reference #355 changes to paramconverter

got the changes to itself done to return the middleware function, and for most routes i updated them still TODO the more complex routes, and change them to the refactored schema checking
3 years ago · 42422d3d35
parent 3eb3ba3a38
commit 42422d3d35
31 changed files with 1805 additions and 1479 deletions
--- a/controllers/forms.js
+++ b/controllers/forms.js
@ -10,7 +10,6 @@ const express  = require('express')
 	, processIp = require(__dirname+'/../helpers/processip.js')
 	, calcPerms = require(__dirname+'/../helpers/checks/calcpermsmiddleware.js')
 	, hasPerms = require(__dirname+'/../helpers/checks/haspermsmiddleware.js')
-	, paramConverter = require(__dirname+'/../helpers/paramconverter.js')
 	, numFiles = require(__dirname+'/../helpers/numfiles.js')
 	, imageHashes = require(__dirname+'/../helpers/imagehash.js')
 	, banCheck = require(__dirname+'/../helpers/checks/bancheck.js')
@ -23,81 +22,61 @@ const express  = require('express')
 	, blockBypassCheck = require(__dirname+'/../helpers/checks/blockbypass.js')
 	, fileMiddlewares = require(__dirname+'/../helpers/filemiddlewares.js')
 //controllers
-	, deleteBoardController = require(__dirname+'/forms/deleteboard.js')
-	, editBansController = require(__dirname+'/forms/editbans.js')
-	, appealController = require(__dirname+'/forms/appeal.js')
-	, globalActionController = require(__dirname+'/forms/globalactions.js')
-	, actionController = require(__dirname+'/forms/actions.js')
-	, addCustomPageController = require(__dirname+'/forms/addcustompage.js')
-	, deleteCustomPageController = require(__dirname+'/forms/deletecustompage.js')
-	, addNewsController = require(__dirname+'/forms/addnews.js')
-	, editNewsController = require(__dirname+'/forms/editnews.js')
-	, deleteNewsController = require(__dirname+'/forms/deletenews.js')
-	, uploadBannersController = require(__dirname+'/forms/uploadbanners.js')
-	, deleteBannersController = require(__dirname+'/forms/deletebanners.js')
-	, addFlagsController = require(__dirname+'/forms/addflags.js')
-	, deleteFlagsController = require(__dirname+'/forms/deleteflags.js')
-	, boardSettingsController = require(__dirname+'/forms/boardsettings.js')
-	, transferController = require(__dirname+'/forms/transfer.js')
-	, resignController = require(__dirname+'/forms/resign.js')
-	, deleteAccountController = require(__dirname+'/forms/deleteaccount.js')
-	, loginController = require(__dirname+'/forms/login.js')
-	, registerController = require(__dirname+'/forms/register.js')
-	, changePasswordController = require(__dirname+'/forms/changepassword.js')
-	, editAccountsController = require(__dirname+'/forms/editaccounts.js')
-	, globalSettingsController = require(__dirname+'/forms/globalsettings.js')
-	, createBoardController = require(__dirname+'/forms/create.js')
-	, makePostController = require(__dirname+'/forms/makepost.js')
-	, editPostController = require(__dirname+'/forms/editpost.js')
-	, newCaptcha = require(__dirname+'/../models/forms/newcaptcha.js')
-	, blockBypass = require(__dirname+'/../models/forms/blockbypass.js')
-	, logout = require(__dirname+'/../models/forms/logout.js');
+	, { deleteBoardController, editBansController, appealController, globalActionController,
+		actionController, addCustomPageController, deleteCustomPageController, addNewsController,
+		editNewsController, deleteNewsController, uploadBannersController, deleteBannersController,
+		addFlagsController, deleteFlagsController, boardSettingsController, transferController,
+		resignController, deleteAccountController, loginController, registerController, changePasswordController,
+		editAccountsController, globalSettingsController, createBoardController, makePostController,
+		editPostController, newCaptcha, blockBypass, logout } = require(__dirname+'/forms/index.js');
+

 //make new post
 router.post('/board/:board/post', geoAndTor, fileMiddlewares.postsEarly, torPreBypassCheck, processIp, useSession, sessionRefresh, Boards.exists, calcPerms, banCheck, fileMiddlewares.posts,
-	paramConverter, verifyCaptcha, numFiles, blockBypassCheck, dnsblCheck, imageHashes, makePostController);
+	makePostController.paramConverter, verifyCaptcha, numFiles, blockBypassCheck, dnsblCheck, imageHashes, makePostController.controller);
 router.post('/board/:board/modpost', geoAndTor, fileMiddlewares.postsEarly, torPreBypassCheck, processIp, useSession, sessionRefresh, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(3), fileMiddlewares.posts,
-	paramConverter, csrf, numFiles, blockBypassCheck, dnsblCheck, makePostController); //mod post has token instead of captcha
+	makePostController.paramConverter, csrf, numFiles, blockBypassCheck, dnsblCheck, makePostController.controller); //mod post has token instead of captcha

 //post actions
-router.post('/board/:board/actions', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, Boards.exists, calcPerms, banCheck, paramConverter, verifyCaptcha, actionController); //public, with captcha
-router.post('/board/:board/modactions', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(3), paramConverter, actionController); //board manage page
-router.post('/global/actions', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, globalActionController); //global manage page
+router.post('/board/:board/actions', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, Boards.exists, calcPerms, banCheck, actionController.paramConverter, verifyCaptcha, actionController.controller); //public, with captcha
+router.post('/board/:board/modactions', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(3), actionController.paramConverter, actionController.controller); //board manage page
+router.post('/global/actions', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), globalActionController.paramConverter, globalActionController.controller); //global manage page
 //appeal ban
-router.post('/appeal', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, paramConverter, verifyCaptcha, appealController);
+router.post('/appeal', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, appealController.paramConverter, verifyCaptcha, appealController.controller);
 //edit post
-router.post('/editpost', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, paramConverter, Boards.bodyExists, calcPerms, hasPerms(3), editPostController);
+router.post('/editpost', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, editPostController.paramConverter, Boards.bodyExists, calcPerms, hasPerms(3), editPostController.controller);

