From 943a1ba174396f0cac92575b13e91af3375a55cd Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Thu, 22 Apr 2021 12:39:37 +0000 Subject: [PATCH] #356, addnews, appeal, changepassword --- controllers/forms/addnews.js | 20 ++++---------- controllers/forms/appeal.js | 21 +++++--------- controllers/forms/changepassword.js | 43 ++++++++--------------------- 3 files changed, 24 insertions(+), 60 deletions(-) diff --git a/controllers/forms/addnews.js b/controllers/forms/addnews.js index c6faf24e..359f33e1 100644 --- a/controllers/forms/addnews.js +++ b/controllers/forms/addnews.js @@ -15,20 +15,12 @@ module.exports = { controller: async (req, res, next) => { - const errors = []; - - if (!req.body.message || res.locals.messageLength === 0) { - errors.push('Missing message'); - } - if (res.locals.messageLength > 10000) { - errors.push('Message must be 10000 characters or less'); - } - if (!req.body.title || req.body.title.length === 0) { - errors.push('Missing title'); - } - if (req.body.title.length > 50) { - errors.push('Title must be 50 characters or less'); - } + const errors = await checkSchema([ + { result: existsBody(req.body.message), expected: true, error: 'Missing message' }, + { result: existsBody(req.body.title), expected: true, error: 'Missing title' }, + { result: lengthBody(req.body.message, 1, 10000), expected: false, error: 'Message must be 10000 characters or less' }, + { result: lengthBody(req.body.title, 1, 50), expected: false, error: 'Title must be 50 characters or less' }, + ]); if (errors.length > 0) { return dynamicResponse(req, res, 400, 'message', { diff --git a/controllers/forms/appeal.js b/controllers/forms/appeal.js index e67b62fd..1c66c43e 100644 --- a/controllers/forms/appeal.js +++ b/controllers/forms/appeal.js @@ -20,16 +20,11 @@ module.exports = { controller: async (req, res, next) => { const { globalLimits } = config.get; - const errors = []; - if (!req.body.checkedbans || req.body.checkedbans.length === 0 || req.body.checkedbans.length > 10) { - errors.push('Must select 1-10 bans'); - } - if (!req.body.message || res.locals.messageLength === 0) { - errors.push('Appeals must include a message'); - } - if (res.locals.messageLength > globalLimits.fieldLength.message) { - errors.push('Appeal message must be 2000 characters or less'); - } + + const errors = await checkSchema([ + { result: existsBody(req.body.message), expected: true, error: 'Appeals must include a message' }, + { result: numberBody(res.locals.messageLength, 1, globalLimits.fieldLength.message), expected: true, error: `Appeal message must be ${globalLimits.fieldLength.message} characters or less` }, + ]); //should appeals really be based off message field length global limit? minor. if (errors.length > 0) { return dynamicResponse(req, res, 400, 'message', { @@ -47,10 +42,8 @@ module.exports = { } if (amount === 0) { - /* - this can occur if they selected invalid id, non-ip match, already appealed, or unappealable bans. prevented by databse filter, so we use - use the updatedCount return value to check if any appeals were made successfully. if not, we end up here. - */ + /* this can occur if they selected invalid id, non-ip match, already appealed, or unappealable bans. prevented by databse filter, so we use + use the updatedCount return value to check if any appeals were made successfully. if not, we end up here. */ return dynamicResponse(req, res, 400, 'message', { 'title': 'Bad request', 'error': 'Invalid bans selected', diff --git a/controllers/forms/changepassword.js b/controllers/forms/changepassword.js index c7be6e40..4743b497 100644 --- a/controllers/forms/changepassword.js +++ b/controllers/forms/changepassword.js @@ -14,38 +14,17 @@ module.exports = { controller: async (req, res, next) => { - const errors = []; - - //check exist - if (!req.body.username || req.body.username.length <= 0) { - errors.push('Missing username'); - } - if (!req.body.password || req.body.password.length <= 0) { - errors.push('Missing password'); - } - if (!req.body.newpassword || req.body.newpassword.length <= 0) { - errors.push('Missing new password'); - } - if (!req.body.newpasswordconfirm || req.body.newpasswordconfirm.length <= 0) { - errors.push('Missing new password confirmation'); - } - - //check too long - if (req.body.username && req.body.username.length > 50) { - errors.push('Username must be 50 characters or less'); - } - if (req.body.password && req.body.password.length > 100) { - errors.push('Password must be 100 characters or less'); - } - if (req.body.newpassword && req.body.newpassword.length > 100) { - errors.push('Password must be 100 characters or less'); - } - if (req.body.newpasswordconfirm && req.body.newpasswordconfirm.length > 100) { - errors.push('Password confirmation must be 100 characters or less'); - } - if (req.body.newpassword != req.body.newpasswordconfirm) { - errors.push('New password and password confirmation must match'); - } + const errors = await checkSchema([ + { result: existsBody(req.body.username), expected: true, error: 'Missing username' }, + { result: lengthBody(req.body.username, 1, 50), expected: false, error: 'Username must be 50 characters or less' }, + { result: existsBody(req.body.password), expected: true, error: 'Missing password' }, + { result: lengthBody(req.body.password, 1, 50), expected: false, error: 'Password must be 50 characters or less' }, + { result: existsBody(req.body.newpassword), expected: true, error: 'Missing new password' }, + { result: lengthBody(req.body.newpassword, 1, 100), expected: false, error: 'New pasword must be 100 characters or less' }, + { result: existsBody(req.body.newpasswordconfirm), expected: true, error: 'Missing new password confirmation' }, + { result: lengthBody(req.body.newpasswordconfirm, 1, 100), expected: false, error: 'New password confirmation must be 100 characters or less' }, + { result: (req.body.newpassword === req.body.newpasswordconfirm), expected: true, error: 'New password and password confirmation must match' }, + ]); if (errors.length > 0) { return dynamicResponse(req, res, 400, 'message', {