diff --git a/backend/package.json b/backend/package.json index 2c73629..9cfb2c1 100644 --- a/backend/package.json +++ b/backend/package.json @@ -18,11 +18,13 @@ "directory": "backend" }, "dependencies": { + "@hapi/joi": "15", "@pgtyped/cli": "^0.7.3", "@pgtyped/query": "^0.7.3", "@types/cors": "^2.8.6", "@types/express": "^4.17.1", "@types/express-session": "^1.15.14", + "@types/hapi__joi": "15", "@types/helmet": "^0.0.44", "@types/morgan": "^1.7.37", "@types/permit": "^0.2.1", @@ -37,11 +39,13 @@ "cors": "^2.8.5", "eslint": "^6.4.0", "express": "^4.17.0", + "express-joi-validation": "^4.0.4-beta.0", "express-promise-router": "^3.0.3", "express-session": "^1.16.2", "express-static-gzip": "^2.0.5", "express-validator": "^6.6.0", "helmet": "^3.21.1", + "joi-extract-type": "^15.0.8", "morgan": "^1.9.1", "pg": "^7.12.1", "redis": "^2.8.0", diff --git a/backend/src/routes/auth.ts b/backend/src/routes/auth.ts index f65b081..b66d883 100644 --- a/backend/src/routes/auth.ts +++ b/backend/src/routes/auth.ts @@ -1,10 +1,13 @@ import Router from 'express-promise-router' import Container from 'typedi' import AuthService from '../services/AuthService' -import validate from '../middleware/validate' import { NewUser } from 'auth' +import { ContainerTypes, ValidatedRequest, ValidatedRequestSchema, createValidator } from 'express-joi-validation' +import * as Joi from '@hapi/joi' +import 'joi-extract-type' const router = Router() +const validator = createValidator() const authService = Container.get(AuthService) router.post('/startLogin', async function (req, res) { @@ -22,12 +25,27 @@ router.get('/startSignup', async function (req, res) { return res.json(responseData) }) +export const useridQuery = Joi.object({ + userid: Joi.number().integer().required() +}) + +const signupSchema = Joi.object({ + displayName: Joi.string().required(), + verifier: Joi.string().hex().required(), + srpSalt: Joi.string().hex().required(), + mukSalt: Joi.string().hex().required(), + publicKey: Joi.object().required(), + privateKey: Joi.string().base64().required(), + privateKeyIv: Joi.string().base64().required(), +}) + +interface SignupRequest extends ValidatedRequestSchema { + [ContainerTypes.Body]: Joi.extractType +} + router.post('/finishSignup', - validate({ - privateKey: { in: ['body'], isBase64: true, }, - privateKeyIv: { in: ['body'], isBase64: true, }, - }), - async function (req, res) { + validator.body(signupSchema), + async function (req: ValidatedRequest, res) { const newUser : NewUser = { username: req.session.signupInfo.username, display_name: req.body.displayName, diff --git a/backend/yarn.lock b/backend/yarn.lock index ffed066..63cb5d2 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -23,6 +23,38 @@ chalk "^2.0.0" js-tokens "^4.0.0" +"@hapi/address@2.x.x": + version "2.1.4" + resolved "https://registry.yarnpkg.com/@hapi/address/-/address-2.1.4.tgz#5d67ed43f3fd41a69d4b9ff7b56e7c0d1d0a81e5" + integrity sha512-QD1PhQk+s31P1ixsX0H0Suoupp3VMXzIVMSwobR3F3MSUO2YCV0B7xqLcUw/Bh8yuvd3LhpyqLQWTNcRmp6IdQ== + +"@hapi/bourne@1.x.x": + version "1.3.2" + resolved "https://registry.yarnpkg.com/@hapi/bourne/-/bourne-1.3.2.tgz#0a7095adea067243ce3283e1b56b8a8f453b242a" + integrity sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA== + +"@hapi/hoek@8.x.x", "@hapi/hoek@^8.3.0": + version "8.5.1" + resolved "https://registry.yarnpkg.com/@hapi/hoek/-/hoek-8.5.1.tgz#fde96064ca446dec8c55a8c2f130957b070c6e06" + integrity sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow== + +"@hapi/joi@15", "@hapi/joi@~15": + version "15.1.1" + resolved "https://registry.yarnpkg.com/@hapi/joi/-/joi-15.1.1.tgz#c675b8a71296f02833f8d6d243b34c57b8ce19d7" + integrity sha512-entf8ZMOK8sc+8YfeOlM8pCfg3b5+WZIKBfUaaJT8UsjAAPjartzxIYm3TIbjvA4u+u++KbcXD38k682nVHDAQ== + dependencies: + "@hapi/address" "2.x.x" + "@hapi/bourne" "1.x.x" + "@hapi/hoek" "8.x.x" + "@hapi/topo" "3.x.x" + +"@hapi/topo@3.x.x": + version "3.1.6" + resolved "https://registry.yarnpkg.com/@hapi/topo/-/topo-3.1.6.tgz#68d935fa3eae7fdd5ab0d7f953f3205d8b2bfc29" + integrity sha512-tAag0jEcjwH+P2quUfipd7liWCNX2F8NvYjQp2wtInsZxnMlypdw0FtAOLxtvvkO+GSRRbmNi8m/5y42PQJYCQ== + dependencies: + "@hapi/hoek" "^8.3.0" + "@pgtyped/cli@^0.7.3": version "0.7.3" resolved "https://registry.yarnpkg.com/@pgtyped/cli/-/cli-0.7.3.tgz#2920182556a1225fe3f7f838aeb586d04aa72bc6" @@ -132,6 +164,18 @@ "@types/qs" "*" "@types/serve-static" "*" +"@types/hapi__joi@*": + version "17.1.4" + resolved "https://registry.yarnpkg.com/@types/hapi__joi/-/hapi__joi-17.1.4.tgz#e46cd1bd81d25cd45247d652dadb3666514d807c" + integrity sha512-gqY3TeTyZvnyNhM02HgyCIoGIWsTFMnuzMfnD8evTsr1KIfueGJaz+QC77j+dFvhZ5cJArUNjDRHUjPxNohzGA== + +"@types/hapi__joi@15", "@types/hapi__joi@~15": + version "15.0.4" + resolved "https://registry.yarnpkg.com/@types/hapi__joi/-/hapi__joi-15.0.4.tgz#49e2e1e6da15ade0fdd6db4daf94aecb07bb391b" + integrity sha512-VSS6zc7AIOdHVXmqKaGNPYl8eGrMvWi0R5pt3evJL3UdxO8XS28/XAkBXNyLQoymHxhMd4bF3o1U9mZkWDeN8w== + dependencies: + "@types/hapi__joi" "*" + "@types/helmet@^0.0.44": version "0.0.44" resolved "https://registry.yarnpkg.com/@types/helmet/-/helmet-0.0.44.tgz#cbded9530a7c4d8a9163fc7e017f0892acd1bb81" @@ -980,6 +1024,11 @@ expect-ct@0.2.0: resolved "https://registry.yarnpkg.com/expect-ct/-/expect-ct-0.2.0.tgz#3a54741b6ed34cc7a93305c605f63cd268a54a62" integrity sha512-6SK3MG/Bbhm8MsgyJAylg+ucIOU71/FzyFalcfu5nY19dH8y/z0tBJU0wrNBXD4B27EoQtqPF/9wqH0iYAd04g== +express-joi-validation@^4.0.4-beta.0: + version "4.0.4-beta.0" + resolved "https://registry.yarnpkg.com/express-joi-validation/-/express-joi-validation-4.0.4-beta.0.tgz#bb184d1daf01de5748d2ba0f397d44998a832fb8" + integrity sha512-1ozfZQkMKUHNchRQJIR5qzW2T6ENxJ8wSjDchVILHp+4fbLmJZIJkBfA27ZtZMTgRPEzg8vVU/cYdHM5DCSXEQ== + express-promise-router@^3.0.3: version "3.0.3" resolved "https://registry.yarnpkg.com/express-promise-router/-/express-promise-router-3.0.3.tgz#5e6d22a5a3f013d71833172fe8d7ab780c3f6b70" @@ -1482,6 +1531,14 @@ jmespath@0.15.0: resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.15.0.tgz#a3f222a9aae9f966f5d27c796510e28091764217" integrity sha1-o/Iiqarp+Wb10nx5ZRDigJF2Qhc= +joi-extract-type@^15.0.8: + version "15.0.8" + resolved "https://registry.yarnpkg.com/joi-extract-type/-/joi-extract-type-15.0.8.tgz#29b42d79717b8fec6841b2bef76f97542e58e687" + integrity sha512-Or97aW6QN6YJq0B+x/vYs65+nmcPvYDE7xhlwRl7yHzY+7Z8pVaj0zxjdJlXmIA9zRcbbYQKCGvW+I4g0kUHgA== + dependencies: + "@hapi/joi" "~15" + "@types/hapi__joi" "~15" + js-tokens@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"