Merge pull request #40 from kamorel/feature/showcase-2679

/object route validation & unit testing

Author: jujaga

app/src/routes/v1/object.js

@@ -2,6 +2,7 @@ const routes = require('express').Router();
 
 const { Permissions } = require('../../components/constants');
 const { objectController } = require('../../controllers');
+const { objectValidator } = require('../../validators');
 const { requireDb, requireSomeAuth } = require('../../middleware/featureToggle');
 const { checkAppMode, currentObject, hasPermission } = require('../../middleware/authorization');
 
@@ -13,19 +14,19 @@ routes.post('/', requireSomeAuth, (req, res, next) => {
 });
 
 /** Search for objects */
-routes.get('/', requireDb, requireSomeAuth, (req, res, next) => {
+routes.get('/', requireDb, requireSomeAuth, objectValidator.searchObjects, (req, res, next) => {
   // TODO: Add validation to reject unexpected query parameters
   objectController.searchObjects(req, res, next);
 });
 
 /** Returns object headers */
-routes.head('/:objId', currentObject, hasPermission(Permissions.READ), (req, res, next) => {
+routes.head('/:objId', objectValidator.headObject, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
   // TODO: Add validation to reject unexpected query parameters
   objectController.headObject(req, res, next);
 });
 
 /** Returns the object */
-routes.get('/:objId', currentObject, hasPermission(Permissions.READ), (req, res, next) => {
+routes.get('/:objId', objectValidator.readObject, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
   // TODO: Add validation to reject unexpected query parameters
   objectController.readObject(req, res, next);
 });
@@ -36,17 +37,17 @@ routes.post('/:objId', currentObject, hasPermission(Permissions.UPDATE), (req, r
 });
 
 /** Deletes the object */
-routes.delete('/:objId', currentObject, hasPermission(Permissions.DELETE), async (req, res, next) => {
+routes.delete('/:objId', objectValidator.deleteObject, currentObject, hasPermission(Permissions.DELETE), async (req, res, next) => {
   objectController.deleteObject(req, res, next);
 });
 
 /** Returns the object version history */
-routes.get('/:objId/versions', currentObject, hasPermission(Permissions.READ), async (req, res, next) => {
+routes.get('/:objId/versions', objectValidator.listObjectVersion, currentObject, hasPermission(Permissions.READ), async (req, res, next) => {
   objectController.listObjectVersion(req, res, next);
 });
 
 /** Sets the public flag of an object */
-routes.patch('/:objId/public', requireDb, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
+routes.patch('/:objId/public', objectValidator.togglePublic, requireDb, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
   // TODO: Add validation to reject unexpected query parameters
   objectController.togglePublic(req, res, next);
 });

app/src/validators/index.js

@@ -1,4 +1,5 @@
 module.exports = {
+  objectValidator: require('./object'),
   permissionValidator: require('./permission'),
   userValidator: require('./user'),
 };

app/src/validators/object.js

@@ -0,0 +1,68 @@
+const { validate, Joi } = require('express-validation');
+const { scheme, type } = require('./common');
+
+const schema = {
+  deleteObject: {
+    params: Joi.object({
+      objId: type.uuidv4
+    })
+  },
+
+  headObject: {
+    params: Joi.object({
+      objId: type.uuidv4
+    }),
+    query: Joi.object({
+      versionId: type.alphanum
+    })
+  },
+
+  listObjectVersion: {
+    params: Joi.object({
+      objId: type.uuidv4
+    })
+  },
+
+  readObject: {
+    params: Joi.object({
+      objId: type.uuidv4
+    }),
+    query: Joi.object({
+      versionId: type.alphanum,
+      expiresIn: Joi.number(),
+      download: type.truthy
+    })
+  },
+
+  searchObjects: {
+    query: Joi.object({
+      objId: scheme.guid,
+      originalName: type.alphanum,
+      path: Joi.string().max(1024),
+      mimeType: Joi.string().max(255),
+      public: type.truthy,
+      active: type.truthy
+    })
+  },
+
+  togglePublic: {
+    params: Joi.object({
+      objId: type.uuidv4
+    }),
+    query: Joi.object({
+      public: type.truthy
+    })
+  },
+};
+
+const validator = {
+  deleteObject: validate(schema.deleteObject, { statusCode: 422 }),
+  headObject: validate(schema.headObject, { statusCode: 422 }),
+  listObjectVersion: validate(schema.listObjectVersion, { statusCode: 422 }),
+  readObject: validate(schema.readObject, { statusCode: 422 }),
+  searchObjects: validate(schema.searchObjects, { statusCode: 422 }),
+  togglePublic: validate(schema.togglePublic, { statusCode: 422 }),
+};
+
+module.exports = validator;
+module.exports.schema = schema;

app/src/validators/permission.js

@@ -41,8 +41,7 @@ const schema = {
       userId: scheme.guid,
       permCode: scheme.permCode,
     })
-  },
-
+  }
 };
 
