Resolve #2623

2018-11-02 12:49:08 +09:00
parent befc35a3ac
commit a7e6b766be
26 changed files with 434 additions and 354 deletions
--- a/src/server/api/endpoints/i/2fa/done.ts
+++ b/src/server/api/endpoints/i/2fa/done.ts
@ -1,18 +1,25 @@
 import $ from 'cafy';
 import * as speakeasy from 'speakeasy';
 import User, { ILocalUser } from '../../../../../models/user';
+import getParams from '../../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		token: {
+			validator: $.str
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'token' parameter
-	const [token, tokenErr] = $.str.get(params.token);
-	if (tokenErr) return rej('invalid token param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

-	const _token = token.replace(/\s/g, '');
+	const _token = ps.token.replace(/\s/g, '');

 	if (user.twoFactorTempSecret == null) {
 		return rej('二段階認証の設定が開始されていません');
--- a/src/server/api/endpoints/i/2fa/register.ts
+++ b/src/server/api/endpoints/i/2fa/register.ts
@ -4,19 +4,26 @@ import * as speakeasy from 'speakeasy';
 import * as QRCode from 'qrcode';
 import User, { ILocalUser } from '../../../../../models/user';
 import config from '../../../../../config';
+import getParams from '../../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		password: {
+			validator: $.str
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'password' parameter
-	const [password, passwordErr] = $.str.get(params.password);
-	if (passwordErr) return rej('invalid password param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	// Compare password
-	const same = await bcrypt.compare(password, user.password);
+	const same = await bcrypt.compare(ps.password, user.password);

 	if (!same) {
 		return rej('incorrect password');
--- a/src/server/api/endpoints/i/2fa/unregister.ts
+++ b/src/server/api/endpoints/i/2fa/unregister.ts
@ -1,19 +1,26 @@
 import $ from 'cafy';
 import * as bcrypt from 'bcryptjs';
 import User, { ILocalUser } from '../../../../../models/user';
+import getParams from '../../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		password: {
+			validator: $.str
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'password' parameter
-	const [password, passwordErr] = $.str.get(params.password);
-	if (passwordErr) return rej('invalid password param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	// Compare password
-	const same = await bcrypt.compare(password, user.password);
+	const same = await bcrypt.compare(ps.password, user.password);

 	if (!same) {
 		return rej('incorrect password');
--- a/src/server/api/endpoints/i/authorized_apps.ts
+++ b/src/server/api/endpoints/i/authorized_apps.ts
@ -2,38 +2,47 @@ import $ from 'cafy';
 import AccessToken from '../../../../models/access-token';
 import { pack } from '../../../../models/app';
 import { ILocalUser } from '../../../../models/user';
+import getParams from '../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		limit: {
+			validator: $.num.optional.range(1, 100),
+			default: 10,
+		},
+
+		offset: {
+			validator: $.num.optional.min(0),
+			default: 0,
+		},
+
+		sort: {
+			validator: $.str.optional.or('desc|asc'),
+			default: 'desc',
+		}
+	}
 };

 export default (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'limit' parameter
-	const [limit = 10, limitErr] = $.num.optional.range(1, 100).get(params.limit);
-	if (limitErr) return rej('invalid limit param');
-
-	// Get 'offset' parameter
-	const [offset = 0, offsetErr] = $.num.optional.min(0).get(params.offset);
-	if (offsetErr) return rej('invalid offset param');
-
-	// Get 'sort' parameter
-	const [sort = 'desc', sortError] = $.str.optional.or('desc asc').get(params.sort);
-	if (sortError) return rej('invalid sort param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	// Get tokens
 	const tokens = await AccessToken
 		.find({
 			userId: user._id
 		}, {
-			limit: limit,
-			skip: offset,
+			limit: ps.limit,
+			skip: ps.offset,
 			sort: {
-				_id: sort == 'asc' ? 1 : -1
+				_id: ps.sort == 'asc' ? 1 : -1
 			}
 		});

