From 1c5e47b4c4daec00dd326f2d3554c18a3e4c2e1d Mon Sep 17 00:00:00 2001 From: Danny Coates Date: Mon, 5 Feb 2018 17:21:32 -0800 Subject: [PATCH] validate id param without middleware --- server/routes/index.js | 21 ++++++++++----------- server/validation.js | 12 ------------ 2 files changed, 10 insertions(+), 23 deletions(-) delete mode 100644 server/validation.js diff --git a/server/routes/index.js b/server/routes/index.js index 69886e6f..f2c7e79d 100644 --- a/server/routes/index.js +++ b/server/routes/index.js @@ -5,11 +5,11 @@ const languages = require('../languages'); const storage = require('../storage'); const config = require('../config'); const pages = require('./pages'); -const validation = require('../validation'); const { negotiateLanguages } = require('fluent-langneg'); const IS_DEV = config.env === 'development'; const acceptLanguages = /(([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?/g; const langData = require('cldr-core/supplemental/likelySubtags.json'); +const idregx = '([0-9a-fA-F]{10})'; module.exports = function(app) { app.use(function(req, res, next) { @@ -82,22 +82,21 @@ module.exports = function(app) { next(); }); app.use(bodyParser.json()); - app.use(validation.middleware); app.get('/', pages.index); app.get('/legal', pages.legal); app.get('/jsconfig.js', require('./jsconfig')); - app.get('/share/:id', pages.blank); - app.get('/download/:id', pages.download); + app.get(`/share/:id${idregx}`, pages.blank); + app.get(`/download/:id${idregx}`, pages.download); app.get('/completed', pages.blank); app.get('/unsupported/:reason', pages.unsupported); - app.get('/api/download/:id', require('./download')); - app.get('/api/exists/:id', require('./exists')); - app.get('/api/metadata/:id', require('./metadata')); + app.get(`/api/download/:id${idregx}`, require('./download')); + app.get(`/api/exists/:id${idregx}`, require('./exists')); + app.get(`/api/metadata/:id${idregx}`, require('./metadata')); app.post('/api/upload', require('./upload')); - app.post('/api/delete/:id', require('./delete')); - app.post('/api/password/:id', require('./password')); - app.post('/api/params/:id', require('./params')); - app.post('/api/info/:id', require('./info')); + app.post(`/api/delete/:id${idregx}`, require('./delete')); + app.post(`/api/password/:id${idregx}`, require('./password')); + app.post(`/api/params/:id${idregx}`, require('./params')); + app.post(`/api/info/:id${idregx}`, require('./info')); app.get('/__version__', function(req, res) { res.sendFile(require.resolve('../../dist/version.json')); diff --git a/server/validation.js b/server/validation.js deleted file mode 100644 index 5707e29f..00000000 --- a/server/validation.js +++ /dev/null @@ -1,12 +0,0 @@ -function validateID(route_id) { - return route_id.match(/^[0-9a-fA-F]{10}$/) !== null; -} - -module.exports = { - middleware: function(req, res, next) { - if (req.params.id && !validateID(req.params.id)) { - return res.sendStatus(404); - } - next(); - } -};