 const validator = {

app/tests/unit/validators/object.spec.js

@@ -0,0 +1,235 @@
+const crypto = require('crypto');
+const { Joi } = require('express-validation');
+const jestJoi = require('jest-joi');
+expect.extend(jestJoi.matchers);
+
+const schema = require('../../../src/validators/object').schema;
+const { scheme, type } = require('../../../src/validators/common');
+
+describe('deleteObject', () => {
+
+  describe('params', () => {
+    const params = schema.deleteObject.params.describe();
+
+    describe('objId', () => {
+      const objId = params.keys.objId;
+
+      it('is the expected schema', () => {
+        expect(objId).toEqual(type.uuidv4.describe());
+      });
+    });
+  });
+});
+
+describe('headObject', () => {
+
+  describe('params', () => {
+    const params = schema.headObject.params.describe();
+
+    describe('objId', () => {
+      const objId = params.keys.objId;
+
+      it('is the expected schema', () => {
+        expect(objId).toEqual(type.uuidv4.describe());
+      });
+    });
+  });
+
+  describe('query', () => {
+    const query = schema.headObject.query.describe();
+
+    describe('versionId', () => {
+      const versionId = query.keys.versionId;
+
+      it('is the expected schema', () => {
+        expect(versionId).toEqual(type.alphanum.describe());
+      });
+    });
+  });
+});
+
+describe('listObjectVersion', () => {
+
+  describe('params', () => {
+    const params = schema.listObjectVersion.params.describe();
+
+    describe('objId', () => {
+      const objId = params.keys.objId;
+
+      it('is the expected schema', () => {
+        expect(objId).toEqual(type.uuidv4.describe());
+      });
+    });
+  });
+});
+
+describe('readObject', () => {
+
+  describe('params', () => {
+    const params = schema.readObject.params.describe();
+
+    describe('objId', () => {
+      const objId = params.keys.objId;
+
+      it('is the expected schema', () => {
+        expect(objId).toEqual(type.uuidv4.describe());
+      });
+    });
+  });
+
+  describe('query', () => {
+    const query = schema.readObject.query.describe();
+
+    describe('versionId', () => {
+      const versionId = query.keys.versionId;
+
+      it('is the expected schema', () => {
+        expect(versionId).toEqual(type.alphanum.describe());
+      });
+    });
+
+    describe('expiresIn', () => {
+      const expiresIn = query.keys.expiresIn;
+
+      it('is the expected schema', () => {
+        expect(expiresIn).toEqual(Joi.number().describe());
+      });
+    });
+
+    describe('download', () => {
+      const download = query.keys.download;
+
+      it('is the expected schema', () => {
+        expect(download).toEqual(type.truthy.describe());
+      });
+    });
+  });
+});
+
+describe('searchObjects', () => {
+
+  describe('query', () => {
+    const query = schema.searchObjects.query.describe();
+
+    describe('objId', () => {
+      const objId = query.keys.objId;
+
+      it('is the expected schema', () => {
+        expect(objId).toEqual(scheme.guid.describe());
+      });
+    });
+
+    describe('originalName', () => {
+      const originalName = query.keys.originalName;
+
+      it('is the expected schema', () => {
+        expect(originalName).toEqual(type.alphanum.describe());
+      });
+    });
+
+    describe('path', () => {
+      const path = query.keys.path;
+
+      it('is a string', () => {
+        expect(path).toBeTruthy();
+        expect(path.type).toEqual('string');
+      });
+
+      it('has a max length of 1024', () => {
+        expect(Array.isArray(path.rules)).toBeTruthy();
+        expect(path.rules).toHaveLength(1);
+        expect(path.rules).toEqual(expect.arrayContaining([
+          expect.objectContaining({
+            'args': {
+              'limit': 1024
+            },
+            'name': 'max'
+          }),
+        ]));
+      });
+
+      it('matches the schema', () => {
+        expect('some/path/to/object').toMatchSchema(Joi.string().max(1024));
+      });
+
+      it('must be less than or equal to 1024 characters long', () => {
+        const reallyLongStr = crypto.randomBytes(1025).toString('hex');
+        expect(reallyLongStr).not.toMatchSchema(Joi.string().max(1024));
+      });
+    });
+
+    describe('mimeType', () => {
+      const mimeType = query.keys.mimeType;
+
+      it('is a string', () => {
+        expect(mimeType).toBeTruthy();
+        expect(mimeType.type).toEqual('string');
+      });
+
+      it('has a max length of 255', () => {
+        expect(Array.isArray(mimeType.rules)).toBeTruthy();
+        expect(mimeType.rules).toHaveLength(1);
+        expect(mimeType.rules).toEqual(expect.arrayContaining([
+          expect.objectContaining({
+            'args': {
+              'limit': 255
+            },
+            'name': 'max'
+          }),
+        ]));
+      });
+
+      it('matches the schema', () => {
+        expect('image/jpeg').toMatchSchema(Joi.string().max(255));
+      });
+
+      it('must be less than or equal to 255 characters long', () => {
+        const longStr = crypto.randomBytes(256).toString('hex');
+        expect(longStr).not.toMatchSchema(Joi.string().max(255));
+      });
+    });
+
+    describe('public', () => {
+      const publicKey = query.keys.public;
+
+      it('is the expected schema', () => {
+        expect(publicKey).toEqual(type.truthy.describe());
+      });
+    });
+
+    describe('active', () => {
+      const active = query.keys.active;
+
+      it('is the expected schema', () => {
+        expect(active).toEqual(type.truthy.describe());
+      });
+    });
+  });
+});
+
+describe('togglePublic', () => {
+
+  describe('params', () => {
+    const params = schema.togglePublic.params.describe();
+
+    describe('objId', () => {
+      const objId = params.keys.objId;
+
+      it('is the expected schema', () => {
+        expect(objId).toEqual(type.uuidv4.describe());
+      });
+    });
+  });
+
+  describe('query', () => {
+    const query = schema.togglePublic.query.describe();
+
+    describe('public', () => {
+      const publicKey = query.keys.public;
+
+      it('is the expected schema', () => {
+        expect(publicKey).toEqual(type.truthy.describe());
+      });
+    });
+  });
+});

app/tests/unit/validators/permission.spec.js

@@ -5,7 +5,6 @@ const schema = require('../../../src/validators/permission').schema;
 const { scheme, type } = require('../../../src/validators/common');
 const { Permissions } = require('../../../src/components/constants');
 
-
 describe('searchPermissions', () => {
 
   describe('query', () => {