implement validate id; add tests to account for id validation b00tc4m…

…p#84
Eden23 · Aug 28, 2024 · 0ef64b1 · 0ef64b1
1 parent 1cfd61e
commit 0ef64b1
Show file tree

Hide file tree

Showing 54 changed files with 608 additions and 98 deletions.
diff --git a/staff/marti-herms/project/G-HUB/api/middleware/errorHandler.js b/staff/marti-herms/project/G-HUB/api/middleware/errorHandler.js
@@ -1,6 +1,6 @@
 import { errors } from 'com'
 
-const { NotFoundError, CredentialsError, DuplicityError, SessionError, ValidationError, OwnershipError } = errors
+const { NotFoundError, CredentialsError, DuplicityError, SessionError, ValidationError } = errors
 
 export default (error, req, res, next) => {
     let status = 500
@@ -11,9 +11,6 @@ export default (error, req, res, next) => {
     else if (error instanceof CredentialsError || error instanceof DuplicityError)
         status = 409
 
-    else if (error instanceof OwnershipError)
-        status = 403
-
     else if (error instanceof ValidationError)
         status = 400
 

diff --git a/staff/marti-herms/project/G-HUB/app/logic/getUserAvatar.js b/staff/marti-herms/project/G-HUB/app/logic/getUserAvatar.js
@@ -12,7 +12,7 @@ export default (targetUserId = '') => {
     return fetch(`${import.meta.env.VITE_API_URL}/users/${targetUserId || userId}/avatar`, {
         headers: { Authorization: `Bearer ${sessionStorage.token}` }
     })
-        .catch(error => { throw new SystemError })
+        .catch(error => { throw new SystemError(error.message) })
         .then(response => {
             const { status } = response
 

diff --git a/staff/marti-herms/project/G-HUB/app/src/common/Alert.jsx b/staff/marti-herms/project/G-HUB/app/src/common/Alert.jsx
@@ -4,7 +4,7 @@ import Container from '../library/Container'
 
 export default function Alert({ message, onAccept }) {
     return <>
-        <Container className='absolute w-screen top-5 left-0 h-auto flex items-center justify-center'>
+        <Container className='absolute w-screen top-5 left-0 h-auto flex items-center justify-center z-50'>
             <Container className='p-4 border bg-red-400 dark:bg-red-900 dark:text-white flex flex-col'>
                 <Paragraph>{message}</Paragraph>
                 <Button className='self-end mr-2 dark:text-white' onClick={onAccept}>Accept</Button>

diff --git a/staff/marti-herms/project/G-HUB/com/errors.js b/staff/marti-herms/project/G-HUB/com/errors.js
@@ -46,22 +46,13 @@ class SessionError extends Error {
     }
 }
 
-class OwnershipError extends Error {
-    constructor(message) {
-        super(message)
-
-        this.name = this.constructor.name
-    }
-}
-
 const errors = {
     ValidationError,
     SystemError,
     DuplicityError,
     NotFoundError,
     CredentialsError,
-    SessionError,
-    OwnershipError
+    SessionError
 }
 
 export default errors
diff --git a/staff/marti-herms/project/G-HUB/com/validate.js b/staff/marti-herms/project/G-HUB/com/validate.js
@@ -37,14 +37,20 @@ const validateBoolean = (boolean, explain = 'value') => {
     if (typeof boolean !== 'boolean') throw new ValidationError(`${explain} is not a boolean`)
 }
 
+const validateId = (id, explain = 'value') => {
+    validateString(id, explain)
+    if (id.length < 24) throw new ValidationError(`invalid ${explain}`)
+}
+
 const validate = {
     string: validateString,
     object: validateObject,
     username: validateUsername,
     email: validateEmail,
     password: validatePassword,
     boolean: validateBoolean,
-    number: validateNumber
+    number: validateNumber,
+    id: validateId
 }
 
 export default validate
diff --git a/staff/marti-herms/project/G-HUB/core/logic/deleteReview.js b/staff/marti-herms/project/G-HUB/core/logic/deleteReview.js
@@ -5,8 +5,8 @@ import { validate, errors } from 'com'
 const { SystemError, NotFoundError } = errors
 
 export default (userId, reviewId) => {
-    validate.string(userId, 'userId')
-    validate.string(reviewId, 'reviewId')
+    validate.id(userId, 'userId')
+    validate.id(reviewId, 'reviewId')
 
     return User.findById(userId).lean()
         .catch(error => { throw new SystemError(error.message) })

diff --git a/staff/marti-herms/project/G-HUB/core/logic/deleteReview.spec.js b/staff/marti-herms/project/G-HUB/core/logic/deleteReview.spec.js
@@ -64,6 +64,19 @@ describe('deleteReview', () => {
         }
     })
 