-	// Serialize
 	res(await Promise.all(tokens.map(token => pack(token.appId, user, {
 		detail: true
 	}))));
--- a/src/server/api/endpoints/i/change_password.ts
+++ b/src/server/api/endpoints/i/change_password.ts
@ -1,23 +1,30 @@
 import $ from 'cafy';
 import * as bcrypt from 'bcryptjs';
 import User, { ILocalUser } from '../../../../models/user';
+import getParams from '../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		currentPassword: {
+			validator: $.str
+		},
+
+		newPassword: {
+			validator: $.str
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'currentPasword' parameter
-	const [currentPassword, currentPasswordErr] = $.str.get(params.currentPasword);
-	if (currentPasswordErr) return rej('invalid currentPasword param');
-
-	// Get 'newPassword' parameter
-	const [newPassword, newPasswordErr] = $.str.get(params.newPassword);
-	if (newPasswordErr) return rej('invalid newPassword param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	// Compare password
-	const same = await bcrypt.compare(currentPassword, user.password);
+	const same = await bcrypt.compare(ps.currentPassword, user.password);

 	if (!same) {
 		return rej('incorrect password');
@ -25,7 +32,7 @@ export default async (params: any, user: ILocalUser) => new Promise(async (res,

 	// Generate hash of password
 	const salt = await bcrypt.genSalt(8);
-	const hash = await bcrypt.hash(newPassword, salt);
+	const hash = await bcrypt.hash(ps.newPassword, salt);

 	await User.update(user._id, {
 		$set: {
--- a/src/server/api/endpoints/i/regenerate_token.ts
+++ b/src/server/api/endpoints/i/regenerate_token.ts
@ -3,19 +3,26 @@ import * as bcrypt from 'bcryptjs';
 import User, { ILocalUser } from '../../../../models/user';
 import { publishMainStream } from '../../../../stream';
 import generateUserToken from '../../common/generate-native-user-token';
+import getParams from '../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		password: {
+			validator: $.str
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'password' parameter
-	const [password, passwordErr] = $.str.get(params.password);
-	if (passwordErr) return rej('invalid password param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	// Compare password
-	const same = await bcrypt.compare(password, user.password);
+	const same = await bcrypt.compare(ps.password, user.password);

 	if (!same) {
 		return rej('incorrect password');
--- a/src/server/api/endpoints/i/update_client_setting.ts
+++ b/src/server/api/endpoints/i/update_client_setting.ts
@ -1,23 +1,30 @@
 import $ from 'cafy';
 import User, { ILocalUser } from '../../../../models/user';
 import { publishMainStream } from '../../../../stream';
+import getParams from '../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		name: {
+			validator: $.str
+		},
+
+		value: {
+			validator: $.any.nullable
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'name' parameter
-	const [name, nameErr] = $.str.get(params.name);
-	if (nameErr) return rej('invalid name param');
-
-	// Get 'value' parameter
-	const [value, valueErr] = $.any.nullable.get(params.value);
-	if (valueErr) return rej('invalid value param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	const x: any = {};
-	x[`clientSettings.${name}`] = value;
+	x[`clientSettings.${name}`] = ps.value;

 	await User.update(user._id, {
 		$set: x
@ -28,6 +35,6 @@ export default async (params: any, user: ILocalUser) => new Promise(async (res,
 	// Publish event
 	publishMainStream(user._id, 'clientSettingUpdated', {
 		key: name,
-		value
+		value: ps.value
 	});
 });
--- a/src/server/api/endpoints/i/update_home.ts
+++ b/src/server/api/endpoints/i/update_home.ts
@ -1,29 +1,36 @@
 import $ from 'cafy';
 import User, { ILocalUser } from '../../../../models/user';
 import { publishMainStream } from '../../../../stream';
+import getParams from '../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		home: {
+			validator: $.arr($.obj({
+				name: $.str,
+				id: $.str,
+				place: $.str,
+				data: $.obj()
+			}).strict())
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'home' parameter
-	const [home, homeErr] = $.arr($.obj({
-		name: $.str,
-		id: $.str,
-		place: $.str,
-		data: $.obj()
-	}).strict()).get(params.home);
-	if (homeErr) return rej('invalid home param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	await User.update(user._id, {
 		$set: {
-			'clientSettings.home': home
+			'clientSettings.home': ps.home
 		}
 	});

 	res();

