Add URL validation

master
Dessa Simpson 2020-07-04 09:34:03 -07:00
parent 5e596167e4
commit 057ee6e56d
2 changed files with 17 additions and 2 deletions

View File

@ -35,7 +35,10 @@ app.post("/api/addRequest", async (request, response) => {
} }
var url = request.body.url as string; var url = request.body.url as string;
var requester = request.body.requester as string; var requester = request.body.requester as string;
requests.addRequest(url,requester).then((val: string) => response.send(val)) requests.addRequest(url,requester).then((val: [number,string]) => {
response.status(val[0]);
response.send(val[1]);
})
.catch((e: any) => errorHandler(request,response,e)); .catch((e: any) => errorHandler(request,response,e));
}); });

View File

@ -26,6 +26,10 @@ export async function getAllRequests(count: number) {
}; };
// addRequest // addRequest
const validUrlRegexes = [
/^https:\/\/www\.youtube\.com\/watch\?v=[a-zA-Z0-9_-]{11}$/
];
const checkRequestExistsQuery = { const checkRequestExistsQuery = {
name: "checkRequestExists", name: "checkRequestExists",
text: "SELECT * FROM requests WHERE url = $1" text: "SELECT * FROM requests WHERE url = $1"
@ -37,6 +41,14 @@ const addRequestQuery = {
} }
export async function addRequest(url: string, requester: string) { export async function addRequest(url: string, requester: string) {
var validUrl = false;
for (var regex of validUrlRegexes) {
if (regex.test(url)) {
validUrl = true;
break;
}
}
if (!validUrl) return [400, "Invalid song URL."];
var query = Object.assign(checkRequestExistsQuery, { values: [url] }); var query = Object.assign(checkRequestExistsQuery, { values: [url] });
var result = await db.query(query); var result = await db.query(query);
if (result.rowCount > 0) { if (result.rowCount > 0) {
@ -44,7 +56,7 @@ export async function addRequest(url: string, requester: string) {
} }
var query = Object.assign(addRequestQuery, { values: [url,requester] }); var query = Object.assign(addRequestQuery, { values: [url,requester] });
return db.query(query) return db.query(query)
.then((result: pg.QueryResult) => "Song request added."); .then((result: pg.QueryResult) => [200,"Song request added."]);
}; };
// updateRequestState // updateRequestState