From a43ac6f27a2834e0323f570f4bfbecbac7ef5d95 Mon Sep 17 00:00:00 2001
From: Naida  Vatric <naida.dozic@gmail.com>
Date: Fri, 1 Nov 2019 23:55:33 +0100
Subject: [PATCH] Added validators

---
 permissions.js          | 32 ++++-----------------------
 validators/validator.js | 49 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 28 deletions(-)
 create mode 100644 validators/validator.js

diff --git a/permissions.js b/permissions.js
index 78b3981..4f48300 100644
--- a/permissions.js
+++ b/permissions.js
@@ -3,7 +3,6 @@ const express=require('express');
 const cors= require('cors');
 const bodyParser= require('body-parser');
 const knex= require ('knex');
-const { check, validationResult } = require('express-validator');
 
 const app=express();
 //Enabling CORS
@@ -28,6 +27,8 @@ const addpermission= require('./endpoints/addpermission');
 const clearpermissions= require('./endpoints/clearpermissions');
 const testuserperm= require('./endpoints/testuserperm');
 const querypermiss= require('./endpoints/querypermiss');
+//Requiremenst for input data validation
+const { addUserValidationRules, addPermissionValidationRules, validate, } = require('./validators/validator')
 
 //Checking basics
 app.get('/', (req, res) => {
@@ -35,15 +36,7 @@ app.get('/', (req, res) => {
 })
 
 //Call for adding a user to a group
-app.post('/addusertogroup', [
-    //Simple input validation with express-validator
-    check('reqgroup').isAlphanumeric().isLength({min:3}),
-    check('requser').isAlphanumeric().isLength({min:3})
-], (req, res) => {
-    const errors = validationResult(req)
-    if (!errors.isEmpty()) {
-      return res.status(422).json('Incorrect input data. Can not add an user.');
-    }
+app.post('/addusertogroup', addUserValidationRules(), validate, (req, res) => {
     addusertogroup.handleAddUserToGroup(req, res, db)});
 
 //Call for clearing all users from group
@@ -52,24 +45,7 @@ app.post('/cleargroup', (req,res) => {
 });
 
 //Call for adding a permission to a user or group
-app.post('/addpermission', [
-    //Simple input validation with express-validator
-    check('reqowner').isAlphanumeric().isLength({min:3}),
-    //check('reqobjname').isAlphanumeric().isLength({min:3}),
-    check('reqtype').isAlphanumeric().isLength({min:3}),
-    check('reqownertype').custom((value, {req, loc, pah}) => {
-        if (value.toLowerCase()==='group' || value.toLowerCase()==='user') {
-            return value;
-        }
-        else {
-            return false;
-        }
-    })
-], (req, res) => {
-    const errors = validationResult(req)
-    if (!errors.isEmpty()) {
-      return res.status(422).json('Incorrect input data. Can not add a permission.');
-    }
+app.post('/addpermission', addPermissionValidationRules(), validate, (req, res) => {
     addpermission.handleAddPermission(req, res, db)});
 
 //Call for clearing all permissions from user or group
diff --git a/validators/validator.js b/validators/validator.js
new file mode 100644
index 0000000..36638c5
--- /dev/null
+++ b/validators/validator.js
@@ -0,0 +1,49 @@
+//Help file with needed validators for API calls 
+
+const { body, validationResult } = require('express-validator')
+
+//Validation rules function for call of adding user to group
+const addUserValidationRules = () => {
+  return [
+    //Groupname min character length is 3 and no special characters in name
+    body('reqgroup').isAlphanumeric().isLength({min:3}),
+    //Username min character length is 3 and no special characters in name
+    body('requser').isAlphanumeric().isLength({min:3})
+
+  ]
+}
+//Validation rules function for call of adding permission to a user or group
+const addPermissionValidationRules = () => {
+    return [
+        //Group or user name min character length is 3 and no special characters in name
+        body('reqowner').isAlphanumeric().isLength({min:3}),
+        //Object name min character length is 3
+        body('reqobjname').isLength({min:3}),
+        //Permission type min character length is 3 and no special characters
+        body('reqtype').isAlphanumeric().isLength({min:3}),
+        //Owner type can be user or group
+        body('reqownertype').custom((value, {req, loc, pah}) => {
+            if (value.toLowerCase()==='group' || value.toLowerCase()==='user') {
+                return value;
+            }
+            else {
+                return false;
+            }
+        })
+
+    ]
+  }
+//Function to perform validation 
+const validate = (req, res, next) => {
+  const errors = validationResult(req)
+  if (errors.isEmpty()) {
+    return next();
+  }
+    return res.status(422).json('Error! Incorrect input data!');
+}
+
+module.exports = {
+    addUserValidationRules,
+    addPermissionValidationRules,
+    validate,
+}
\ No newline at end of file