From 09d320a80ecd7259c90f98d886e2edcd9cc39a93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Dias=20Conde=20Azevedo?=
 <joaodiasconde@gmail.com>
Date: Fri, 3 Dec 2021 11:56:23 +0000
Subject: [PATCH] feat: verifyQuery

---
 lib/util/base.js | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/util/base.js b/lib/util/base.js
index c083bf7..35d83d9 100644
--- a/lib/util/base.js
+++ b/lib/util/base.js
@@ -29,9 +29,13 @@ const verifyKey = req => {
  * @param {any} req The request to retrieve the query params.
  */
 const verifyQuery = req => {
-    if (!req.query.brand) return;
-    if (config.conf.WHITELIST.includes(req.query.brand)) return;
-    throw new Error(`Invalid '${req.query.brand}' brand`);
+    const WHITELIST = config.conf.WHITELIST;
+    Object.keys(req.query).forEach(key => {
+        const param = req.query[key];
+        if (key in WHITELIST && !WHITELIST[key].includes(param)) {
+            throw new Error(`Restricted value '${param}' for param '${key}'`);
+        }
+    });
 };
 
 module.exports = {