 //board management forms
-router.post('/board/:board/transfer', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, transferController);
-router.post('/board/:board/settings', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, boardSettingsController);
-router.post('/board/:board/addbanners', useSession, sessionRefresh, fileMiddlewares.banner, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, numFiles, uploadBannersController); //add banners
-router.post('/board/:board/deletebanners', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, deleteBannersController); //delete banners
-router.post('/board/:board/addflags', useSession, sessionRefresh, fileMiddlewares.flag, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, numFiles, addFlagsController); //add flags
-router.post('/board/:board/deleteflags', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, deleteFlagsController); //delete flags
-router.post('/board/:board/addcustompages', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, addCustomPageController); //add banners
-router.post('/board/:board/deletecustompages', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, deleteCustomPageController); //delete banners
-router.post('/board/:board/editbans', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(3), paramConverter, editBansController); //edit bans
-router.post('/board/:board/deleteboard', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(config.get.deleteBoardPermLevel), deleteBoardController); //delete board
+router.post('/board/:board/transfer', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), transferController.paramConverter, transferController.controller);
+router.post('/board/:board/settings', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), boardSettingsController.paramConverter, boardSettingsController.controller);
+router.post('/board/:board/addbanners', useSession, sessionRefresh, fileMiddlewares.banner, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), numFiles, uploadBannersController.controller); //add banners
+router.post('/board/:board/deletebanners', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), deleteBannersController.paramConverter, deleteBannersController.controller); //delete banners
+router.post('/board/:board/addflags', useSession, sessionRefresh, fileMiddlewares.flag, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), numFiles, addFlagsController.controller); //add flags
+router.post('/board/:board/deleteflags', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), deleteFlagsController.paramConverter, deleteFlagsController.controller); //delete flags
+router.post('/board/:board/addcustompages', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), addCustomPageController.paramConverter, addCustomPageController.controller); //add banners
+router.post('/board/:board/deletecustompages', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), deleteCustomPageController.paramConverter, deleteCustomPageController.controller); //delete banners
+router.post('/board/:board/editbans', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(3), editBansController.paramConverter, editBansController.controller); //edit bans
+router.post('/board/:board/deleteboard', useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(config.get.deleteBoardPermLevel), deleteBoardController.controller); //delete board

 //global management forms
-router.post('/global/editbans', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, editBansController); //remove bans
-router.post('/global/deleteboard', useSession, sessionRefresh, csrf, paramConverter, calcPerms, isLoggedIn, hasPerms(Math.min(config.get.deleteBoardPermLevel, 1)), deleteBoardController); //delete board from global management panel
-router.post('/global/addnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, addNewsController); //add new newspost
-router.post('/global/editnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, editNewsController); //add new newspost
-router.post('/global/deletenews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, deleteNewsController); //delete news
-router.post('/global/editaccounts', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, editAccountsController); //account editing
-router.post('/global/settings', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, globalSettingsController); //global settings
+router.post('/global/editbans', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), editBansController.paramConverter, editBansController.controller); //remove bans
+router.post('/global/deleteboard', useSession, sessionRefresh, csrf, deleteBoardController.paramConverter, calcPerms, isLoggedIn, hasPerms(Math.min(config.get.deleteBoardPermLevel, 1)), deleteBoardController.controller); //delete board from global management panel
+router.post('/global/addnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), addNewsController.paramConverter, addNewsController.controller); //add new newspost
+router.post('/global/editnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), editNewsController.paramConverter, editNewsController.controller); //add new newspost
+router.post('/global/deletenews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), deleteNewsController.paramConverter, deleteNewsController.controller); //delete news
+router.post('/global/editaccounts', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), editAccountsController.paramConverter, editAccountsController.controller); //account editing
+router.post('/global/settings', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), globalSettingsController.paramConverter, globalSettingsController.controller); //global settings

 //create board
-router.post('/create', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, isLoggedIn, verifyCaptcha, calcPerms, paramConverter, createBoardController);
+router.post('/create', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, isLoggedIn, verifyCaptcha, calcPerms, createBoardController.paramConverter, createBoardController.controller);
+
 //accounts
-router.post('/login', useSession, paramConverter, loginController);
+router.post('/login', useSession, loginController.paramConverter, loginController.controller);
 router.post('/logout', useSession, logout);
-router.post('/register', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, calcPerms, paramConverter, registerController);
-router.post('/changepassword', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, paramConverter, changePasswordController);
-router.post('/resign', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, paramConverter, resignController);
-router.post('/deleteaccount', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, paramConverter, deleteAccountController);
+router.post('/register', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, calcPerms, registerController.paramConverter, registerController.controller);
+router.post('/changepassword', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, changePasswordController.paramConverter, changePasswordController.controller);
+router.post('/resign', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, resignController.paramConverter, resignController.controller);
+router.post('/deleteaccount', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, deleteAccountController.controller);

 //removes captcha cookie, for refreshing for noscript users
 router.post('/newcaptcha', newCaptcha);
--- a/controllers/forms/actions.js
+++ b/controllers/forms/actions.js
@ -4,9 +4,29 @@ const { Posts } = require(__dirname+'/../../db/')
 	, config = require(__dirname+'/../../config.js')
 	, actionHandler = require(__dirname+'/../../models/forms/actionhandler.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, actionChecker = require(__dirname+'/../../helpers/checks/actionchecker.js');
-
-module.exports = async (req, res, next) => {
+	, actionChecker = require(__dirname+'/../../helpers/checks/actionchecker.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');
+
+module.exports = {
+
+	options: {
+		timeFields: [],
+		trimFields: [],
+		allowedArrays: [],
+		processThreadIdParam: [],
+		processDateParam: [],
+		processMessageLength: [],
+		numberFields: [],
+		numberArrays: [],
+		objectIdFields: [],
+		objectIdArrays: []
+	},
+
+	paramConverter: paramConverter(module.exports.options),
+
+	controller: async (req, res, next) => {

 		const { globalLimits } = config.get;
 		const errors = [];
@ -141,5 +161,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

