Add validation for registration details on user service (#79)

McNaBry · web-flow · commit 3ce9ac7f5bdd · 2024-11-06T09:30:20.000+08:00
diff --git a/services/user/src/controller/user-controller.ts b/services/user/src/controller/user-controller.ts
@@ -14,11 +14,14 @@ import {
 import { Request, Response } from 'express';
 import { User } from '../model/user-model';
 import { handleBadRequest, handleConflict, handleInternalError, handleNotFound, handleSuccess } from '../utils/helper';
+import { userSchema, UserValidationErrors } from '../types/custom';
 
 export async function createUser(req: Request, res: Response) {
     try {
-        const { username, email, password } = req.body;
-        if (username && email && password) {
+        const parseResult = userSchema.safeParse(req.body);
+
+        if (parseResult.success) {
+            const { username, email, password } = req.body;
             const existingUser = await _findUserByUsernameOrEmail(username, email);
             if (existingUser) {
                 handleConflict(res, 'username or email already exists');
@@ -29,7 +32,13 @@ export async function createUser(req: Request, res: Response) {
             const createdUser = await _createUser(username, email, hashedPassword);
             handleSuccess(res, 201, `Created new user ${username} successfully`, formatUserResponse(createdUser));
         } else {
-            handleBadRequest(res, 'username and/or email and/or password are missing');
+            const required_errors = parseResult.error.errors.filter(
+                err => err.message == UserValidationErrors.REQUIRED,
+            );
+            if (required_errors.length > 0) {
+                handleBadRequest(res, 'username and/or email and/or password are missing');
+            }
+            handleBadRequest(res, 'invalid username and/or email and/or password');
         }
     } catch (err) {
         console.error(err);
diff --git a/services/user/src/types/custom.ts b/services/user/src/types/custom.ts
@@ -1,8 +1,38 @@
 import { Types } from 'mongoose';
+import { z } from 'zod';
+
+export enum UserValidationErrors {
+    REQUIRED = 'REQUIRED',
+    INVALID = 'INVALID',
+}
 
 export interface RequestUser {
     id: Types.ObjectId | string;
     username: string;
     email: string;
     isAdmin: boolean;
 }
+
+export const userSchema = z.object({
+    username: z
+        .string({
+            invalid_type_error: UserValidationErrors.INVALID,
+            required_error: UserValidationErrors.REQUIRED,
+        })
+        .regex(/^[a-zA-Z0-9._-]+$/, UserValidationErrors.INVALID),
+    email: z
+        .string({
+            invalid_type_error: UserValidationErrors.INVALID,
+            required_error: UserValidationErrors.REQUIRED,
+        })
+        .email(UserValidationErrors.INVALID),
+    password: z
+        .string({
+            invalid_type_error: UserValidationErrors.INVALID,
+            required_error: UserValidationErrors.REQUIRED,
+        })
+        .regex(
+            /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})(?=.*[!"#$%&'()*+,-.:;<=>?@\\/\\[\]^_`{|}~])/,
+            UserValidationErrors.INVALID,
+        ),
+});
