From 70d596d0af8ee8956af1bef51b8b74835cc9d722 Mon Sep 17 00:00:00 2001 From: sveisvei Date: Wed, 9 Nov 2016 11:16:44 +0100 Subject: [PATCH] add joy validation to client input data --- packages/unleash-api/lib/routes/metrics.js | 59 +++++++++++++++++----- packages/unleash-api/package.json | 1 + 2 files changed, 48 insertions(+), 12 deletions(-) diff --git a/packages/unleash-api/lib/routes/metrics.js b/packages/unleash-api/lib/routes/metrics.js index 13ee4a1f4d..434fb59d87 100644 --- a/packages/unleash-api/lib/routes/metrics.js +++ b/packages/unleash-api/lib/routes/metrics.js @@ -3,6 +3,7 @@ const logger = require('../logger'); const ClientMetrics = require('../client-metrics'); const ClientMetricsService = require('../client-metrics/service'); +const joi = require('joi'); module.exports = function (app, config) { const { @@ -27,33 +28,67 @@ module.exports = function (app, config) { res.json(metrics.getTogglesMetrics()); }); + const clientMetricsSchema = joi.object().keys({ + appName: joi.string().required(), + instanceId: joi.string().required(), + bucket: joi.object().required() + .keys({ + start: joi.date().required(), + stop: joi.date().required(), + toggles: joi.object() + .required() + .unknown() + .min(1) + .max(1000), + }), + }); + app.post('/client/metrics', (req, res) => { try { const data = typeof req.body === 'string' ? JSON.parse(req.body) : req.body; + const result = joi.validate(data, clientMetricsSchema); + if (result.error) { + throw result.error; + } service - .insert(data) + .insert(result.value) .catch(e => logger.error('Error inserting metrics data', e)); } catch (e) { logger.error('Error receiving metrics', e); } - res.end(); }); + const clientRegisterSchema = joi.object().keys({ + appName: joi.string().required(), + instanceId: joi.string().required(), + strategies: joi.array() + .required() + .items(joi.string(), joi.any().strip()), + started: joi.date().required(), + interval: joi.number().required(), + }); + app.post('/client/register', (req, res) => { const data = req.body; const clientIp = req.ip; - console.log(data); - clientStrategyStore.insert(data.appName, data.strategies) - .then(() => clientInstanceStore.insert({ - appName: data.appName, - instanceId: data.instanceId, - clientIp, - })) - .then(() => console.log('new client registerd')) - .catch((error) => logger.error('Error registering client', error)); - res.end(); + joi.validate(data, clientRegisterSchema, (err, cleaned) => { + if (err) { + return res.json(400, err); + } + + clientStrategyStore.insert(cleaned.appName, cleaned.strategies) + .then(() => clientInstanceStore.insert({ + appName: cleaned.appName, + instanceId: cleaned.instanceId, + clientIp, + })) + .then(() => console.log('new client registerd')) + .catch((error) => logger.error('Error registering client', error)); + + res.end(); + }); }); app.get('/client/strategies', (req, res) => { diff --git a/packages/unleash-api/package.json b/packages/unleash-api/package.json index 99b823f840..4f5929dbad 100644 --- a/packages/unleash-api/package.json +++ b/packages/unleash-api/package.json @@ -57,6 +57,7 @@ "express": "4.14.0", "express-validator": "2.20.8", "install": "^0.8.1", + "joi": "^9.2.0", "knex": "^0.12.6", "log4js": "^0.6.38", "moment": "^2.15.2",