-}
+	}

+}
--- a/controllers/forms/addban.js
+++ b/controllers/forms/addban.js
@ -1,51 +0,0 @@
-'use strict';
-
-const config = require(__dirname+'/../../config.js')
-	, addBan = require(__dirname+'/../../models/forms/addban.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, { isIP } = require('net');
-
-module.exports = async (req, res, next) => {
-
-	const { globalLimits, ipHashPermLevel } = config.get;
-	const errors = [];
-
-	if (!req.body.ip || req.body.ip.length === 0) {
-		errors.push('Missing IP/hash input');
-	} else if (req.body.ip.length > 50) {
-		errors.push('IP/hash input must be less than 50 characters');
-	} else if (res.locals.permLevel > ipHashPermLevel && (isIP(req.body.ip) || req.body.ip.length !== 10)) {
-		errors.push('Invalid hash input');
-	}
-	if (req.body.ban_reason && req.body.ban_reason.length > globalLimits.fieldLength.ban_reason) {
-		errors.push(`Ban reason must be ${globalLimits.fieldLength.ban_reason} characters or less`);
-	}
-	if (req.body.log_message && req.body.log_message.length > globalLimits.fieldLength.log_message) {
-		errors.push(`Modlog message must be ${globalLimits.fieldLength.log_message} characters or less`);
-	}
-
-	let redirect = req.headers.referer;
-	if (!redirect) {
-		if (!req.params.board) {
-			redirect = '/globalmanage/bans.html';
-		} else {
-			redirect = `/${req.params.board}/manage/bans.html`;
-		}
-	}
-
-	if (errors.length > 0) {
-		return dynamicResponse(req, res, 400, 'message', {
-			'title': 'Bad request',
-			'errors': errors,
-			redirect,
-		});
-	}
-
-	try {
-		await addBan(req, res, redirect);
-	} catch (err) {
-		return next(err);
-	}
-
-}
-
--- a/controllers/forms/addcustompage.js
+++ b/controllers/forms/addcustompage.js
@ -3,9 +3,19 @@
 const addCustomPage = require(__dirname+'/../../models/forms/addcustompage.js')
 	, { CustomPages } = require(__dirname+'/../../db/')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, config = require(__dirname+'/../../config.js');
+	, config = require(__dirname+'/../../config.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['message', 'title', 'page'],
+		processMessageLength: true,
+	}),
+
+	controller: async (req, res, next) => {

 		const { globalLimits } = config.get;
 		const errors = [];
@ -53,4 +63,5 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
 }
--- a/controllers/forms/addflags.js
+++ b/controllers/forms/addflags.js
@ -3,9 +3,15 @@
 const addFlags = require(__dirname+'/../../models/forms/addflags.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js')
-	, config = require(__dirname+'/../../config.js');
+	, config = require(__dirname+'/../../config.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	//paramConverter: paramConverter({}),
+
+	controller: async (req, res, next) => {

 		const { globalLimits } = config.get;
 		const errors = [];
@ -34,4 +40,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/addnews.js
+++ b/controllers/forms/addnews.js
@ -1,9 +1,19 @@
 'use strict';

 const addNews = require(__dirname+'/../../models/forms/addnews.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['message', 'title'],
+		processMessageLength: true,
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -34,4 +44,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/appeal.js
+++ b/controllers/forms/appeal.js
@ -3,9 +3,21 @@
 const appealBans = require(__dirname+'/../../models/forms/appeal.js')
 	, config = require(__dirname+'/../../config.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, { Bans } = require(__dirname+'/../../db');
+	, { Bans } = require(__dirname+'/../../db')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['message'],
+		allowedArrays: ['checkedbans'],
+		processMessageLength: true,
+		objectIdArrays: ['checkedbans']
+	}),
+
+	controller: async (req, res, next) => {

 		const { globalLimits } = config.get;
 		const errors = [];
@ -52,4 +64,6 @@ module.exports = async (req, res, next) => {
 			'redirect': '/'
 		});

+	}
+
 }
--- a/controllers/forms/boardsettings.js
+++ b/controllers/forms/boardsettings.js
@ -4,14 +4,34 @@ const changeBoardSettings = require(__dirname+'/../../models/forms/changeboardse
 	, { themes, codeThemes } = require(__dirname+'/../../helpers/themes.js')
 	, { Ratelimits } = require(__dirname+'/../../db/')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, config = require(__dirname+'/../../config.js');
+	, config = require(__dirname+'/../../config.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	options: {
+		timeFields: [],
+		trimFields: [],
+		allowedArrays: [],
+		processThreadIdParam: [],
+		processDateParam: [],
+		processMessageLength: [],
+		numberFields: [],
+		numberArrays: [],
+		objectIdFields: [],
+		objectIdArrays: []
+	},
+
+	paramConverter: paramConverter(module.exports.options),
+
+	controller: async (req, res, next) => {

 		const { globalLimits, rateLimitCost } = config.get;
 		const errors = [];