+    it('fails on invalid userId', () => {
+        let error
+
+        try {
+            deleteReview('ewjfn', '66ba007f874aa7b84ec54491')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid userId')
+        }
+    })
+
     it('fails on non-string reviewId', () => {
         let error
 
@@ -77,6 +90,19 @@ describe('deleteReview', () => {
         }
     })
 
+    it('fails on invalid reviewId', () => {
+        let error
+
+        try {
+            deleteReview('66ba007f874aa7b84ec54491', '123')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid reviewId')
+        }
+    })
+
     afterEach(() => Promise.all([User.deleteMany(), Game.deleteMany(), Review.deleteMany()]))
 
     after(() => mongoose.disconnect())

diff --git a/staff/marti-herms/project/G-HUB/core/logic/editUserAvatar.js b/staff/marti-herms/project/G-HUB/core/logic/editUserAvatar.js
@@ -5,7 +5,7 @@ import { validate, errors } from 'com'
 const { NotFoundError, SystemError } = errors
 
 export default (userId, newAvatar) => {
-    validate.string(userId, 'userId')
+    validate.id(userId, 'userId')
     validate.string(newAvatar, 'avatar')
 
     return User.findById(userId).lean()

diff --git a/staff/marti-herms/project/G-HUB/core/logic/editUserAvatar.spec.js b/staff/marti-herms/project/G-HUB/core/logic/editUserAvatar.spec.js
@@ -48,11 +48,24 @@ describe('editUserAvatar', () => {
         }
     })
 
+    it('fails on invalid userId', () => {
+        let error
+
+        try {
+            editUserAvatar('123', newAvatar)
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid userId')
+        }
+    })
+
     it('fails on non-string avatar', () => {
         let error
 
         try {
-            editUserAvatar('monoloco', 123)
+            editUserAvatar('66ba007f874aa7b84ec54491', 123)
         } catch (_error) {
             error = _error
         } finally {

diff --git a/staff/marti-herms/project/G-HUB/core/logic/editUserUsername.js b/staff/marti-herms/project/G-HUB/core/logic/editUserUsername.js
@@ -5,7 +5,7 @@ import { validate, errors } from 'com'
 const { DuplicityError, NotFoundError, SystemError } = errors
 
 export default (userId, newUsername) => {
-    validate.string(userId, 'userId')
+    validate.id(userId, 'userId')
     validate.username(newUsername, 'newUsername')
 
     return User.findOne({ username: newUsername }).lean()

diff --git a/staff/marti-herms/project/G-HUB/core/logic/editUserUsername.spec.js b/staff/marti-herms/project/G-HUB/core/logic/editUserUsername.spec.js
@@ -1,9 +1,6 @@
 import 'dotenv/config'
 import editUserUsername from './editUserUsername.js'
-import mongoose, { Types } from 'mongoose'
-import bcrypt from 'bcryptjs'
-
-const { ObjectId } = Types
+import mongoose from 'mongoose'
 
 import { expect } from 'chai'
 import { User } from '../data/models.js'
@@ -63,6 +60,19 @@ describe('editUserUsername', () => {
         }
     })
 
+    it('fails on invalid userId', () => {
+        let error
+
+        try {
+            editUserUsername('123', 'eden')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid userId')
+        }
+    })
+
     it('fails on non-string newUsername', () => {
         let error
 

diff --git a/staff/marti-herms/project/G-HUB/core/logic/getChatMessages.js b/staff/marti-herms/project/G-HUB/core/logic/getChatMessages.js
@@ -5,8 +5,8 @@ import { validate, errors } from 'com'
 const { SystemError, NotFoundError } = errors
 
 export default (userId, chatId) => {
-    validate.string(userId, 'userId')
-    validate.string(chatId, 'chatId')
+    validate.id(userId, 'userId')
+    validate.id(chatId, 'chatId')
 
     return Promise.all([User.findById(userId).lean(), Chat.findById(chatId).lean()])
         .catch(error => { throw new SystemError(error.message) })

diff --git a/staff/marti-herms/project/G-HUB/core/logic/getChatMessages.spec.js b/staff/marti-herms/project/G-HUB/core/logic/getChatMessages.spec.js
@@ -82,6 +82,19 @@ describe('getChatMessages', () => {
         }
     })
 
