @@ if (DOCKER_DB) {
 
 /** @todo Handle the case when MongoDB is not installed */
 // var db = monk(MONGO_DB);
-const expressValidator = require('express-validator');
 
 /* jslint nomen: true */
 const dirname = __dirname; // Local directory
@@ -108,7 +107,6 @@ const start = async function () {
     };
   }
   app.use(logger(':remote-addr :method :url :status :response-time ms - :res[content-length]', loggerOptions));//app.use(logger('dev'));
-  app.use(expressValidator());
   app.use(cookieParser());
   app.use(express.static(path.join(dirname, 'public')));
 

controller/admin/admin.controller.js

@@ -1,22 +1,23 @@
 const notifier = require('../../notifier');
+const { body, validationResult } = require('express-validator');
 
 const validator = (req, res, next) => {
   const authorizedIP = ['1']; // hardcoded authorized IPs
   let ip;
-  if(req.connection.remoteAddress) {
+  if (req.connection.remoteAddress) {
     ip = req.connection.remoteAddress;
-  } else if(req.socket._peername) {
+  } else if (req.socket._peername) {
     ip = req.socket._peername.address;
   }
 
   ip = ip.split(':').pop();
-  console.log({ip});
+  console.log({ ip });
 
-  if(authorizedIP.includes(ip)) {
+  if (authorizedIP.includes(ip)) {
     return next();
   }
 
-  res.status(403).send({error: 'Unauthorized address'})
+  res.status(403).send({ error: 'Unauthorized address' })
     .end();
 };
 
@@ -28,7 +29,7 @@ const validator = (req, res, next) => {
  */
 const saveAllAtlases = (req, res) => {
   notifier.emit('saveAllAtlases');
-  res.send({msg: 'Will save all atlases', success: true});
+  res.send({ msg: 'Will save all atlases', success: true });
 };
 
 /**
@@ -38,21 +39,22 @@ const saveAllAtlases = (req, res) => {
  * @param {object} res Response object
  * @returns {void}
  */
-const broadcastMessage = (req, res) => {
+const broadcastMessage = async (req, res) => {
   console.log('broadcastMessage');
 
-  req.checkBody('msg', 'Provide a msg to broadcast')
-    .notEmpty();
+  await body('msg', 'Provide a msg to broadcast')
+    .notEmpty()
+    .run(req);
 
-  const errors = req.validationErrors();
-  if (errors) {
+  const errors = validationResult(req).array();
+  if (errors.length) {
     return res.status(403).send(errors)
       .end();
   }
   // const msg = req.sanitize(req.body.msg); // why does this not work?
-  const {msg} = req.body;
+  const { msg } = req.body;
   notifier.emit('broadcastMessage', msg);
-  res.send({msg: 'Will broadcast message ' + msg, success: true});
+  res.send({ msg: 'Will broadcast message ' + msg, success: true });
 };
 
 module.exports = {

controller/mri/mri.controller.js

@@ -6,6 +6,7 @@ const url = require('url');
 const fs = require('fs');
 const request = require('request');
 const sanitize = require('sanitize-filename');
+const { body, validationResult } = require('express-validator');
 const AtlasmakerServer = require('../atlasmakerServer/atlasmakerServer');
 const dataSlices = require('../dataSlices/dataSlices.js');
 const { AccessType, AccessLevel } = require('neuroweblab');
@@ -44,9 +45,9 @@ const validator = function (req, res, next) {
   // req.checkQuery('var', 'please enter one of the variables that are indicated')
   // .optional()
   // .matches("localpath|filename|source|url|dim|pixdim");    // todo: decent regexp
-  const errors = req.validationErrors();
+  const errors = validationResult(req).array();
   console.log('errors:', errors);
-  if (errors) {
+  if (errors.length) {
     res
       .status(403)
       .send(errors)
@@ -56,28 +57,31 @@ const validator = function (req, res, next) {
   }
 };
 
-const validatorPost = function (req, res, next) {
+const validatorPost = async function (req, res, next) {
 
   console.log('mri body', req.body);
   console.log('mri query', req.query);
   console.log('mri params', req.params);
 
-  req.checkBody('url', 'Provide a URL')
-    .notEmpty();
-  req.checkBody('url', 'Provide a valid URL')
-    .isURL();
+  await body('url', 'Provide a URL')
+    .notEmpty()
+    .run(req);
+  await body('url', 'Provide a valid URL')
+    .isURL()
+    .run(req);
 
   // req.checkQuery('var', 'please enter one of the variables that are indicated')
   // .optional()
   // .matches("localpath|filename|source|url|dim|pixdim");    // @todo: decent regexp
-  const errors = req.validationErrors();
-  if (errors) {
+  const errors = validationResult(req).array();
+  if (errors.length) {
     console.log('mri send error 403');
-    res.status(403).send(errors)
+
+    return res.status(403).send(errors)
       .end();
-  } else {
-    return next();
   }
+
+  return next();
 };
 