-//TODO: add helpers for different checks, passing name, min/max and return true with error if hit
+	//TODO: add helpers for different checks, passing name, min/max and return true with error if hit
 		if (req.body.description &&
 			(req.body.description.length < 1 ||
 			 req.body.description.length > globalLimits.fieldLength.description)) {
@ -154,7 +174,7 @@ module.exports = async (req, res, next) => {

 		if (res.locals.permLevel > 1) { //if not global staff or above
 			const ratelimitBoard = await Ratelimits.incrmentQuota(req.params.board, 'settings', rateLimitCost.boardSettings); //2 changes a minute
-//		const ratelimitIp = await Ratelimits.incrmentQuota(res.locals.ip.single, 'settings', rateLimitCost.boardSettings);
+	//		const ratelimitIp = await Ratelimits.incrmentQuota(res.locals.ip.single, 'settings', rateLimitCost.boardSettings);
 			if (ratelimitBoard > 100 /* || ratelimitIp > 100 */) {
 				return dynamicResponse(req, res, 429, 'message', {
 					'title': 'Ratelimited',
@ -170,4 +190,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/changepassword.js
+++ b/controllers/forms/changepassword.js
@ -1,9 +1,18 @@
 'use strict';

 const changePassword = require(__dirname+'/../../models/forms/changepassword.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['username', 'password', 'newpassword', 'newpasswordconfirm'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -52,4 +61,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/create.js
+++ b/controllers/forms/create.js
@ -4,8 +4,17 @@ const createBoard = require(__dirname+'/../../models/forms/create.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, config = require(__dirname+'/../../config.js')
 	, alphaNumericRegex = require(__dirname+'/../../helpers/checks/alphanumregex.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['name', 'uri', 'description'],
+	}),
+
+	controller: async (req, res, next) => {

 		const { enableUserBoardCreation, globalLimits } = config.get;

@ -56,4 +65,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/deleteaccount.js
+++ b/controllers/forms/deleteaccount.js
@ -2,8 +2,15 @@

 const deleteAccount = require(__dirname+'/../../models/forms/deleteaccount.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	//paramConverter: paramConverter({}),
+
+	controller: async (req, res, next) => {

 		if (!req.body.confirm) {
 			return dynamicResponse(req, res, 400, 'message', {
@ -34,4 +41,6 @@ module.exports = async (req, res, next) => {
 			'redirect': '/',
 		});

+	}
+
 }
--- a/controllers/forms/deletebanners.js
+++ b/controllers/forms/deletebanners.js
@ -1,9 +1,29 @@
 'use strict';

 const deleteBanners = require(__dirname+'/../../models/forms/deletebanners.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
-
-module.exports = async (req, res, next) => {
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');
+
+module.exports = {
+
+	options: {
+		timeFields: [],
+		trimFields: [],
+		allowedArrays: [],
+		processThreadIdParam: [],
+		processDateParam: [],
+		processMessageLength: [],
+		numberFields: [],
+		numberArrays: [],
+		objectIdFields: [],
+		objectIdArrays: []
+	},
+
+	paramConverter: paramConverter(module.exports.options),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -36,4 +56,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/deleteboard.js
+++ b/controllers/forms/deleteboard.js
@ -4,8 +4,17 @@ const { Boards } = require(__dirname+'/../../db/')
 	, deleteBoard = require(__dirname+'/../../models/forms/deleteboard.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, alphaNumericRegex = require(__dirname+'/../../helpers/checks/alphanumregex.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['uri'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -56,4 +65,6 @@ module.exports = async (req, res, next) => {
 			'redirect': req.params.board ? '/' : '/globalmanage/settings.html'
 		});

+	}
+
 }
--- a/controllers/forms/deletecustompage.js
+++ b/controllers/forms/deletecustompage.js
@ -1,9 +1,18 @@
 'use strict';

 const deleteCustomPage = require(__dirname+'/../../models/forms/deletecustompage.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		allowedArrays: ['checkedcustompages'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -25,4 +34,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/deleteflags.js
+++ b/controllers/forms/deleteflags.js
@ -1,9 +1,18 @@
 'use strict';

 const deleteFlags = require(__dirname+'/../../models/forms/deleteflags.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		allowedArrays: ['checkedflags'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -36,4 +45,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/deletenews.js
+++ b/controllers/forms/deletenews.js
@ -1,9 +1,19 @@
 'use strict';

 const deleteNews = require(__dirname+'/../../models/forms/deletenews.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		allowedArrays: ['checkednews'],
+		objectIdArrays: ['checkednews']
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -25,4 +35,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/editaccounts.js
+++ b/controllers/forms/editaccounts.js
@ -1,9 +1,19 @@
 'use strict';

 const editAccounts = require(__dirname+'/../../models/forms/editaccounts.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		allowedArrays: ['checkedaccounts'],
+		numberFields: ['auth_level'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -31,4 +41,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/editbans.js
+++ b/controllers/forms/editbans.js
@ -2,9 +2,20 @@

 const removeBans = require(__dirname+'/../../models/forms/removebans.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, denyAppeals = require(__dirname+'/../../models/forms/denybanappeals.js');
+	, denyAppeals = require(__dirname+'/../../models/forms/denybanappeals.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['option'],
+		allowedArrays: ['checkedbans'],
+		objectIdArrays: ['checkedbans']
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -45,4 +56,6 @@ module.exports = async (req, res, next) => {
 			redirect
 		});

