From 417d753f1e72214ed87ee3b2831cadfd3e04dd2e Mon Sep 17 00:00:00 2001 From: david Date: Tue, 1 Apr 2025 19:05:17 +0200 Subject: [PATCH] . --- .../presentation/express/validate-request-dto.ts | 10 +++++++--- apps/server/src/routes/accounts.routes.ts | 10 +++++----- apps/server/src/routes/auth.routes.ts | 8 ++++---- apps/server/src/routes/invoices.routes.ts | 12 ++++++------ apps/server/src/routes/users.routes.ts | 4 ++-- 5 files changed, 24 insertions(+), 20 deletions(-) diff --git a/apps/server/src/common/presentation/express/validate-request-dto.ts b/apps/server/src/common/presentation/express/validate-request-dto.ts index 98488f77..5db5ea0b 100644 --- a/apps/server/src/common/presentation/express/validate-request-dto.ts +++ b/apps/server/src/common/presentation/express/validate-request-dto.ts @@ -3,8 +3,9 @@ import httpStatus from "http-status"; import { ZodSchema } from "zod"; import { ApiError } from "./api-error"; -export const validateRequestDTO = - (schema: ZodSchema) => (req: Request, res: Response, next: NextFunction) => { +export const validateAndParseBody = + (schema: ZodSchema, options?: { sanitize?: boolean }) => + (req: Request, res: Response, next: NextFunction) => { const result = schema.safeParse(req.body); if (!result.success) { // Construye errores detallados @@ -24,6 +25,9 @@ export const validateRequestDTO = } // Si pasa la validaciĆ³n, opcionalmente reescribe req.body - req.body = result.data; + if (options?.sanitize ?? true) { + req.body = result.data; + } + next(); }; diff --git a/apps/server/src/routes/accounts.routes.ts b/apps/server/src/routes/accounts.routes.ts index 541e3215..59192861 100644 --- a/apps/server/src/routes/accounts.routes.ts +++ b/apps/server/src/routes/accounts.routes.ts @@ -1,4 +1,4 @@ -import { validateRequestDTO } from "@common/presentation"; +import { validateAndParseBody } from "@common/presentation"; import { ICreateAccountRequestSchema, IGetAccountRequestSchema, @@ -19,7 +19,7 @@ export const accountsRouter = (appRouter: Router) => { routes.get( "/", - validateRequestDTO(ListAccountsRequestSchema), + validateAndParseBody(ListAccountsRequestSchema), checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { @@ -29,7 +29,7 @@ export const accountsRouter = (appRouter: Router) => { routes.get( "/:invoiceId", - validateRequestDTO(IGetAccountRequestSchema), + validateAndParseBody(IGetAccountRequestSchema), checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { @@ -39,7 +39,7 @@ export const accountsRouter = (appRouter: Router) => { routes.post( "/", - validateRequestDTO(ICreateAccountRequestSchema), + validateAndParseBody(ICreateAccountRequestSchema), checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { @@ -49,7 +49,7 @@ export const accountsRouter = (appRouter: Router) => { routes.put( "/:invoiceId", - validateRequestDTO(IUpdateAccountRequestSchema), + validateAndParseBody(IUpdateAccountRequestSchema), checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { diff --git a/apps/server/src/routes/auth.routes.ts b/apps/server/src/routes/auth.routes.ts index edaf5b13..9dcba55a 100644 --- a/apps/server/src/routes/auth.routes.ts +++ b/apps/server/src/routes/auth.routes.ts @@ -1,4 +1,4 @@ -import { validateRequestDTO } from "@common/presentation"; +import { validateAndParseBody } from "@common/presentation"; import { checkTabContext, checkUser } from "@contexts/auth/infraestructure"; import { buildLoginController, @@ -29,7 +29,7 @@ export const authRouter = (appRouter: Router) => { * * @apiError (400) {String} message Error message. */ - routes.post("/register", validateRequestDTO(RegisterUserSchema), (req, res, next) => { + routes.post("/register", validateAndParseBody(RegisterUserSchema), (req, res, next) => { buildRegisterController().execute(req, res, next); }); @@ -50,7 +50,7 @@ export const authRouter = (appRouter: Router) => { */ routes.post( "/login", - validateRequestDTO(LoginUserSchema), + validateAndParseBody(LoginUserSchema), checkTabContext, (req: Request, res: Response, next: NextFunction) => { buildLoginController().execute(req, res, next); @@ -79,7 +79,7 @@ export const authRouter = (appRouter: Router) => { routes.post( "/refresh", - validateRequestDTO(RefreshTokenSchema), + validateAndParseBody(RefreshTokenSchema), checkTabContext, (req: Request, res: Response, next: NextFunction) => { buildRefreshTokenController().execute(req, res, next); diff --git a/apps/server/src/routes/invoices.routes.ts b/apps/server/src/routes/invoices.routes.ts index 0be36e77..7cfd4c4c 100644 --- a/apps/server/src/routes/invoices.routes.ts +++ b/apps/server/src/routes/invoices.routes.ts @@ -1,4 +1,4 @@ -import { validateRequestDTO } from "@common/presentation"; +import { validateAndParseBody } from "@common/presentation"; import { buildCreateInvoiceController, buildGetInvoiceController, @@ -14,7 +14,7 @@ export const invoicesRouter = (appRouter: Router) => { routes.get( "/", - validateRequestDTO(IListInvoicesRequestSchema), + validateAndParseBody(IListInvoicesRequestSchema), //checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { @@ -24,7 +24,7 @@ export const invoicesRouter = (appRouter: Router) => { routes.get( "/:invoiceId", - validateRequestDTO(IGetInvoiceRequestSchema), + validateAndParseBody(IGetInvoiceRequestSchema), //checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { @@ -34,7 +34,7 @@ export const invoicesRouter = (appRouter: Router) => { routes.post( "/", - //validateRequestDTO(ICreateInvoiceRequestSchema), + //validateAndParseBody(ICreateInvoiceRequestSchema), //checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { @@ -45,7 +45,7 @@ export const invoicesRouter = (appRouter: Router) => { /* routes.put( "/:invoiceId", - validateRequestDTO(IUpdateInvoiceRequestSchema), + validateAndParseBody(IUpdateInvoiceRequestSchema), checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { @@ -55,7 +55,7 @@ export const invoicesRouter = (appRouter: Router) => { routes.delete( "/:invoiceId", - validateRequestDTO(IDeleteInvoiceRequestSchema), + validateAndParseBody(IDeleteInvoiceRequestSchema), checkTabContext, //checkUser, (req: Request, res: Response, next: NextFunction) => { diff --git a/apps/server/src/routes/users.routes.ts b/apps/server/src/routes/users.routes.ts index be99b071..6a438a48 100644 --- a/apps/server/src/routes/users.routes.ts +++ b/apps/server/src/routes/users.routes.ts @@ -1,4 +1,4 @@ -import { validateRequestDTO } from "@common/presentation"; +import { validateAndParseBody } from "@common/presentation"; import { checkTabContext, checkUserIsAdmin } from "@contexts/auth/infraestructure"; import { buildListUsersController, ListUsersSchema } from "@contexts/auth/presentation"; import { NextFunction, Request, Response, Router } from "express"; @@ -8,7 +8,7 @@ export const usersRouter = (appRouter: Router) => { routes.get( "/", - validateRequestDTO(ListUsersSchema), + validateAndParseBody(ListUsersSchema), checkTabContext, checkUserIsAdmin, (req: Request, res: Response, next: NextFunction) => {