 // does not seem to be used
@@ -280,10 +284,11 @@ const mri = async function (req, res) {
     // also query projects that set this MRI as a source
     projects.push(...await req.db.get('project').find({
       $or: [
-        { 'files.list': {$eq: myurl }},
-        { 'files.list.source': {$eq: myurl }}
+        { 'files.list': { $eq: myurl } },
+        { 'files.list.source': { $eq: myurl } }
       ],
-      backup: { $exists: 0 }}
+      backup: { $exists: 0 }
+    }
     ));
 
     // set access to volume annotations
@@ -568,7 +573,7 @@ const apiMriGet = async function (req, res) {
 };
 
 // eslint-disable-next-line func-style
-const reset = async function reset (req, res) {
+const reset = async function reset(req, res) {
   const myurl = req.query.url;
   const hash = crypto.createHash('md5').update(myurl)
     .digest('hex');

controller/mri/upload.controller.js

@@ -1,33 +1,42 @@
 'use strict';
 
 const fs = require('fs');
+const { body, validationResult } = require('express-validator');
 const amri = require('../atlasmakerServer/atlasmaker-mri');
 const AsyncLock = require('async-lock');
 const lock = new AsyncLock();
 
 // ExpressValidator = require('express-validator')
 
-const validator = function (req, res, next) {
+const validator = async function (req, res, next) {
   console.log('upload.controller body', req.body);
   console.log('upload.controller query', req.query);
   console.log('upload.controller params', req.params);
 
-  req.checkBody('url', 'Provide a URL')
-    .notEmpty();
-  req.checkBody('url', 'Provide a valid URL')
-    .isURL();
-  req.checkBody('atlasName', 'Provide an atlasName')
-    .notEmpty();
-  req.checkBody('atlasName', 'Provide an alphanumeric atlasName')
-    .isAlphanumeric();
-  req.checkBody('atlasProject', 'Provide an atlasProject')
-    .notEmpty();
-  req.checkBody('atlasProject', 'Provide an alphanumeric atlasProject')
-    .isAlphanumeric();
-  req.checkBody('atlasLabelSet', 'Provide an atlasLabelSet')
-    .notEmpty();
-  req.checkBody('token', 'Provide an upload token')
-    .notEmpty();
+  await body('url', 'Provide a URL')
+    .notEmpty()
+    .run(req);
+  await body('url', 'Provide a valid URL')
+    .isURL()
+    .run(req);
+  await body('atlasName', 'Provide an atlasName')
+    .notEmpty()
+    .run(req);
+  await body('atlasName', 'Provide an alphanumeric atlasName')
+    .isAlphanumeric()
+    .run(req);
+  await body('atlasProject', 'Provide an atlasProject')
+    .notEmpty()
+    .run(req);
+  await body('atlasProject', 'Provide an alphanumeric atlasProject')
+    .isAlphanumeric()
+    .run(req);
+  await body('atlasLabelSet', 'Provide an atlasLabelSet')
+    .notEmpty()
+    .run(req);
+  await body('token', 'Provide an upload token')
+    .notEmpty()
+    .run(req);
 
   /*
         Check for all these required fields:
@@ -38,8 +47,8 @@ const validator = function (req, res, next) {
         atlasLabelSet: One of the labels available inside the /public/labels/ directory
     */
 
-  const errors = req.validationErrors();
-  if (errors) {
+  const errors = validationResult(req).array();
+  if (errors.length) {
     return res.status(403).send(errors)
       .end();
   }

controller/project/project.controller.js

@@ -2,6 +2,7 @@
 const url = require('url');
 const crypto = require('crypto');
 const validatorNPM = require('validator');
+const { param, validationResult } = require('express-validator');
 const dataSlices = require('../dataSlices/dataSlices.js');
 const AsyncLock = require('async-lock');
 const lock = new AsyncLock();
@@ -18,17 +19,18 @@ const { window } = (new JSDOM('', {
 }));
 const DOMPurify = createDOMPurify(window);
 
-const validator = function (req, res, next) {
+const validator = async function (req, res, next) {
 
-  req.checkParams('projectName', 'incorrect project name').isAlphanumeric();
+  await param('projectName', 'incorrect project name').isAlphanumeric()
+    .run(req);
   // req.checkQuery('url', 'please enter a valid URL')
   // .isURL();
 
   // req.checkQuery('var', 'please enter one of the variables that are indicated')
   // .optional()
   // .matches("localpath|filename|source|url|dim|pixdim"); //todo: decent regexp
-  const errors = req.validationErrors();
-  if (errors) {
+  const errors = validationResult(req).array();
+  if (errors.length) {
     res.status(403).send(errors)
       .end();
   } else {

controller/user/user.controller.js

@@ -8,6 +8,7 @@ const validator = function (req, res, next) {
   // userName can be an ip address (for anonymous users)
 
   /*
+    // legacy api, needs to be rewriten if uncommented
     req.checkParams('userName', 'incorrect user name').isAlphanumeric();
     var errors = req.validationErrors();
     console.log(errors);

package.json

@@ -37,7 +37,7 @@
     "dompurify": "^2.0.17",
     "express": "^4.16.4",
     "express-session": "^1.17.1",
-    "express-validator": "^5.3.1",
+    "express-validator": "^6.14.2",
     "fast-json-patch": "^2.2.1",
     "file-type": "^16.5.4",
     "fs": "0.0.1-security",