+	}
+
 }
--- a/controllers/forms/editnews.js
+++ b/controllers/forms/editnews.js
@ -1,9 +1,20 @@
 'use strict';

 const editNews = require(__dirname+'/../../models/forms/editnews.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['message', 'title'],
+		processMessageLength: true,
+		objectIdFields: ['news_id'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -37,4 +48,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/editpost.js
+++ b/controllers/forms/editpost.js
@ -3,9 +3,20 @@
 const editPost = require(__dirname+'/../../models/forms/editpost.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, config = require(__dirname+'/../../config.js')
-	, { Ratelimits, Posts, Boards } = require(__dirname+'/../../db/');
+	, { Ratelimits, Posts, Boards } = require(__dirname+'/../../db/')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['board', 'message', 'name', 'subject', 'email', 'log_message'],
+		processMessageLength: true,
+		numberFields: ['postId'],
+	}),
+
+	controller: async (req, res, next) => {

 		const { rateLimitCost, globalLimits } = config.get;
 		const errors = [];
@ -50,7 +61,7 @@ module.exports = async (req, res, next) => {

 		if (res.locals.permLevel > 1) { //if not global staff or above
 			const ratelimitUser = await Ratelimits.incrmentQuota(req.session.user, 'edit', rateLimitCost.editPost);
-//		const ratelimitIp = await Ratelimits.incrmentQuota(res.locals.ip.single, 'edit', rateLimitCost.editPost);
+	//		const ratelimitIp = await Ratelimits.incrmentQuota(res.locals.ip.single, 'edit', rateLimitCost.editPost);
 			if (ratelimitUser > 100 /* || ratelimitIp > 100 */) {
 				return dynamicResponse(req, res, 429, 'message', {
 					'title': 'Ratelimited',
@ -65,4 +76,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/globalactions.js
+++ b/controllers/forms/globalactions.js
@ -4,9 +4,29 @@ const { Posts } = require(__dirname+'/../../db/')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, config = require(__dirname+'/../../config.js')
 	, actionHandler = require(__dirname+'/../../models/forms/actionhandler.js')
-	, actionChecker = require(__dirname+'/../../helpers/checks/actionchecker.js');
+	, actionChecker = require(__dirname+'/../../helpers/checks/actionchecker.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	options: {
+		timeFields: [],
+		trimFields: [],
+		allowedArrays: [],
+		processThreadIdParam: [],
+		processDateParam: [],
+		processMessageLength: [],
+		numberFields: [],
+		numberArrays: [],
+		objectIdFields: [],
+		objectIdArrays: []
+	},
+
+	paramConverter: paramConverter(module.exports.options),
+
+	controller: async (req, res, next) => {

 		const { globalLimits } = config.get;
 		const errors = [];
@ -93,5 +113,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

-}
+	}

+}
--- a/controllers/forms/globalsettings.js
+++ b/controllers/forms/globalsettings.js
@ -4,10 +4,28 @@ const changeGlobalSettings = require(__dirname+'/../../models/forms/changeglobal
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, themeHelper = require(__dirname+'/../../helpers/themes.js')
 	, config = require(__dirname+'/../../config.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
 	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
 		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	options: {
+		timeFields: [],
+		trimFields: [],
+		allowedArrays: [],
+		processThreadIdParam: [],
+		processDateParam: [],
+		processMessageLength: [],
+		numberFields: [],
+		numberArrays: [],
+		objectIdFields: [],
+		objectIdArrays: []
+	},
+
+	paramConverter: paramConverter(module.exports.options),
+
+	controller: async (req, res, next) => {

 		const { globalLimits } = config.get;

@ -169,4 +187,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/index.js
+++ b/controllers/forms/index.js
@ -0,0 +1,37 @@
+'use strict';
+
+module.exports = {
+
+	deleteBoardController: require(__dirname+'/deleteboard.js'),
+	editBansController: require(__dirname+'/editbans.js'),
+	appealController: require(__dirname+'/appeal.js'),
+	globalActionController: require(__dirname+'/globalactions.js'),
+	actionController: require(__dirname+'/actions.js'),
+	addCustomPageController: require(__dirname+'/addcustompage.js'),
+	deleteCustomPageController: require(__dirname+'/deletecustompage.js'),
+	addNewsController: require(__dirname+'/addnews.js'),
+	editNewsController: require(__dirname+'/editnews.js'),
+	deleteNewsController: require(__dirname+'/deletenews.js'),
+	uploadBannersController: require(__dirname+'/uploadbanners.js'),
+	deleteBannersController: require(__dirname+'/deletebanners.js'),
+	addFlagsController: require(__dirname+'/addflags.js'),
+	deleteFlagsController: require(__dirname+'/deleteflags.js'),
+	boardSettingsController: require(__dirname+'/boardsettings.js'),
+	transferController: require(__dirname+'/transfer.js'),
+	resignController: require(__dirname+'/resign.js'),
+	deleteAccountController: require(__dirname+'/deleteaccount.js'),
+	loginController: require(__dirname+'/login.js'),
+	registerController: require(__dirname+'/register.js'),
+	changePasswordController: require(__dirname+'/changepassword.js'),
+	editAccountsController: require(__dirname+'/editaccounts.js'),
+	globalSettingsController: require(__dirname+'/globalsettings.js'),
+	createBoardController: require(__dirname+'/create.js'),
+	makePostController: require(__dirname+'/makepost.js'),
+	editPostController: require(__dirname+'/editpost.js'),
+
+	//these dont have a "real" controller
+	newCaptcha: require(__dirname+'/../../models/forms/newcaptcha.js'),
+	blockBypass: require(__dirname+'/../../models/forms/blockbypass.js'),
+	logout: require(__dirname+'/../../models/forms/logout.js'),
+
+};
--- a/controllers/forms/login.js
+++ b/controllers/forms/login.js
@ -1,28 +1,25 @@
 'use strict';

 const loginAccount = require(__dirname+'/../../models/forms/login.js')
-	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js');
-
-module.exports = async (req, res, next) => {
-
-	const errors = [];
-
-	//check exist
-	if (!req.body.username || req.body.username.length <= 0) {
-		errors.push('Missing username');
-	}
-	if (!req.body.password || req.body.password.length <= 0) {
-		errors.push('Missing password');
-	}
-
-	//check too long
-	if (req.body.username && req.body.username.length > 50) {
-		errors.push('Username must be 50 characters or less');
-	}
-	if (req.body.password && req.body.password.length > 100) {
-		errors.push('Password must be 100 characters or less');
-	}
-
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');
+
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['username', 'password'],
+	}),
+
+	controller: async (req, res, next) => {
+		const schema = [
+			{ result: existsBody(req.body.username), expected: true, error: 'Missing username' },
+			{ result: existsBody(req.body.password), expected: true, error: 'Missing password' },
+			{ result: lengthBody(req.body.username, 1, 50), expected: false, error: 'Username must be 50 characters or less' },
+			{ result: lengthBody(req.body.password, 1, 100), expected: false, error: 'Password must be 100 characters or less' },
+		];
+		const errors = await checkSchema(schema);
 		if (errors.length > 0) {
 			return dynamicResponse(req, res, 400, 'message', {
 				'title': 'Bad request',
@ -30,11 +27,11 @@ module.exports = async (req, res, next) => {
 				'redirect': '/login.html'
 			})
 		}
-
 		try {
 			await loginAccount(req, res, next);
 		} catch (err) {
 			return next(err);
 		}
+	},

