added server side validation of feature name

2025-10-27 11:02:16 +01:00 · 2014-11-01 11:47:21 +01:00 · 2014-11-01 11:47:21 +01:00 · b2d4cbf5de
commit b2d4cbf5de
parent ee034c22d6
3 changed files with 24 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -36,3 +36,6 @@ public/js/bundle.js
 /sql
 unleash-db.jar
 unleash-server.tar.gz
+
+# idea stuff:
+*.iml
--- a/lib/featureApi.js
+++ b/lib/featureApi.js
@ -22,8 +22,17 @@ module.exports = function (app) {
    });

    app.post('/features', function (req, res) {
-        var newFeature = req.body,
-            createdBy = req.connection.remoteAddress;
+        req.checkBody('name', 'Name is required').notEmpty();
+        req.checkBody('name', 'Name must match format ^[a-zA-Z\\.\\-]+$').matches(/^[a-zA-Z\\.\\-]+$/i);
+
+        var errors = req.validationErrors();
+
+        if (errors) {
+            res.json(400, errors);
+            return;
+        }
+
+        var newFeature = req.body;

        var handleFeatureExist = function() {
            res.status(403).end();
@ -32,7 +41,7 @@ module.exports = function (app) {
        var handleCreateFeature = function () {
            eventStore.create({
                type: eventType.featureCreated,
-                createdBy: createdBy,
+                createdBy: req.connection.remoteAddress,
                data: newFeature
            }).then(function () {
                res.status(201).end();
--- a/test/featureApiSpec.js
+++ b/test/featureApiSpec.js
@ -39,6 +39,14 @@ describe('The api', function () {
            .expect(201, done);
    });

+    it('require new feature toggle to have a name', function (done) {
+        request
+            .post('/features')
+            .send({name: ''})
+            .set('Content-Type', 'application/json')
+            .expect(400, done);
+    });
+
    it('can not change status of feature toggle that dose not exsist', function (done) {
        request
            .patch('/features/shouldNotExsist')