From 2ddc325a723dde9bc2fe79671bd47cdcf9be9072 Mon Sep 17 00:00:00 2001 From: nicolas Date: Mon, 16 Jan 2023 14:39:27 +0100 Subject: [PATCH] update express-validator --- app.js | 2 - controller/admin/admin.controller.js | 28 +++++++------- controller/mri/mri.controller.js | 37 +++++++++++-------- controller/mri/upload.controller.js | 47 ++++++++++++++---------- controller/project/project.controller.js | 10 +++-- controller/user/user.controller.js | 1 + package-lock.json | 39 ++++++-------------- package.json | 2 +- 8 files changed, 84 insertions(+), 82 deletions(-) diff --git a/app.js b/app.js index be25cdeb..3b9c6a7f 100644 --- a/app.js +++ b/app.js @@ -36,7 +36,6 @@ if (DOCKER_DB) { /** @todo Handle the case when MongoDB is not installed */ // var db = monk(MONGO_DB); -const expressValidator = require('express-validator'); /* jslint nomen: true */ const dirname = __dirname; // Local directory @@ -108,7 +107,6 @@ const start = async function () { }; } app.use(logger(':remote-addr :method :url :status :response-time ms - :res[content-length]', loggerOptions));//app.use(logger('dev')); - app.use(expressValidator()); app.use(cookieParser()); app.use(express.static(path.join(dirname, 'public'))); diff --git a/controller/admin/admin.controller.js b/controller/admin/admin.controller.js index ca048d17..94f2397d 100644 --- a/controller/admin/admin.controller.js +++ b/controller/admin/admin.controller.js @@ -1,22 +1,23 @@ const notifier = require('../../notifier'); +const { body, validationResult } = require('express-validator'); const validator = (req, res, next) => { const authorizedIP = ['1']; // hardcoded authorized IPs let ip; - if(req.connection.remoteAddress) { + if (req.connection.remoteAddress) { ip = req.connection.remoteAddress; - } else if(req.socket._peername) { + } else if (req.socket._peername) { ip = req.socket._peername.address; } ip = ip.split(':').pop(); - console.log({ip}); + console.log({ ip }); - if(authorizedIP.includes(ip)) { + if (authorizedIP.includes(ip)) { return next(); } - res.status(403).send({error: 'Unauthorized address'}) + res.status(403).send({ error: 'Unauthorized address' }) .end(); }; @@ -28,7 +29,7 @@ const validator = (req, res, next) => { */ const saveAllAtlases = (req, res) => { notifier.emit('saveAllAtlases'); - res.send({msg: 'Will save all atlases', success: true}); + res.send({ msg: 'Will save all atlases', success: true }); }; /** @@ -38,21 +39,22 @@ const saveAllAtlases = (req, res) => { * @param {object} res Response object * @returns {void} */ -const broadcastMessage = (req, res) => { +const broadcastMessage = async (req, res) => { console.log('broadcastMessage'); - req.checkBody('msg', 'Provide a msg to broadcast') - .notEmpty(); + await body('msg', 'Provide a msg to broadcast') + .notEmpty() + .run(req); - const errors = req.validationErrors(); - if (errors) { + const errors = validationResult(req).array(); + if (errors.length) { return res.status(403).send(errors) .end(); } // const msg = req.sanitize(req.body.msg); // why does this not work? - const {msg} = req.body; + const { msg } = req.body; notifier.emit('broadcastMessage', msg); - res.send({msg: 'Will broadcast message ' + msg, success: true}); + res.send({ msg: 'Will broadcast message ' + msg, success: true }); }; module.exports = { diff --git a/controller/mri/mri.controller.js b/controller/mri/mri.controller.js index 98565354..ff4dd0eb 100644 --- a/controller/mri/mri.controller.js +++ b/controller/mri/mri.controller.js @@ -6,6 +6,7 @@ const url = require('url'); const fs = require('fs'); const request = require('request'); const sanitize = require('sanitize-filename'); +const { body, validationResult } = require('express-validator'); const AtlasmakerServer = require('../atlasmakerServer/atlasmakerServer'); const dataSlices = require('../dataSlices/dataSlices.js'); const { AccessType, AccessLevel } = require('neuroweblab'); @@ -44,9 +45,9 @@ const validator = function (req, res, next) { // req.checkQuery('var', 'please enter one of the variables that are indicated') // .optional() // .matches("localpath|filename|source|url|dim|pixdim"); // todo: decent regexp - const errors = req.validationErrors(); + const errors = validationResult(req).array(); console.log('errors:', errors); - if (errors) { + if (errors.length) { res .status(403) .send(errors) @@ -56,28 +57,31 @@ const validator = function (req, res, next) { } }; -const validatorPost = function (req, res, next) { +const validatorPost = async function (req, res, next) { console.log('mri body', req.body); console.log('mri query', req.query); console.log('mri params', req.params); - req.checkBody('url', 'Provide a URL') - .notEmpty(); - req.checkBody('url', 'Provide a valid URL') - .isURL(); + await body('url', 'Provide a URL') + .notEmpty() + .run(req); + await body('url', 'Provide a valid URL') + .isURL() + .run(req); // req.checkQuery('var', 'please enter one of the variables that are indicated') // .optional() // .matches("localpath|filename|source|url|dim|pixdim"); // @todo: decent regexp - const errors = req.validationErrors(); - if (errors) { + const errors = validationResult(req).array(); + if (errors.length) { console.log('mri send error 403'); - res.status(403).send(errors) + + return res.status(403).send(errors) .end(); - } else { - return next(); } + + return next(); }; // does not seem to be used @@ -280,10 +284,11 @@ const mri = async function (req, res) { // also query projects that set this MRI as a source projects.push(...await req.db.get('project').find({ $or: [ - { 'files.list': {$eq: myurl }}, - { 'files.list.source': {$eq: myurl }} + { 'files.list': { $eq: myurl } }, + { 'files.list.source': { $eq: myurl } } ], - backup: { $exists: 0 }} + backup: { $exists: 0 } + } )); // set access to volume annotations @@ -568,7 +573,7 @@ const apiMriGet = async function (req, res) { }; // eslint-disable-next-line func-style -const reset = async function reset (req, res) { +const reset = async function reset(req, res) { const myurl = req.query.url; const hash = crypto.createHash('md5').update(myurl) .digest('hex'); diff --git a/controller/mri/upload.controller.js b/controller/mri/upload.controller.js index 090d7f2e..ca48bf13 100644 --- a/controller/mri/upload.controller.js +++ b/controller/mri/upload.controller.js @@ -1,33 +1,42 @@ 'use strict'; const fs = require('fs'); +const { body, validationResult } = require('express-validator'); const amri = require('../atlasmakerServer/atlasmaker-mri'); const AsyncLock = require('async-lock'); const lock = new AsyncLock(); // ExpressValidator = require('express-validator') -const validator = function (req, res, next) { +const validator = async function (req, res, next) { console.log('upload.controller body', req.body); console.log('upload.controller query', req.query); console.log('upload.controller params', req.params); - req.checkBody('url', 'Provide a URL') - .notEmpty(); - req.checkBody('url', 'Provide a valid URL') - .isURL(); - req.checkBody('atlasName', 'Provide an atlasName') - .notEmpty(); - req.checkBody('atlasName', 'Provide an alphanumeric atlasName') - .isAlphanumeric(); - req.checkBody('atlasProject', 'Provide an atlasProject') - .notEmpty(); - req.checkBody('atlasProject', 'Provide an alphanumeric atlasProject') - .isAlphanumeric(); - req.checkBody('atlasLabelSet', 'Provide an atlasLabelSet') - .notEmpty(); - req.checkBody('token', 'Provide an upload token') - .notEmpty(); + await body('url', 'Provide a URL') + .notEmpty() + .run(req); + await body('url', 'Provide a valid URL') + .isURL() + .run(req); + await body('atlasName', 'Provide an atlasName') + .notEmpty() + .run(req); + await body('atlasName', 'Provide an alphanumeric atlasName') + .isAlphanumeric() + .run(req); + await body('atlasProject', 'Provide an atlasProject') + .notEmpty() + .run(req); + await body('atlasProject', 'Provide an alphanumeric atlasProject') + .isAlphanumeric() + .run(req); + await body('atlasLabelSet', 'Provide an atlasLabelSet') + .notEmpty() + .run(req); + await body('token', 'Provide an upload token') + .notEmpty() + .run(req); /* Check for all these required fields: @@ -38,8 +47,8 @@ const validator = function (req, res, next) { atlasLabelSet: One of the labels available inside the /public/labels/ directory */ - const errors = req.validationErrors(); - if (errors) { + const errors = validationResult(req).array(); + if (errors.length) { return res.status(403).send(errors) .end(); } diff --git a/controller/project/project.controller.js