Add URL validation

src/app.ts

@@ -35,7 +35,10 @@ app.post("/api/addRequest", async (request, response) => {
 	}
 	var url = request.body.url as string;
 	var requester = request.body.requester as string;
-	requests.addRequest(url,requester).then((val: string) => response.send(val))
+	requests.addRequest(url,requester).then((val: [number,string]) => {
+		response.status(val[0]);
+		response.send(val[1]);
+	})
 	.catch((e: any) => errorHandler(request,response,e));
 });
 

src/requests.ts

@@ -26,6 +26,10 @@ export async function getAllRequests(count: number) {
 };
 
 // addRequest
+const validUrlRegexes = [
+	/^https:\/\/www\.youtube\.com\/watch\?v=[a-zA-Z0-9_-]{11}$/
+];
+
 const checkRequestExistsQuery = {
 	name: "checkRequestExists",
  	text: "SELECT * FROM requests WHERE url = $1"
@@ -37,6 +41,14 @@ const addRequestQuery = {
 }
 
 export async function addRequest(url: string, requester: string) {
+	var validUrl = false;
+	for (var regex of validUrlRegexes) {
+		if (regex.test(url)) {
+			validUrl = true;
+			break;
+		}
+	}
+	if (!validUrl) return [400, "Invalid song URL."];
 	var query = Object.assign(checkRequestExistsQuery, { values: [url] });
 	var result = await db.query(query);
 	if (result.rowCount > 0) {
@@ -44,7 +56,7 @@ export async function addRequest(url: string, requester: string) {
 	}
 	var query = Object.assign(addRequestQuery, { values: [url,requester] });
 	return db.query(query)
-	.then((result: pg.QueryResult) => "Song request added.");
+	.then((result: pg.QueryResult) => [200,"Song request added."]);
 };
 
 // updateRequestState