diff --git a/src/proxy/api/v2/index.js b/src/proxy/api/v2/index.js index 8ad4a03..b078e40 100644 --- a/src/proxy/api/v2/index.js +++ b/src/proxy/api/v2/index.js @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ const router = require('express').Router() -const { body, validationResult } = require('express-validator') +const { query, validationResult } = require('express-validator') const fetcher = require('../../../fetcher') const E = require('../../../enums') require('dotenv').config() @@ -41,151 +41,144 @@ const opts = { // Root route router.get('/', async (req, res) => { - return res.status(400).json({ error: 'Invalid endpoint' }) + return res.status(400).json({ errors: 'Invalid endpoint' }) }) // HTTP route -router.get('/get/http', (req, res) => { - if (!req.query.url) { - return res.status(400).json({ error: 'Missing parameter(s)' }) - } - if (!validUrl.isUri(req.query.url)) { - return res.status(400).json({ error: 'Invalid URL' }) - } - - fetcher.http(req.query, opts) - .then(result => { - switch (req.query.format) { - case E.ProofFormat.JSON: - return res.status(200).json(result) - break; - - case E.ProofFormat.TEXT: - return res.status(200).send(result) - break; - - default: - throw new Error('Invalid proof format') - break; +router.get('/get/http', + query('url').isURL(), + query('format').isIn([E.ProofFormat.JSON, E.ProofFormat.TEXT]), + (req, res) => { + const errors = validationResult(req) + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }) } - }) - .catch(err => { - return res.status(400).json({ error: err.message ? err.message : err }) - }) + + fetcher + .http(req.query, opts) + .then(result => { + switch (req.query.format) { + case E.ProofFormat.JSON: + return res.status(200).json(result) + break; + + case E.ProofFormat.TEXT: + return res.status(200).send(result) + break; + } + }) + .catch(err => { + return res.status(400).json({ errors: err.message ? err.message : err }) + }) }) // DNS route -router.get('/get/dns', (req, res) => { - if (!req.query.domain) { - return res.status(400).json({ error: 'Missing parameter(s)' }) - } +router.get('/get/dns', + query('domain').isFQDN(), + (req, res) => { + const errors = validationResult(req) + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }) + } - fetcher - .dns(req.query, opts) - .then((data) => { - return res.status(200).send(data) - }) - .catch((err) => { - return res.status(400).json({ error: err.message ? err.message : err }) - }) + fetcher + .dns(req.query, opts) + .then((data) => { + return res.status(200).send(data) + }) + .catch((err) => { + return res.status(400).json({ errors: err.message ? err.message : err }) + }) }) // XMPP route -router.get('/get/xmpp', async (req, res) => { - if (!opts.claims.xmpp.service || !opts.claims.xmpp.username || !opts.claims.xmpp.password) { - return res.status(501).json({ error: 'XMPP not enabled on server' }) - } +router.get('/get/xmpp', + query('id').isEmail(), + query('field').isIn(['fn','number','userid','url','bday','nickname','note','desc']), + async (req, res) => { + if (!opts.claims.xmpp.service || !opts.claims.xmpp.username || !opts.claims.xmpp.password) { + return res.status(501).json({ errors: 'XMPP not enabled on server' }) + } + const errors = validationResult(req) + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }) + } - if (!req.query.id || !req.query.field) { - return res.status(400).json({ error: 'Missing parameter(s)' }) - } - - if (!(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,})+$/.test(req.query.id))) { - return res.status(400).json({ error: 'Invalid XMPP ID' }) - } - - const allowedField = [ - 'FN', - 'NUMBER', - 'USERID', - 'URL', - 'BDAY', - 'NICKNAME', - 'NOTE', - 'DESC', - ] - if (!allowedField.includes(req.query.field)) { - return res.status(400).json({ error: 'Invalid XMPP vCard field' }) - } - - fetcher - .xmpp(req.query, opts) - .then((data) => { - return res.status(200).send(data) - }) - .catch((err) => { - return res.status(400).json({ error: err.message ? err.message : err }) - }) + fetcher + .xmpp(req.query, opts) + .then((data) => { + return res.status(200).send(data) + }) + .catch((err) => { + return res.status(400).json({ errors: err.message ? err.message : err }) + }) }) // Twitter route -router.get('/get/twitter', async (req, res) => { - if (!opts.claims.twitter.bearerToken) { - return res.status(501).json({ error: 'Twitter not enabled on server' }) - } +router.get('/get/twitter', + query('tweetId').isInt(), + async (req, res) => { + if (!opts.claims.twitter.bearerToken) { + return res.status(501).json({ errors: 'Twitter not enabled on server' }) + } + const errors = validationResult(req) + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }) + } - if (!req.query.tweetId) { - return res.status(400).json({ error: 'Missing parameter(s)' }) - } - - fetcher - .twitter(req.query, opts) - .then((data) => { - return res.status(200).send(data) - }) - .catch((err) => { - return res.status(400).json({ error: err.message ? err.message : err }) - }) + fetcher + .twitter(req.query, opts) + .then((data) => { + return res.status(200).send(data) + }) + .catch((err) => { + return res.status(400).json({ errors: err.message ? err.message : err }) + }) }) // Matrix route -router.get('/get/matrix/:matrixroomid/:matrixeventid', async (req, res) => { - if (!opts.claims.matrix.instance || !opts.claims.matrix.accessToken) { - return res.status(501).json({ error: 'Matrix not enabled on server' }) - } +router.get('/get/matrix', + query('roomId').isString(), + query('eventId').isString(), + async (req, res) => { + if (!opts.claims.matrix.instance || !opts.claims.matrix.accessToken) { + return res.status(501).json({ errors: 'Matrix not enabled on server' }) + } + const errors = validationResult(req) + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }) + } - if (!req.query.id || !req.query.field) { - return res.status(400).json({ error: 'Missing parameter(s)' }) - } - - fetcher - .matrix(req.params, opts) - .then((data) => { - return res.status(200).send(data) - }) - .catch((err) => { - return res.status(400).json({ error: err.message ? err.message : err }) - }) + fetcher + .matrix(req.params, opts) + .then((data) => { + return res.status(200).send(data) + }) + .catch((err) => { + return res.status(400).json({ errors: err.message ? err.message : err }) + }) }) // IRC route -router.get('/get/irc/:ircserver/:ircnick', async (req, res) => { - if (!opts.claims.irc.nick) { - return res.status(501).json({ error: 'IRC not enabled on server' }) - } +router.get('/get/irc', + query('nick').isString(), + async (req, res) => { + if (!opts.claims.irc.nick) { + return res.status(501).json({ errors: 'IRC not enabled on server' }) + } + const errors = validationResult(req) + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }) + } - if (!req.query.nick) { - return res.status(400).json({ error: 'Missing parameter(s)' }) - } - - fetcher - .irc(req.params, opts) - .then((data) => { - return res.status(200).send(data) - }) - .catch((err) => { - return res.status(400).json({ error: err.message ? err.message : err }) - }) + fetcher + .irc(req.params, opts) + .then((data) => { + return res.status(200).send(data) + }) + .catch((err) => { + return res.status(400).json({ errors: err.message ? err.message : err }) + }) }) module.exports = router