1 |
|
2 |
|
3 |
|
4 | 'use strict';
|
5 |
|
6 | const fs = require('fs');
|
7 | const PATH = require('path');
|
8 | const bedrock = require('bedrock');
|
9 | const logger = require('./logger');
|
10 | const Ajv = require('ajv');
|
11 | const {BedrockError} = bedrock.util;
|
12 | const ajv = new Ajv({verbose: true});
|
13 |
|
14 |
|
15 | require('./config');
|
16 |
|
17 | const api = {};
|
18 | module.exports = api;
|
19 |
|
20 |
|
21 | const schemas = api.schemas = {};
|
22 |
|
23 | bedrock.events.on('bedrock.init', init);
|
24 |
|
25 |
|
26 |
|
27 |
|
28 | function init() {
|
29 |
|
30 | const skip = bedrock.config.validation.schema.skip.slice();
|
31 |
|
32 |
|
33 | const schemaDirs = bedrock.config.validation.schema.paths;
|
34 | const jsExt = '.js';
|
35 | schemaDirs.forEach(schemaDir => {
|
36 | schemaDir = PATH.resolve(schemaDir);
|
37 | logger.debug('loading schemas from: ' + schemaDir);
|
38 | fs.readdirSync(schemaDir).filter(file => {
|
39 | const js = PATH.extname(file) === jsExt;
|
40 | const use = skip.indexOf(file) === -1;
|
41 | return js && use;
|
42 | }).forEach(file => {
|
43 | const name = PATH.basename(file, PATH.extname(file));
|
44 | const module = require(PATH.join(schemaDir, file));
|
45 | if(typeof module === 'function') {
|
46 | if(name in schemas) {
|
47 | logger.debug(
|
48 | 'overwriting schema "' + name + '" with ' +
|
49 | PATH.resolve(schemaDir, file));
|
50 | }
|
51 | schemas[name] = module;
|
52 | schemas[name].instance = module();
|
53 | logger.debug('loaded schema: ' + name);
|
54 | } else {
|
55 | for(const key in module) {
|
56 | const tmp = name + '.' + key;
|
57 | if(tmp in schemas) {
|
58 | logger.debug('overwriting schema "' + tmp + '" with ' + file);
|
59 | }
|
60 | schemas[tmp] = module[key];
|
61 | schemas[tmp].instance = schemas[tmp]();
|
62 | logger.debug('loaded schema: ' + tmp);
|
63 | }
|
64 | }
|
65 | });
|
66 | });
|
67 | }
|
68 |
|
69 |
|
70 |
|
71 |
|
72 |
|
73 |
|
74 |
|
75 |
|
76 |
|
77 |
|
78 |
|
79 |
|
80 |
|
81 |
|
82 |
|
83 |
|
84 |
|
85 |
|
86 |
|
87 |
|
88 |
|
89 |
|
90 |
|
91 |
|
92 |
|
93 |
|
94 |
|
95 | api.validate = function(name, data, callback) {
|
96 |
|
97 | const options = {};
|
98 |
|
99 | if(typeof name === 'object') {
|
100 | if('body' in name) {
|
101 | options.body = name.body;
|
102 | }
|
103 | if('query' in name) {
|
104 | options.query = name.query;
|
105 | }
|
106 | } else {
|
107 | options.body = name;
|
108 | }
|
109 |
|
110 |
|
111 | const schemas = {};
|
112 | let notFound = null;
|
113 | Object.keys(options).forEach(key => {
|
114 | schemas[key] = api.getSchema(options[key]);
|
115 | if(!notFound && !schemas[key]) {
|
116 | notFound = options[key];
|
117 | }
|
118 | });
|
119 |
|
120 |
|
121 | if(arguments.length > 1) {
|
122 | if(notFound) {
|
123 | const err = new BedrockError(
|
124 | 'Could not validate data; unknown schema name (' + notFound + ').',
|
125 | 'UnknownSchema', {schema: notFound});
|
126 | if(typeof callback === 'function') {
|
127 | return callback(err);
|
128 | }
|
129 | throw err;
|
130 | }
|
131 |
|
132 | return api.validateInstance(data, schemas.body, callback);
|
133 | }
|
134 |
|
135 |
|
136 | if(notFound) {
|
137 | return (req, res, next) => {
|
138 | next(new BedrockError(
|
139 | 'Could not validate request; unknown schema name (' + notFound + ').',
|
140 | 'UnknownSchema', {schema: notFound}));
|
141 | };
|
142 | }
|
143 |
|
144 |
|
145 |
|
146 | return (req, res, next) => {
|
147 | if(schemas.query) {
|
148 | const result = api.validateInstance(req.query, schemas.query);
|
149 | if(!result.valid) {
|
150 | return next(result.error);
|
151 | }
|
152 | }
|
153 | if(schemas.body) {
|
154 | const result = api.validateInstance(req.body, schemas.body);
|
155 | if(!result.valid) {
|
156 | return next(result.error);
|
157 | }
|
158 | }
|
159 | next();
|
160 | };
|
161 | };
|
162 |
|
163 |
|
164 |
|
165 |
|
166 |
|
167 |
|
168 |
|
169 |
|
170 | api.getSchema = name => {
|
171 | let schema = null;
|
172 | if(name in api.schemas) {
|
173 | schema = api.schemas[name].instance;
|
174 | }
|
175 | return schema;
|
176 | };
|
177 |
|
178 |
|
179 |
|
180 |
|
181 |
|
182 |
|
183 |
|
184 |
|
185 |
|
186 |
|
187 | api.validateInstance = (instance, schema, callback) => {
|
188 |
|
189 | const valid = ajv.validate(schema, instance);
|
190 | if(valid) {
|
191 | if(callback) {
|
192 | return callback(null, {valid});
|
193 | }
|
194 | return {valid};
|
195 | }
|
196 |
|
197 | const result = {valid: false};
|
198 |
|
199 |
|
200 | const errors = [];
|
201 | for(const error of ajv.errors) {
|
202 |
|
203 | const details = {
|
204 | instance,
|
205 | params: error.params,
|
206 | path: error.dataPath,
|
207 | public: true,
|
208 | schemaPath: error.schemaPath,
|
209 | };
|
210 | let title;
|
211 | if(Array.isArray(error.schema)) {
|
212 | [title] = error.schema;
|
213 | }
|
214 | title = title || error.parentSchema.title || '',
|
215 | details.schema = {
|
216 | description: error.parentSchema.description || '',
|
217 | title,
|
218 | };
|
219 |
|
220 |
|
221 |
|
222 |
|
223 |
|
224 |
|
225 |
|
226 | if(error.data) {
|
227 | if(error.parentSchema.errors && 'mask' in error.parentSchema.errors) {
|
228 | const mask = error.parentSchema.errors.mask;
|
229 | if(mask === true) {
|
230 | details.value = '***MASKED***';
|
231 | } else {
|
232 | details.value = mask;
|
233 | }
|
234 | } else {
|
235 | details.value = error.data;
|
236 | }
|
237 | }
|
238 |
|
239 |
|
240 | errors.push(new BedrockError(error.message, 'ValidationError', details));
|
241 | }
|
242 |
|
243 | const msg = schema.title ?
|
244 | 'A validation error occured in the \'' + schema.title + '\' validator.' :
|
245 | 'A validation error occured in an unnamed validator.';
|
246 | const error = new BedrockError(
|
247 | msg, 'ValidationError', {public: true, errors, httpStatusCode: 400});
|
248 |
|
249 | result.error = error;
|
250 | if(callback) {
|
251 | return callback(null, result);
|
252 | }
|
253 | return result;
|
254 | };
|