Created a permission controller for checking IDs

MKHenson · Apr 25, 2016 · 81bfbe6 · 81bfbe6
1 parent d428bd8
commit 81bfbe6
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 26 deletions.
diff --git a/server/src/controllers/posts-controller.ts b/server/src/controllers/posts-controller.ts
@@ -7,7 +7,7 @@ import {Controller} from "./controller";
 import {PostsModel} from "../models/posts-model";
 import {CategoriesModel} from "../models/categories-model";
 import {UsersService} from "../users-service";
-import {getUser, isAdmin} from "../permission-controllers";
+import {getUser, isAdmin, hasId} from "../permission-controllers";
 import * as mp from "modepress-api";
 import * as winston from "winston";
 
@@ -36,38 +36,16 @@ export default class PostsController extends Controller
         router.get("/get-posts", <any>[getUser, this.getPosts.bind(this)]);
         router.get("/get-post/:slug", <any>[getUser, this.getPost.bind(this)]);
         router.get("/get-categories", this.getCategories.bind(this));
-        router.delete("/remove-post/:id", <any>[isAdmin, this.checkId.bind(this), this.removePost.bind(this)]);
-        router.delete("/remove-category/:id", <any>[isAdmin, this.checkId.bind(this), this.removeCategory.bind(this)]);
-        router.put("/update-post/:id", <any>[isAdmin, this.checkId.bind(this), this.updatePost.bind(this)]);
+        router.delete("/remove-post/:id", <any>[isAdmin, hasId, this.removePost.bind(this)]);
+        router.delete("/remove-category/:id", <any>[isAdmin, hasId, this.removeCategory.bind(this)]);
+        router.put("/update-post/:id", <any>[isAdmin, hasId, this.updatePost.bind(this)]);
         router.post("/create-post", <any>[isAdmin, this.createPost.bind(this)]);
         router.post("/create-category", <any>[isAdmin, this.createCategory.bind(this)]);
 
 		// Register the path
 		e.use( "/api/posts", router );
     }
 
-    /**
-    * Checks for a mongo id parameter and that its valid
-    * @param {express.Request} req
-    * @param {express.Response} res
-    * @param {Function} next
-    */
-    private checkId( req: express.Request, res: express.Response, next: Function )
-    {
-        // Make sure the id format is correct
-        if ( !mongodb.ObjectID.isValid(req.params.id)) {
-
-            winston.error( `Cannot delete post: invalid ID format '${req.url}'` , {process: process.pid})
-            res.setHeader( 'Content-Type', 'application/json');
-            return res.end(JSON.stringify(<mp.IResponse>{
-                error: true,
-                message: "Invalid ID format"
-            }));
-        }
-
-       next();
-    }
-
     /**
     * Returns an array of IPost items
     * @param {express.Request} req

diff --git a/server/src/definitions/custom/modepress-api.d.ts b/server/src/definitions/custom/modepress-api.d.ts
@@ -811,6 +811,9 @@
     {
         /**
         * The default tags allowed
+        * includes: h3, h4, h5, h6, blockquote, p, a, ul, ol,
+        *    nl, li, b, i, strong, em, strike, code, hr, br, div,
+        *    table, thead, caption, tbody, tr, th, td, pre
         */
         public static defaultTags: Array<string>;
 
@@ -904,6 +907,14 @@
         query: any;
     }
 
+    /**
+    * Checks for an id parameter and that its a valid mongodb ID. Returns an error of type IResponse if no ID is detected, or its invalid
+    * @param {Express.Request} req
+    * @param {Express.Response} res
+    * @param {Function} next
+    */
+    export function hasId( req: Express.Request, res: Express.Response, next: Function );
+
     /**
     * This funciton checks if user is logged in
     * @param {express.Request} req

diff --git a/server/src/models/schema-items/schema-html.ts b/server/src/models/schema-items/schema-html.ts
@@ -8,6 +8,9 @@ export class SchemaHtml extends SchemaItem<string>
 {
     /**
     * The default tags allowed
+    * includes: h3, h4, h5, h6, blockquote, p, a, ul, ol,
+    *    nl, li, b, i, strong, em, strike, code, hr, br, div,
+    *    table, thead, caption, tbody, tr, th, td, pre
     */
     public static defaultTags: Array<string> = ['h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
         'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',

diff --git a/server/src/permission-controllers.ts b/server/src/permission-controllers.ts
@@ -1,6 +1,7 @@
 import express = require("express");
 import {UsersService} from "./users-service";
 import {IResponse, IAuthReq} from "modepress-api";
+import * as mongodb from "mongodb";
 
 /**
 * This funciton checks if user is logged in
@@ -45,6 +46,36 @@ export function getUser(req: express.Request, res: express.Response, next: Funct
     });
 }
 
+/**
+* Checks for an id parameter and that its a valid mongodb ID. Returns an error of type IResponse if no ID is detected, or its invalid
+* @param {express.Request} req
+* @param {express.Response} res
+* @param {Function} next
+*/
+export function hasId( req: express.Request, res: express.Response, next: Function )
+{
+    // Make sure the id
+    if (!req.params.id)
+    {
+        res.setHeader( 'Content-Type', 'application/json');
+        return res.end(JSON.stringify(<IResponse>{
+            error: true,
+            message: "Please specify an ID"
+        }));
+    }
+    // Make sure the id format is correct
+    else if ( !mongodb.ObjectID.isValid(req.params.id))
+    {
+        res.setHeader( 'Content-Type', 'application/json');
+        return res.end(JSON.stringify(<IResponse>{
+            error: true,
+            message: "Invalid ID format"
+        }));
+    }
+
+    next();
+}
+
 /**
 * This funciton checks the logged in user is an admin. If not an admin it returns an error,
 * if true it passes the scope onto the next function in the queue