Merge pull request #184 from StatelessStudio/v3.0.1

## [3.0.1] Jul-02-2019

Author: DrewImm

CHANGELOG.md

@@ -1,5 +1,11 @@
 # PointyApi Changelog
 
+## [3.0.1] Jul-02-2019
+
+### Fixes
+- [Issue #182] queryValidator() should run class-validator
+- [Issue #181] queryValidator() isKeyInModel fail does not send response
+
 ## [3.0.0] Jun-20-2019
 
 ### Breaking Changes (See migration.md)

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "pointyapi",
-	"version": "3.0.0",
+	"version": "3.0.1",
 	"author": "stateless-studio",
 	"license": "MIT",
 	"scripts": {
@@ -26,7 +26,7 @@
 		"@types/btoa": "^1.2.3",
 		"@types/express": "^4.17.0",
 		"@types/jsonwebtoken": "^7.2.8",
-		"@types/node": "^10.14.8",
+		"@types/node": "^10.14.12",
 		"@types/request": "^2.48.1",
 		"atob": "^2.1.2",
 		"bcryptjs": "^2.4.3",
@@ -53,7 +53,7 @@
 		"nyc": "^14.1.1",
 		"source-map-support": "^0.5.12",
 		"ts-node": "^7.0.1",
-		"tslint": "^5.17.0",
+		"tslint": "^5.18.0",
 		"tslint-eslint-rules": "^5.4.0",
 		"typescript": "^3.5.2"
 	},

package.json

@@ -6,7 +6,8 @@ import {
 	IsEmail,
 	IsAlphanumeric,
 	IsDate,
-	IsOptional
+	IsOptional,
+	IsInt
 } from 'class-validator';
 
 // Bodyguards
@@ -30,9 +31,11 @@ import { UserRole, UserStatus } from '../enums';
 export class ExampleUser extends BaseUser {
 	// ID
 	@PrimaryGeneratedColumn()
+	@IsInt()
+	@IsOptional()
 	@BodyguardKey()
 	@AnyoneCanRead()
-	public id: any = undefined;
+	public id: number = undefined;
 
 	// Time created
 	@Column({ type: 'timestamp', default: new Date() })

src/models/example-user.ts

@@ -2,6 +2,59 @@ import { Request, Response } from 'express';
 import { isKeyInModel } from '../utils';
 import { queryTypes, queryTypeKeys } from './query-types';
 import { getReadableFields, getReadableRelations } from '../bodyguard';
+import {
+	validateSync,
+	MetadataStorage,
+	getFromContainer
+} from 'class-validator';
+
+/**
+ * Get class-validator constraints for a class
+ * @param someClass BaseModel class(e.g `request.payloadType`)
+ * @param key (Optional) Key to get constraints for. If unset, constraints for
+ * 	all keys will be returned.
+ */
+function getValidationConstraints(someClass: Function, key?: string) {
+	const container = <MetadataStorage>getFromContainer(MetadataStorage);
+	const metadata = container.getTargetValidationMetadatas(
+		someClass,
+		JSON.stringify(someClass)
+	);
+	const properties = container.groupByPropertyName(metadata);
+
+	const validators = Object.keys(properties).reduce((schema, property) => {
+		schema[property] = properties[
+			property
+		].reduce((propertySchema, { type, constraints }) => {
+			if (Array.isArray(constraints) && constraints.length === 1) {
+				constraints = constraints[0];
+			}
+
+			if (typeof constraints === 'undefined') {
+				propertySchema[type] = true;
+			}
+			else {
+				propertySchema[type] = constraints;
+			}
+
+			return propertySchema;
+		}, {});
+
+		return schema;
+	}, {});
+
+	if (key) {
+		if (key in validators) {
+			return validators[key];
+		}
+		else {
+			return false;
+		}
+	}
+	else {
+		return validators;
+	}
+}
 
 /**
  * Validate a GET query type
@@ -37,6 +90,10 @@ function queryFieldValidator(
 				}
 
 				if (!isKeyInModel(key, request.payload, response)) {
+					response.validationResponder(
+						'Member "' + key + '" does not exist in model'
+					);
+
 					return false;
 				}
 
@@ -55,14 +112,22 @@ function queryFieldValidator(
 			}
 		}
 		else if (request.query[type] instanceof Object) {
+			const validators = getValidationConstraints(request.payloadType);
+
 			for (const key in request.query[type]) {
-				if (request.query[type][key] === undefined) {
+				const value = request.query[type][key];
+
+				if (value === undefined) {
 					delete request.query[type][key];
 
 					continue;
 				}
 
 				if (!isKeyInModel(key, request.payload, response)) {
+					response.validationResponder(
+						'Member "' + key + '" does not exist in model'
+					);
+
 					return false;
 				}
 
