From b2d4cbf5de6eb3c0d676ad0c3ab7720a9792f05f Mon Sep 17 00:00:00 2001 From: ivaosthu Date: Sat, 1 Nov 2014 11:47:21 +0100 Subject: [PATCH] added server side validation of feature name --- .gitignore | 5 ++++- lib/featureApi.js | 15 ++++++++++++--- test/featureApiSpec.js | 8 ++++++++ 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index c15934e84a..5c626af20f 100644 --- a/.gitignore +++ b/.gitignore @@ -35,4 +35,7 @@ public/js/bundle.js # liquibase stuff /sql unleash-db.jar -unleash-server.tar.gz \ No newline at end of file +unleash-server.tar.gz + +# idea stuff: +*.iml diff --git a/lib/featureApi.js b/lib/featureApi.js index 4c9264f543..1cb23721c1 100644 --- a/lib/featureApi.js +++ b/lib/featureApi.js @@ -22,8 +22,17 @@ module.exports = function (app) { }); app.post('/features', function (req, res) { - var newFeature = req.body, - createdBy = req.connection.remoteAddress; + req.checkBody('name', 'Name is required').notEmpty(); + req.checkBody('name', 'Name must match format ^[a-zA-Z\\.\\-]+$').matches(/^[a-zA-Z\\.\\-]+$/i); + + var errors = req.validationErrors(); + + if (errors) { + res.json(400, errors); + return; + } + + var newFeature = req.body; var handleFeatureExist = function() { res.status(403).end(); @@ -32,7 +41,7 @@ module.exports = function (app) { var handleCreateFeature = function () { eventStore.create({ type: eventType.featureCreated, - createdBy: createdBy, + createdBy: req.connection.remoteAddress, data: newFeature }).then(function () { res.status(201).end(); diff --git a/test/featureApiSpec.js b/test/featureApiSpec.js index 56b0d7f2dd..d10cae631c 100644 --- a/test/featureApiSpec.js +++ b/test/featureApiSpec.js @@ -39,6 +39,14 @@ describe('The api', function () { .expect(201, done); }); + it('require new feature toggle to have a name', function (done) { + request + .post('/features') + .send({name: ''}) + .set('Content-Type', 'application/json') + .expect(400, done); + }); + it('can not change status of feature toggle that dose not exsist', function (done) { request .patch('/features/shouldNotExsist')