 }
--- a/controllers/forms/makepost.js
+++ b/controllers/forms/makepost.js
@ -5,9 +5,29 @@ const makePost = require(__dirname+'/../../models/forms/makepost.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, { func: pruneFiles } = require(__dirname+'/../../schedules/tasks/prune.js')
 	, config = require(__dirname+'/../../config.js')
-	, { Files } = require(__dirname+'/../../db/');
+	, { Files } = require(__dirname+'/../../db/')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	options: {
+		timeFields: [],
+		trimFields: [],
+		allowedArrays: [],
+		processThreadIdParam: [],
+		processDateParam: [],
+		processMessageLength: [],
+		numberFields: [],
+		numberArrays: [],
+		objectIdFields: [],
+		objectIdArrays: []
+	},
+
+	paramConverter: paramConverter(module.exports.options),
+
+	controller: async (req, res, next) => {

 		const { pruneImmediately, globalLimits, disableAnonymizerFilePosting } = config.get;
 		const errors = [];
@ -98,4 +118,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/register.js
+++ b/controllers/forms/register.js
@ -3,9 +3,18 @@
 const alphaNumericRegex = require(__dirname+'/../../helpers/checks/alphanumregex.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, config = require(__dirname+'/../../config.js')
-	, registerAccount = require(__dirname+'/../../models/forms/register.js');
+	, registerAccount = require(__dirname+'/../../models/forms/register.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['username', 'password', 'passwordconfirm'],
+	}),
+
+	controller: async (req, res, next) => {

 		const { enableUserAccountCreation } = config.get;

@ -63,4 +72,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/resign.js
+++ b/controllers/forms/resign.js
@ -3,9 +3,18 @@
 const { Boards } = require(__dirname+'/../../db/')
 	, resignFromBoard = require(__dirname+'/../../models/forms/resign.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, alphaNumericRegex = require(__dirname+'/../../helpers/checks/alphanumregex.js');
+	, alphaNumericRegex = require(__dirname+'/../../helpers/checks/alphanumregex.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['board'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -41,4 +50,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/transfer.js
+++ b/controllers/forms/transfer.js
@ -2,9 +2,18 @@

 const transferBoard = require(__dirname+'/../../models/forms/transferboard.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
-	, alphaNumericRegex = require(__dirname+'/../../helpers/checks/alphanumregex.js');
+	, alphaNumericRegex = require(__dirname+'/../../helpers/checks/alphanumregex.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	paramConverter: paramConverter({
+		trimFields: ['username'],
+	}),
+
+	controller: async (req, res, next) => {

 		const errors = [];

@ -35,4 +44,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/forms/uploadbanners.js
+++ b/controllers/forms/uploadbanners.js
@ -3,9 +3,15 @@
 const uploadBanners = require(__dirname+'/../../models/forms/uploadbanners.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
 	, deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js')
-	, config = require(__dirname+'/../../config.js');
+	, config = require(__dirname+'/../../config.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');

-module.exports = async (req, res, next) => {
+module.exports = {
+
+	//paramConverter: paramConverter({}),
+
+	controller: async (req, res, next) => {

 		const { globalLimits } = config.get;
 		const errors = [];
@ -34,4 +40,6 @@ module.exports = async (req, res, next) => {
 			return next(err);
 		}

+	}
+
 }
--- a/controllers/pages.js
+++ b/controllers/pages.js
@ -22,7 +22,10 @@ const express  = require('express')
 		globalManageRecent, globalManageAccounts, globalManageNews, globalManageLogs } = require(__dirname+'/../models/pages/globalmanage/')
 	, { changePassword, blockBypass, home, register, login, create, editNews,
 		board, catalog, banners, randombanner, news, captchaPage, overboard, overboardCatalog,
-		captcha, thread, modlog, modloglist, account, boardlist, customPage } = require(__dirname+'/../models/pages/');
+		captcha, thread, modlog, modloglist, account, boardlist, customPage } = require(__dirname+'/../models/pages/')
+	, threadParamConverter = paramConverter({ processThreadIdParam: true })
+	, logParamConverter = paramConverter({ processDateParam: true })
+	, newsParamConverter = paramConverter({ objectIdFields: ['newsid'] });

 //homepage
 router.get('/index.html', home);
@ -38,11 +41,11 @@ router.get('/overboard.html', overboard); //overboard
 router.get('/catalog.html', overboardCatalog); //overboard catalog view