@@ -72,12 +137,88 @@ function queryFieldValidator(
 						key && key.indexOf('.') ? key.split('.')[0] : key
 					)
 				) {
-					response.validationResponder(
+					response.forbiddenResponder(
 						'Cannot "' + type + '" by member "' + key + '"'
 					);
 
 					return false;
 				}
+
+				// Cast to int if need be
+				if (
+					key in validators &&
+					'isInt' in validators[key] &&
+					validators[key]['isInt'] === true
+				) {
+					if (Array.isArray(value)) {
+						for (let i = 0; i < value.length; i++) {
+							const asInt = parseInt(value[i], 10);
+
+							if (!isNaN(asInt)) {
+								value[i] = asInt;
+							}
+						}
+					}
+					else {
+						const asInt = parseInt(value, 10);
+
+						if (!isNaN(asInt)) {
+							request.query[type][key] = asInt;
+						}
+					}
+				}
+			}
+
+			if (
+				type === 'where' ||
+				type === 'whereAnyOf' ||
+				type === 'not' ||
+				type === 'lessThan' ||
+				type === 'lessThanOrEqual' ||
+				type === 'greaterThan' ||
+				type === 'greaterThanOrEqual'
+			) {
+				const testObject = Object.assign(
+					new request.payloadType(),
+					request.query[type]
+				);
+
+				const validationErrors = validateSync(testObject, {
+					skipMissingProperties: true
+				});
+				if (validationErrors && validationErrors.length) {
+					response.validationResponder(validationErrors);
+
+					return false;
+				}
+			}
+		}
+		else if (type === 'id') {
+			const validator = getValidationConstraints(
+				request.payloadType,
+				'id'
+			);
+
+			if (validator && 'isInt' in validator && validator.isInt === true) {
+				const asInt = parseInt(request.query.id, 10);
+
+				if (!isNaN(asInt)) {
+					request.query.id = asInt;
+				}
+			}
+
+			const testObject = Object.assign(new request.payloadType(), {
+				id: request.query[type]
+			});
+
+			const validationErrors = validateSync(testObject, {
+				skipMissingProperties: true
+			});
+
+			if (validationErrors && validationErrors.length) {
+				response.validationResponder(validationErrors);
+
+				return false;
 			}
 		}
 	}

src/query-tools/query-validator.ts

@@ -66,6 +66,32 @@ describe('[Utils] queryValidator()', () => {
 		expect(hasValidationResponder).toBe(true);
 	});
 
+	it('fires validation responder if ID query has invalid value type', () => {
+		const { request, response } = createMockRequest();
+		request.query = { id: 'a' };
+		request.payloadType = ExampleUser;
+		request.payload = new ExampleUser();
+
+		let hasValidationResponder = false;
+		response.validationResponder = () => (hasValidationResponder = true);
+
+		expect(queryValidator(request, response)).toBe(false);
+		expect(hasValidationResponder).toBe(true);
+	});
+
+	it('fires validation responder if the query key has invalid value type', () => {
+		const { request, response } = createMockRequest();
+		request.query = { where: { id: 'a' } };
+		request.payloadType = ExampleUser;
+		request.payload = new ExampleUser();
+
+		let hasValidationResponder = false;
+		response.validationResponder = () => (hasValidationResponder = true);
+
+		expect(queryValidator(request, response)).toBe(false);
+		expect(hasValidationResponder).toBe(true);
+	});
+
 	it('fires validation responder if a key is not in the model (object)', () => {
 		const { request, response } = createMockRequest();
 		request.query = { where: { notInModel: 'test' } };
@@ -110,4 +136,17 @@ describe('[Utils] queryValidator()', () => {
 		expect(queryValidator(request, response)).toBe(true);
 		expect(hasValidationResponder).toBe(false);
 	});
+
+	it('can get by id', () => {
+		const { request, response } = createMockRequest();
+		request.query = { id: 1 };
+		request.payloadType = ExampleUser;
+		request.payload = new ExampleUser();
+
+		let hasValidationResponder = false;
+		response.validationResponder = () => (hasValidationResponder = true);
+
+		expect(queryValidator(request, response)).toBe(true);
+		expect(hasValidationResponder).toBe(false);
+	});
 });