refactor validation to not use null with special meaning

2024-09-20 07:16:17 +08:00 · 2023-11-29 19:14:18 +01:00 · 2023-11-29 19:14:18 +01:00 · b429400425
parent 32e192ba74
commit b429400425
2 changed files with 38 additions and 27 deletions
--- a/backend/src/api/routes/store.ts
+++ b/backend/src/api/routes/store.ts
@ -51,12 +51,16 @@ router.post(
 router.post(
  "/webhook",
  validateFeatureEnabled,
-  validateRequest({
-    headers: {
-      "stripe-signature": joi.string().required().not().empty(),
+  validateRequest(
+    {
+      headers: {
+        "stripe-signature": joi.string().required().not().empty(),
+      },
    },
-    body: null, //accept any body
-  }),
+    {
+      body: { allowUnknown: true },
+    }
+  ),
  asyncHandler(StoreController.handleWebhook)
 );

--- a/backend/src/middlewares/api-utils.ts
+++ b/backend/src/middlewares/api-utils.ts
@ -125,14 +125,28 @@ function asyncHandler(handler: AsyncHandler): RequestHandler {
 }

 interface ValidationSchema {
-  body?: object | null;
+  body?: object;
  query?: object;
  params?: object;
  headers?: object;
  validationErrorMessage?: string;
 }

-function validateRequest(validationSchema: ValidationSchema): RequestHandler {
+interface ValidationSchemaOption {
+  allowUnknown?: boolean;
+}
+
+type ValidationSchemaOptions = {
+  [schema in keyof ValidationSchema]?: ValidationSchemaOption;
+};
+
+function validateRequest(
+  validationSchema: ValidationSchema,
+  options: ValidationSchemaOptions = {
+    body: { allowUnknown: false },
+    headers: { allowUnknown: true },
+  }
+): RequestHandler {
  /**
   * In dev environments, as an alternative to token authentication,
   * you can pass the authentication middleware by having a user id in the body.
@ -155,17 +169,15 @@ function validateRequest(validationSchema: ValidationSchema): RequestHandler {
    _.each(
      normalizedValidationSchema,
      (schema: object, key: keyof ValidationSchema) => {
-        const joiSchema = buildJoiSchema(key, schema);
-        if (joiSchema !== null) {
-          const { error } = joiSchema.validate(req[key] ?? {});
-          if (error) {
-            const errorMessage = error.details[0].message;
-            throw new MonkeyError(
-              422,
-              validationErrorMessage ??
-                `${errorMessage} (${error.details[0]?.context?.value})`
-            );
-          }
+        const joiSchema = buildJoiSchema(schema, options[key]);
+        const { error } = joiSchema.validate(req[key] ?? {});
+        if (error) {
+          const errorMessage = error.details[0].message;
+          throw new MonkeyError(
+            422,
+            validationErrorMessage ??
+              `${errorMessage} (${error.details[0]?.context?.value})`
+          );
        }
      }
    );
@ -175,15 +187,10 @@ function validateRequest(validationSchema: ValidationSchema): RequestHandler {
 }

 function buildJoiSchema(
-  key: keyof ValidationSchema,
-  schema: object | null
-): AnySchema | null {
-  if (schema === null) return null;
-
-  if (key === "headers") {
-    return joi.object().keys(schema).unknown(true);
-  }
-  return joi.object().keys(schema);
+  schema: object,
+  options: ValidationSchemaOption | undefined
+): AnySchema {
+  return joi.object().keys(schema).unknown(options?.allowUnknown);
 }

 /**