+    it('fails on invalid userId', () => {
+        let error
+
+        try {
+            getChatMessages('123', '66ba007f874aa7b84ec54491')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid userId')
+        }
+    })
+
     it('fails on non-string chatId', () => {
         let error
 
@@ -95,6 +108,19 @@ describe('getChatMessages', () => {
         }
     })
 
+    it('fails on invalid chatId', () => {
+        let error
+
+        try {
+            getChatMessages('66ba007f874aa7b84ec54491', '123')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid chatId')
+        }
+    })
+
     afterEach(() => Promise.all([User.deleteMany(), Chat.deleteMany(), Message.deleteMany()]))
 
     after(() => mongoose.disconnect())

diff --git a/staff/marti-herms/project/G-HUB/core/logic/getDevUserGames.js b/staff/marti-herms/project/G-HUB/core/logic/getDevUserGames.js
@@ -5,8 +5,8 @@ import { validate, errors } from 'com'
 const { NotFoundError, SystemError } = errors
 
 export default (userId, targetUserId) => {
-    validate.string(userId, 'userId')
-    validate.string(targetUserId, 'targetUserId')
+    validate.id(userId, 'userId')
+    validate.id(targetUserId, 'targetUserId')
 
     return User.findById(userId).lean()
         .catch(error => { throw new SystemError(error.message) })

diff --git a/staff/marti-herms/project/G-HUB/core/logic/getDevUserGames.spec.js b/staff/marti-herms/project/G-HUB/core/logic/getDevUserGames.spec.js
@@ -85,6 +85,19 @@ describe('getDevUserGames', () => {
         }
     })
 
+    it('fails on invalid userId', () => {
+        let error
+
+        try {
+            getDevUserGames('123', '66ba007f874aa7b84ec54491')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid userId')
+        }
+    })
+
     it('fails on non-string targetUserId', () => {
         let error
 
@@ -98,6 +111,19 @@ describe('getDevUserGames', () => {
         }
     })
 
+    it('fails on invalid targetUserId', () => {
+        let error
+
+        try {
+            getDevUserGames('66ba007f874aa7b84ec54491', '123')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid targetUserId')
+        }
+    })
+
     afterEach(() => Promise.all([User.deleteMany(), Game.deleteMany()]))
 
     after(() => mongoose.disconnect())

diff --git a/staff/marti-herms/project/G-HUB/core/logic/getGameById.js b/staff/marti-herms/project/G-HUB/core/logic/getGameById.js
@@ -5,8 +5,8 @@ import { validate, errors } from 'com'
 const { SystemError, NotFoundError } = errors
 
 export default (userId, gameId) => {
-    validate.string(userId, 'userId')
-    validate.string(gameId, 'gameId')
+    validate.id(userId, 'userId')
+    validate.id(gameId, 'gameId')
 
     return User.findById(userId).lean()
         .catch(error => { throw new SystemError(error.mesage) })

diff --git a/staff/marti-herms/project/G-HUB/core/logic/getGameById.spec.js b/staff/marti-herms/project/G-HUB/core/logic/getGameById.spec.js
@@ -89,6 +89,19 @@ describe('getGameById', () => {
         }
     })
 
+    it('fails on invalid userId', () => {
+        let error
+
+        try {
+            getGameById('123', '66ba007f874aa7b84ec54491')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid userId')
+        }
+    })
+
     it('fails on non-string gameId', () => {
         let error
 
@@ -102,6 +115,19 @@ describe('getGameById', () => {
         }
     })
 
+    it('fails on invalid gameId', () => {
+        let error
+
+        try {
+            getGameById('66ba007f874aa7b84ec54491', '123')
+        } catch (_error) {
+            error = _error
+        } finally {
+            expect(error).to.be.instanceOf(ValidationError)
+            expect(error.message).to.equal('invalid gameId')
+        }
+    })
+
     afterEach(() => Promise.all([User.deleteMany(), Game.deleteMany()]))
 
     after(() => mongoose.disconnect())

diff --git a/staff/marti-herms/project/G-HUB/core/logic/getGameReviews.js b/staff/marti-herms/project/G-HUB/core/logic/getGameReviews.js
@@ -5,8 +5,8 @@ import { validate, errors } from 'com'
 const { SystemError, NotFoundError } = errors
 
 export default (userId, gameId) => {
-    validate.string(userId, 'userId')
-    validate.string(gameId, 'gameId')
+    validate.id(userId, 'userId')
+    validate.id(gameId, 'gameId')
 
     return User.findById(userId).lean()
         .catch(error => { throw new SystemError(error.message) })