From 5818c94f3e1c4284caec84028d7ed7427b8292ce Mon Sep 17 00:00:00 2001
From: Daniel Olojakpoke <danielolojakpoke@gmail.com>
Date: Sat, 8 May 2021 11:12:02 +0100
Subject: [PATCH] fix: add patch request validation

---
 server/handlers/captureHandler.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/server/handlers/captureHandler.js b/server/handlers/captureHandler.js
index 36e0e3db..582a1c54 100644
--- a/server/handlers/captureHandler.js
+++ b/server/handlers/captureHandler.js
@@ -1,6 +1,7 @@
 const express = require('express');
 const captureRouter = express.Router();
 const { v4: uuidv4 } = require('uuid');
+const Joi = require('joi');
 
 const {
   createCapture,
@@ -100,7 +101,17 @@ const captureHandlerPatch = async function (req, res) {
   const session = new Session();
   const captureRepo = new CaptureRepository(session);
   const executeUpdateCapture = updateCapture(captureRepo);
+  const updateSchema = Joi.object({
+    id: Joi.any().forbidden(),
+    lat: Joi.any().forbidden(),
+    lon: Joi.any().forbidden(),
+    location: Joi.any().forbidden(),
+    created_at: Joi.any().forbidden(),
+  });
   try {
+    const value = await updateSchema.unknown(true).validateAsync(req.body, {
+      abortEarly: false,
+    });
     const result = await executeUpdateCapture({ id: capture_id, ...req.body });
     console.log('CAPTURE ROUTER update result', result);
     res.send(result);