 //board pages
-router.get('/:board/:page(1[0-9]{1,}|[2-9][0-9]{0,}|index).(html|json)', Boards.exists, paramConverter, board); //index
-router.get('/:board/thread/:id([1-9][0-9]{0,}).(html|json)', Boards.exists, paramConverter, Posts.exists, thread); //thread view
+router.get('/:board/:page(1[0-9]{1,}|[2-9][0-9]{0,}|index).(html|json)', Boards.exists, board); //index
+router.get('/:board/thread/:id([1-9][0-9]{0,}).(html|json)', Boards.exists, threadParamConverter, Posts.exists, thread); //thread view
 router.get('/:board/catalog.(html|json)', Boards.exists, catalog); //catalog
 router.get('/:board/logs.html', Boards.exists, modloglist);//modlog list
-router.get('/:board/logs/:date(\\d{2}-\\d{2}-\\d{4}).html', Boards.exists, paramConverter, modlog); //daily log
+router.get('/:board/logs/:date(\\d{2}-\\d{2}-\\d{4}).html', Boards.exists, logParamConverter, modlog); //daily log
 router.get('/:board/custompage/:page.html', Boards.exists, customPage); //board custom page
 router.get('/:board/banners.html', Boards.exists, banners); //banners
 router.get('/randombanner', randombanner); //random banner
@ -56,8 +59,8 @@ router.get('/:board/manage/settings.html', useSession, sessionRefresh, isLoggedI
 router.get('/:board/manage/assets.html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms, hasPerms(2), csrf, manageAssets);
 router.get('/:board/manage/custompages.html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms, hasPerms(2), csrf, manageCustomPages);
 router.get('/:board/manage/catalog.html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms, hasPerms(3), csrf, manageCatalog);
-router.get('/:board/manage/:page(1[0-9]{1,}|[2-9][0-9]{0,}|index).html', useSession, sessionRefresh, isLoggedIn, Boards.exists, paramConverter, calcPerms, hasPerms(3), csrf, manageBoard);
-router.get('/:board/manage/thread/:id([1-9][0-9]{0,}).html', useSession, sessionRefresh, isLoggedIn, Boards.exists, paramConverter, calcPerms, hasPerms(3), csrf, Posts.exists, manageThread);
+router.get('/:board/manage/:page(1[0-9]{1,}|[2-9][0-9]{0,}|index).html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms, hasPerms(3), csrf, manageBoard);
+router.get('/:board/manage/thread/:id([1-9][0-9]{0,}).html', useSession, sessionRefresh, isLoggedIn, Boards.exists, threadParamConverter, calcPerms, hasPerms(3), csrf, Posts.exists, manageThread);

 //global manage pages
 router.get('/globalmanage/reports.html', useSession, sessionRefresh, isLoggedIn, calcPerms, hasPerms(1), csrf, globalManageReports);
@ -70,7 +73,7 @@ router.get('/globalmanage/accounts.html', useSession, sessionRefresh, isLoggedIn
 router.get('/globalmanage/settings.html', useSession, sessionRefresh, isLoggedIn, calcPerms, hasPerms(0), csrf, globalManageSettings);

 //edit pages
-router.get('/editnews/:newsid([a-f0-9]{24}).html', useSession, sessionRefresh, isLoggedIn, calcPerms, hasPerms(0), csrf, paramConverter, editNews);
+router.get('/editnews/:newsid([a-f0-9]{24}).html', useSession, sessionRefresh, isLoggedIn, calcPerms, hasPerms(0), csrf, newsParamConverter, editNews);
 //TODO: edit post get endpoint
 //TODO: edit board custom page get endpoint

--- a/helpers/paramconverter.js
+++ b/helpers/paramconverter.js
@ -1,7 +1,12 @@
 'use strict';

 const { ObjectId } = require(__dirname+'/../db/db.js')
-	//todo: separate these into a schema/set for differ ent routes and inject it before the controller, to prevent checkign a bunch of other shit for every post
+	, timeFieldRegex = /^(?<YEAR>[\d]+y)?(?<MONTH>[\d]+mo)?(?<WEEK>[\d]+w)?(?<DAY>[\d]+d)?(?<HOUR>[\d]+h)?(?<MINUTE>[\d]+m)?(?<SECOND>[\d]+s)?$/
+	, timeUtils = require(__dirname+'/timeutils.js')
+	, dynamicResponse = require(__dirname+'/dynamic.js')
+	, makeArrayIfSingle = (obj) => !Array.isArray(obj) ? [obj] : obj;
+
+/*
 	, allowedArrays = new Set(['captcha', 'checkedcustompages', 'checkednews', 'checkedposts', 'globalcheckedposts', 'spoiler', 'strip_filename',
 		'checkedreports', 'checkedbans', 'checkedbanners', 'checkedaccounts', 'checkedflags', 'countries'])
 	, trimFields = ['allowed_hosts', 'dnsbl_blacklists', 'other_mime_types', 'highlight_options_language_subset', 'themes', 'code_themes',
@ -32,31 +37,51 @@ const { ObjectId } = require(__dirname+'/../db/db.js')
 		'perm_levels_markdown_italic', 'perm_levels_markdown_title', 'perm_levels_markdown_spoiler', 'perm_levels_markdown_mono', 'perm_levels_markdown_code',
 		'perm_levels_markdown_link', 'perm_levels_markdown_detected', 'perm_levels_markdown_dice'] //convert these to numbers before they hit our routes
 	, timeFields = ['ban_duration', 'board_defaults_filter_ban_duration', 'default_ban_duration', 'block_bypass_expire_after_time', 'dnsbl_cache_time']
-	, timeFieldRegex = /^(?<YEAR>[\d]+y)?(?<MONTH>[\d]+mo)?(?<WEEK>[\d]+w)?(?<DAY>[\d]+d)?(?<HOUR>[\d]+h)?(?<MINUTE>[\d]+m)?(?<SECOND>[\d]+s)?$/
-	, timeUtils = require(__dirname+'/timeutils.js')
-	, dynamicResponse = require(__dirname+'/dynamic.js')
-	, makeArrayIfSingle = (obj) => !Array.isArray(obj) ? [obj] : obj;
+objectIdFields: newsid, news_id
+objectIdArrays: globalcheckedposts, checkednews, checkedbans
+numberArryas: checkedposts
+*/
+
+//might remove or add some to thislater
+const defaultOptions = {
+	timeFields: [],
+	trimFields: [],
+	allowedArrays: [],
+	numberFields: [],
+	numberArrays: [],
+	objectIdFields: [],
+	objectIdArrays: [],
+	processThreadIdParam: false,
+	processDateParam: false,
+	processMessageLength: false,
+};

