Adding input sanitization

hgorges · Aug 24, 2024 · 569e9c5 · 569e9c5
1 parent c5d31cb
commit 569e9c5
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 0 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -75,6 +75,7 @@
     "ajv": "^8.17.1",
     "ajv-errors": "^3.0.0",
     "ajv-formats": "^3.0.1",
+    "ajv-sanitizer": "^1.2.1",
     "bcrypt": "^5.1.1",
     "connect-flash": "^0.1.1",
     "connect-redis": "^7.1.1",

diff --git a/src/config/ajv.ts b/src/config/ajv.ts
@@ -1,6 +1,7 @@
 import Ajv from 'ajv';
 import addFormats from 'ajv-formats';
 import ajvErrors from 'ajv-errors';
+import ajvSanitizer from 'ajv-sanitizer';
 
 export default (): Ajv => {
     const ajv = new Ajv({
@@ -10,6 +11,7 @@ export default (): Ajv => {
 
     addFormats(ajv);
     ajvErrors(ajv);
+    ajvSanitizer(ajv);
 
     return ajv;
 };
diff --git a/src/types/ajv-sanitizer.d.ts b/src/types/ajv-sanitizer.d.ts
@@ -0,0 +1 @@
+declare module 'ajv-sanitizer';
diff --git a/src/validators/validateLogin.ts b/src/validators/validateLogin.ts
@@ -12,6 +12,7 @@ const loginSchema: JSONSchemaType<{
     properties: {
         username: {
             type: 'string',
+            sanitize: (data: string) => data.trim().toLowerCase(),
         },
         password: {
             type: 'string',

diff --git a/src/validators/validatePasswordReset.ts b/src/validators/validatePasswordReset.ts
@@ -13,6 +13,7 @@ const passwordResetSchema: JSONSchemaType<{
         email: {
             type: 'string',
             format: 'email',
+            sanitize: (data: string) => data.trim().toLowerCase(),
         },
         _csrf: {
             type: 'string',

diff --git a/src/validators/validateSettings.ts b/src/validators/validateSettings.ts
@@ -27,20 +27,24 @@ const settingsSchema: JSONSchemaType<{
             minLength: 3,
             maxLength: 20,
             pattern: '^[a-zA-Z0-9]*$',
+            sanitize: (data: string) => data.trim().toLowerCase(),
         },
         first_name: {
             type: 'string',
             minLength: 1,
             maxLength: 20,
+            sanitize: (data: string) => data.trim(),
         },
         last_name: {
             type: 'string',
             minLength: 1,
             maxLength: 20,
+            sanitize: (data: string) => data.trim(),
         },
         email: {
             type: 'string',
             format: 'email',
+            sanitize: (data: string) => data.trim().toLowerCase(),
         },
         password: {
             type: 'string',

diff --git a/src/validators/validateSignup.ts b/src/validators/validateSignup.ts
@@ -20,20 +20,24 @@ const signupSchema: JSONSchemaType<{
             minLength: 3,
             maxLength: 20,
             pattern: '^[a-zA-Z0-9]*$',
+            sanitize: (data: string) => data.trim().toLowerCase(),
         },
         first_name: {
             type: 'string',
             minLength: 1,
             maxLength: 20,
+            sanitize: (data: string) => data.trim(),
         },
         last_name: {
             type: 'string',
             minLength: 1,
             maxLength: 20,
+            sanitize: (data: string) => data.trim(),
         },
         email: {
             type: 'string',
             format: 'email',
+            sanitize: (data: string) => data.trim().toLowerCase(),
         },
         password: {
             type: 'string',