-	publishMainStream(user._id, 'homeUpdated', home);
+	publishMainStream(user._id, 'homeUpdated', ps.home);
 });
--- a/src/server/api/endpoints/i/update_mobile_home.ts
+++ b/src/server/api/endpoints/i/update_mobile_home.ts
@ -1,28 +1,35 @@
 import $ from 'cafy';
 import User, { ILocalUser } from '../../../../models/user';
 import { publishMainStream } from '../../../../stream';
+import getParams from '../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		home: {
+			validator: $.arr($.obj({
+				name: $.str,
+				id: $.str,
+				data: $.obj()
+			}).strict())
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'home' parameter
-	const [home, homeErr] = $.arr($.obj({
-		name: $.str,
-		id: $.str,
-		data: $.obj()
-	}).strict()).get(params.home);
-	if (homeErr) return rej('invalid home param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

 	await User.update(user._id, {
 		$set: {
-			'clientSettings.mobileHome': home
+			'clientSettings.mobileHome': ps.home
 		}
 	});

 	res();

-	publishMainStream(user._id, 'mobileHomeUpdated', home);
+	publishMainStream(user._id, 'mobileHomeUpdated', ps.home);
 });
--- a/src/server/api/endpoints/i/update_widget.ts
+++ b/src/server/api/endpoints/i/update_widget.ts
@ -1,31 +1,38 @@
 import $ from 'cafy';
 import User, { ILocalUser } from '../../../../models/user';
 import { publishMainStream } from '../../../../stream';
+import getParams from '../../get-params';

 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		id: {
+			validator: $.str
+		},
+
+		data: {
+			validator: $.obj()
+		}
+	}
 };

 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'id' parameter
-	const [id, idErr] = $.str.get(params.id);
-	if (idErr) return rej('invalid id param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);

-	// Get 'data' parameter
-	const [data, dataErr] = $.obj().get(params.data);
-	if (dataErr) return rej('invalid data param');
-
-	if (id == null && data == null) return rej('you need to set id and data params if home param unset');
+	if (ps.id == null && ps.data == null) return rej('you need to set id and data params if home param unset');

 	let widget;

 	//#region Desktop home
 	if (widget == null && user.clientSettings.home) {
 		const desktopHome = user.clientSettings.home;
-		widget = desktopHome.find((w: any) => w.id == id);
+		widget = desktopHome.find((w: any) => w.id == ps.id);
 		if (widget) {
-				widget.data = data;
+				widget.data = ps.data;

 			await User.update(user._id, {
 				$set: {
@ -39,9 +46,9 @@ export default async (params: any, user: ILocalUser) => new Promise(async (res,
 	//#region Mobile home
 	if (widget == null && user.clientSettings.mobileHome) {
 		const mobileHome = user.clientSettings.mobileHome;
-		widget = mobileHome.find((w: any) => w.id == id);
+		widget = mobileHome.find((w: any) => w.id == ps.id);
 		if (widget) {
-				widget.data = data;
+				widget.data = ps.data;

 			await User.update(user._id, {
 				$set: {
@ -57,11 +64,11 @@ export default async (params: any, user: ILocalUser) => new Promise(async (res,
 		const deck = user.clientSettings.deck;
 		deck.columns.filter((c: any) => c.type == 'widgets').forEach((c: any) => {
 			c.widgets.forEach((w: any) => {
-				if (w.id == id) widget = w;
+				if (w.id == ps.id) widget = w;
 			});
 		});
 		if (widget) {
-				widget.data = data;
+				widget.data = ps.data;

 			await User.update(user._id, {
 				$set: {
@ -74,7 +81,7 @@ export default async (params: any, user: ILocalUser) => new Promise(async (res,

 	if (widget) {
 		publishMainStream(user._id, 'widgetUpdated', {
-			id, data
+			id: ps.id, data: ps.data
 		});

 		res();