b/controller/project/project.controller.js index 2d7ace61..9991f271 100644 --- a/controller/project/project.controller.js +++ b/controller/project/project.controller.js @@ -2,6 +2,7 @@ const url = require('url'); const crypto = require('crypto'); const validatorNPM = require('validator'); +const { param, validationResult } = require('express-validator'); const dataSlices = require('../dataSlices/dataSlices.js'); const AsyncLock = require('async-lock'); const lock = new AsyncLock(); @@ -18,17 +19,18 @@ const { window } = (new JSDOM('', { })); const DOMPurify = createDOMPurify(window); -const validator = function (req, res, next) { +const validator = async function (req, res, next) { - req.checkParams('projectName', 'incorrect project name').isAlphanumeric(); + await param('projectName', 'incorrect project name').isAlphanumeric() + .run(req); // req.checkQuery('url', 'please enter a valid URL') // .isURL(); // req.checkQuery('var', 'please enter one of the variables that are indicated') // .optional() // .matches("localpath|filename|source|url|dim|pixdim"); //todo: decent regexp - const errors = req.validationErrors(); - if (errors) { + const errors = validationResult(req).array(); + if (errors.length) { res.status(403).send(errors) .end(); } else { diff --git a/controller/user/user.controller.js b/controller/user/user.controller.js index 6b09dad3..1537d0fb 100644 --- a/controller/user/user.controller.js +++ b/controller/user/user.controller.js @@ -8,6 +8,7 @@ const validator = function (req, res, next) { // userName can be an ip address (for anonymous users) /* + // legacy api, needs to be rewriten if uncommented req.checkParams('userName', 'incorrect user name').isAlphanumeric(); var errors = req.validationErrors(); console.log(errors); diff --git a/package-lock.json b/package-lock.json index df48a57e..f020dd3e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "dompurify": "^2.0.17", "express": "^4.16.4", "express-session": "^1.17.1", - "express-validator": "^5.3.1", + "express-validator": "^6.14.2", "fast-json-patch": "^2.2.1", "file-type": "^16.5.4", "fs": "0.0.1-security", @@ -5906,23 +5906,15 @@ ] }, "node_modules/express-validator": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-5.3.1.tgz", - "integrity": "sha512-g8xkipBF6VxHbO1+ksC7nxUU7+pWif0+OZXjZTybKJ/V0aTVhuCoHbyhIPgSYVldwQLocGExPtB2pE0DqK4jsw==", + "version": "6.14.2", + "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.14.2.tgz", + "integrity": "sha512-8XfAUrQ6Y7dIIuy9KcUPCfG/uCbvREctrxf5EeeME+ulanJ4iiW71lWmm9r4YcKKYOCBMan0WpVg7FtHu4Z4Wg==", "dependencies": { - "lodash": "^4.17.10", - "validator": "^10.4.0" + "lodash": "^4.17.21", + "validator": "^13.7.0" }, "engines": { - "node": ">= 6.0.0" - } - }, - "node_modules/express-validator/node_modules/validator": { - "version": "10.11.0", - "resolved": "https://registry.npmjs.org/validator/-/validator-10.11.0.tgz", - "integrity": "sha512-X/p3UZerAIsbBfN/IwahhYaBbY68EN/UQBWHtsbXGT5bfrH/p4NQzUCG1kF/rtKaNpnJ7jAu6NGTdSNtyNIXMw==", - "engines": { - "node": ">= 0.10" + "node": ">= 8.0.0" } }, "node_modules/express/node_modules/cookie": { @@ -20529,19 +20521,12 @@ } }, "express-validator": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-5.3.1.tgz", - "integrity": "sha512-g8xkipBF6VxHbO1+ksC7nxUU7+pWif0+OZXjZTybKJ/V0aTVhuCoHbyhIPgSYVldwQLocGExPtB2pE0DqK4jsw==", + "version": "6.14.2", + "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.14.2.tgz", + "integrity": "sha512-8XfAUrQ6Y7dIIuy9KcUPCfG/uCbvREctrxf5EeeME+ulanJ4iiW71lWmm9r4YcKKYOCBMan0WpVg7FtHu4Z4Wg==", "requires": { - "lodash": "^4.17.10", - "validator": "^10.4.0" - }, - "dependencies": { - "validator": { - "version": "10.11.0", - "resolved": "https://registry.npmjs.org/validator/-/validator-10.11.0.tgz", - "integrity": "sha512-X/p3UZerAIsbBfN/IwahhYaBbY68EN/UQBWHtsbXGT5bfrH/p4NQzUCG1kF/rtKaNpnJ7jAu6NGTdSNtyNIXMw==" - } + "lodash": "^4.17.21", + "validator": "^13.7.0" } }, "extend": { diff --git a/package.json b/package.json index 44d0297e..7e868dbb 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "dompurify": "^2.0.17", "express": "^4.16.4", "express-session": "^1.17.1", - "express-validator": "^5.3.1", + "express-validator": "^6.14.2", "fast-json-patch": "^2.2.1", "file-type": "^16.5.4", "fs": "0.0.1-security",