diff --git a/package-lock.json b/package-lock.json index a42e968..b679f1d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,6 +11,7 @@ "dependencies": { "dotenv": "^16.4.5", "express": "^4.19.2", + "express-validator": "^7.1.0", "node-cron": "^3.0.3", "sequelize": "^6.37.3", "sqlite3": "^5.1.7", @@ -741,6 +742,18 @@ "node": ">= 0.10.0" } }, + "node_modules/express-validator": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-7.1.0.tgz", + "integrity": "sha512-ePn6NXjHRZiZkwTiU1Rl2hy6aUqmi6Cb4/s8sfUsKH7j2yYl9azSpl8xEHcOj1grzzQ+UBEoLWtE1s6FDxW++g==", + "dependencies": { + "lodash": "^4.17.21", + "validator": "~13.12.0" + }, + "engines": { + "node": ">= 8.0.0" + } + }, "node_modules/file-uri-to-path": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", diff --git a/package.json b/package.json index fd301ae..7502dd4 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,7 @@ "dependencies": { "dotenv": "^16.4.5", "express": "^4.19.2", + "express-validator": "^7.1.0", "node-cron": "^3.0.3", "sequelize": "^6.37.3", "sqlite3": "^5.1.7", diff --git a/source/routes/index.js b/source/routes/index.js index bbd0e9a..c239e6c 100644 --- a/source/routes/index.js +++ b/source/routes/index.js @@ -1,4 +1,5 @@ const express = require("express"); +const { body, param, query, validationResult } = require("express-validator"); const router = express.Router(); const { v4: uuidv4 } = require("uuid"); const ShortURL = require("../models/ShortURLModel"); @@ -73,7 +74,16 @@ const apiKeys = process.env.API_KEYS.split(","); * 500: * description: Failed to create short URL */ -router.post("/", async (req, res) => { +router.post("/", [ + body("url").isURL().withMessage("Invalid URL format"), + body("key").isString().withMessage("API key is required"), + body("expiration").optional().isISO8601().withMessage("Invalid expiration date format") +], async (req, res) => { + const errors = validationResult(req); + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }); + } + const { url, key, expiration } = req.body; if (!apiKeys.includes(key)) { @@ -127,7 +137,15 @@ router.post("/", async (req, res) => { * 500: * description: Failed to delete URL */ -router.delete("/:id", async (req, res) => { +router.delete("/:id", [ + param("id").isUUID().withMessage("Invalid URL ID format"), + query("key").isString().withMessage("API key is required") +], async (req, res) => { + const errors = validationResult(req); + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }); + } + const id = req.params.id; const key = req.query.key; @@ -202,7 +220,14 @@ router.get("/", async (req, res) => { * 500: * description: Failed to retrieve URL */ -router.get("/:id", async (req, res) => { +router.get("/:id", [ + param("id").isUUID().withMessage("Invalid URL ID format") +], async (req, res) => { + const errors = validationResult(req); + if (!errors.isEmpty()) { + return res.status(400).json({ errors: errors.array() }); + } + const id = req.params.id; try {