-module.exports = (req, res, next) => {
+module.exports = (options) => {

-	const bodyfields = Object.keys(req.body);
-	for (let i = 0; i < bodyfields.length; i++) {
-		const key = bodyfields[i];
+	options = { ...defaultOptions, ...options };
+
+	return (req, res, next) => {
+
+		const { timeFields, trimFields, allowedArrays,
+				processThreadIdParam, processDateParam, processMessageLength,
+				numberFields, numberArrays, objectIdFields, objectIdArrays } = options;
+		/* check all body fields, body-parser prevents this array being too big, so no worry.
+		   whitelist for fields that can be arrays, and convert singular of those fields to 1 length array */
+		const bodyFields = Object.keys(req.body);
+		for (let i = 0; i < bodyFields.length; i++) {
+			const key = bodyFields[i];
 			const val = req.body[key];
-		/*
-			bodyparser can form arrays e.g. for multiple files, but we only want arrays in fields we
-			expect, to prevent issues when validating/using them later on.
-		*/
-		if (!allowedArrays.has(key) && Array.isArray(val)) {
+			if (!allowedArrays.includes(key) && Array.isArray(val)) {
 				return dynamicResponse(req, res, 400, 'message', {
 					'title': 'Bad request',
 					'message': 'Malformed input'
 				});
-		} else if (allowedArrays.has(key) && !Array.isArray(val)) {
+			} else if (allowedArrays.includes(key) && !Array.isArray(val)) {
 				req.body[key] = makeArrayIfSingle(req.body[key]); //convert to arrays with single item for simpler case batch handling later
 			}
 		}

+		//process trimFields to remove excess white space
 		for (let i = 0; i < trimFields.length; i++) {
 			const field = trimFields[i];
 			if (req.body[field]) {
@ -65,11 +90,7 @@ module.exports = (req, res, next) => {
 			}
 		}

-	//proper length check for CRLF vs just LF, because browsers dont count CRLF as 2 characters like the server does (and like it technically is)
-	if (req.body.message) {
-		res.locals.messageLength = req.body.message.replace(/\r\n/igm, '\n').length;
-	}
-
+		//convert numberFields into number
 		for (let i = 0; i < numberFields.length; i++) {
 			const field = numberFields[i];
 			if (req.body[field] != null) {
@ -82,43 +103,7 @@ module.exports = (req, res, next) => {
 			}
 		}

-	try {
-		//ids for newspost editing
-		if (req.params.newsid) {
-			req.params.newsid = ObjectId(req.params.newsid);
-		}
-		if (req.body.news_id) {
-			req.body.news_id = ObjectId(req.body.news_id);
-		}
-		//convert checked reports to number
-		if (req.body.checkedposts) {
-			req.body.checkedposts = req.body.checkedposts.map(Number);
-		}
-		//convert checked global reports to mongoid
-		if (req.body.globalcheckedposts) {
-			req.body.globalcheckedposts = req.body.globalcheckedposts.map(ObjectId)
-		}
-		if (req.body.checkednews) {
-			req.body.checkednews = req.body.checkednews.map(ObjectId)
-		}
-		//convert checked bans to mongoid
-		if (req.body.checkedbans) {
-			req.body.checkedbans = req.body.checkedbans.map(ObjectId)
-		}
-		/*
-		//convert checked reports to mongoid
-		if (req.body.checkedreports) {
-			req.body.checkedreports = req.body.checkedreports.map(ObjectId)
-		}
-		*/
-	} catch (e) {
-		return dynamicResponse(req, res, 400, 'message', {
-			'title': 'Bad request',
-			'message': 'Malformed input'
-		});
-	}
-
-	//convert duration string to time in ms
+		//convert timeFields duration string to time in ms
 		for (let i = 0; i < timeFields.length; i++) {
 			const field = timeFields[i];
 			if (req.body[field] != null) {
@ -151,13 +136,40 @@ module.exports = (req, res, next) => {
 			}
 		}

+		//convert/map some fields to ObjectId or Number
+		try {
+			for (let i = 0; i < objectIdFields.length; i++) {
+				const field = objectIdFields[i];
+				if (req.body[field]) {
+					req.body[field] = ObjectId(req.body[field]);
+				}
+			}
+			for (let i = 0; i < objectIdArrays.length; i++) {
+				const field = objectIdArrays[i];
+				if (req.body[field]) {
+					req.body[field] = req.body[field].map(ObjectId);
+				}
+			}
+			for (let i = 0; i < numberArrays.length; i++) {
+				const field = numberArrays[i];
+				if (req.body[field]) {
+					req.body[field] = req.body[field].map(Number);
+				}
+			}
+		} catch (e) {
+			return dynamicResponse(req, res, 400, 'message', {
+				'title': 'Bad request',
+				'message': 'Malformed input'
+			});
+		}
+
 		//thread id
-	if (req.params.id) {
+		if (processThreadIdParam && req.params.id) {
 			req.params.id = +req.params.id;
 		}

 		//moglog date
-	if (req.params.date) {
+		if (processDateParam && req.params.date) {
 			let [ month, day, year ] = req.params.date.split('-');
 			month = month-1;
 			const date = new Date(Date.UTC(year, month, day, 0, 0, 0, 0));
@ -166,6 +178,14 @@ module.exports = (req, res, next) => {
 			}
 		}

+		/* normalise message length check for CRLF vs just LF, because String.length depending on browser wont count CRLF as
+		   2 characters, so user gets "message too long" at the right length. */
+		if (processMessageLength && req.body.message) {
+			res.locals.messageLength = req.body.message.replace(/\r\n/igm, '\n').length;
+		}
+
 		next();

+	};
+
 }