Skip to content

Commit d9557bc

Browse files
TimCsakyTimCsaky
committed
Define empty Joi query schemas to enable blocking
of unknown query params
1 parent ef237d6 commit d9557bc

File tree

7 files changed

+55
-26
lines changed

7 files changed

+55
-26
lines changed

app/src/validators/bucket.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@ const schema = {
1717
active: type.truthy,
1818
permCodes: Joi.array().items(...Object.values(Permissions))
1919
}).required(),
20+
params: Joi.object({
21+
}),
22+
query: Joi.object({
23+
})
2024
},
2125

2226
createBucketChild: {
@@ -26,24 +30,32 @@ const schema = {
2630
}).required(),
2731
params: Joi.object({
2832
bucketId: type.uuidv4
33+
}),
34+
query: Joi.object({
2935
})
3036
},
3137

3238
deleteBucket: {
3339
params: Joi.object({
3440
bucketId: type.uuidv4
41+
}),
42+
query: Joi.object({
3543
})
3644
},
3745

3846
headBucket: {
3947
params: Joi.object({
4048
bucketId: type.uuidv4.required()
49+
}),
50+
query: Joi.object({
4151
})
4252
},
4353

4454
readBucket: {
4555
params: Joi.object({
4656
bucketId: type.uuidv4.required()
57+
}),
58+
query: Joi.object({
4759
})
4860
},
4961

@@ -59,6 +71,8 @@ const schema = {
5971
syncBucket: {
6072
params: Joi.object({
6173
bucketId: type.uuidv4.required()
74+
}),
75+
query: Joi.object({
6276
})
6377
},
6478

@@ -74,6 +88,8 @@ const schema = {
7488
}),
7589
params: Joi.object({
7690
bucketId: type.uuidv4
91+
}),
92+
query: Joi.object({
7793
})
7894
},
7995
};

app/src/validators/bucketPermission.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@ const schema = {
4444
permCode: Joi.string().required().valid(...Object.values(Permissions)),
4545
}).required()
4646
).required(),
47+
query: Joi.object({
48+
})
4749
},
4850

4951
removePermissions: {

app/src/validators/invite.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,16 @@ const schema = {
1818
otherwise: Joi.array().items(...Object.values(InviteObjectAllowedPermissions)).min(1)
1919
}),
2020

21-
}).xor('bucketId', 'objectId')
21+
}).xor('bucketId', 'objectId'),
22+
query: Joi.object({
23+
})
2224
},
2325

2426
useInvite: {
2527
params: Joi.object({
2628
token: type.uuidv4
29+
}),
30+
query: Joi.object({
2731
})
2832
}
2933
};

app/src/validators/object.js

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ const schema = {
88
addMetadata: {
99
headers: type.metadata(),
1010
params: Joi.object({
11-
objectId: type.uuidv4
11+
objectId: type.uuidv4.required()
1212
}),
1313
query: Joi.object({
1414
s3VersionId: Joi.string(),
@@ -18,7 +18,7 @@ const schema = {
1818

1919
addTags: {
2020
params: Joi.object({
21-
objectId: type.uuidv4
21+
objectId: type.uuidv4.required()
2222
}),
2323
query: Joi.object({
2424
tagset: type.tagset(),
@@ -31,14 +31,14 @@ const schema = {
3131
headers: type.metadata(),
3232
query: Joi.object({
3333
tagset: type.tagset(),
34-
bucketId: type.uuidv4
34+
bucketId: type.uuidv4.required()
3535
})
3636
},
3737

3838
deleteMetadata: {
3939
headers: type.metadata(),
4040
params: Joi.object({
41-
objectId: type.uuidv4
41+
objectId: type.uuidv4.required()
4242
}),
4343
query: Joi.object({
4444
s3VersionId: Joi.string(),
@@ -48,7 +48,7 @@ const schema = {
4848

4949
deleteObject: {
5050
params: Joi.object({
51-
objectId: type.uuidv4
51+
objectId: type.uuidv4.required()
5252
}),
5353
query: Joi.object({
5454
s3VersionId: Joi.string(),
@@ -58,7 +58,7 @@ const schema = {
5858

5959
deleteTags: {
6060
params: Joi.object({
61-
objectId: type.uuidv4
61+
objectId: type.uuidv4.required()
6262
}),
6363
query: Joi.object({
6464
tagset: type.tagset(),
@@ -87,13 +87,15 @@ const schema = {
8787

8888
listObjectVersion: {
8989
params: Joi.object({
90-
objectId: type.uuidv4
90+
objectId: type.uuidv4.required()
91+
}),
92+
query: Joi.object({
9193
})
9294
},
9395

9496
copyVersion: {
9597
params: Joi.object({
96-
objectId: type.uuidv4
98+
objectId: type.uuidv4.required()
9799
}),
98100
query: Joi.object({
99101
versionId: type.uuidv4
@@ -102,7 +104,7 @@ const schema = {
102104

103105
readObject: {
104106
params: Joi.object({
105-
objectId: type.uuidv4
107+
objectId: type.uuidv4.required()
106108
}),
107109
query: Joi.object({
108110
expiresIn: Joi.number(),
@@ -115,7 +117,7 @@ const schema = {
115117
replaceMetadata: {
116118
headers: type.metadata(),
117119
params: Joi.object({
118-
objectId: type.uuidv4
120+
objectId: type.uuidv4.required()
119121
}),
120122
query: Joi.object({
121123
s3VersionId: Joi.string(),
@@ -125,7 +127,7 @@ const schema = {
125127

126128
replaceTags: {
127129
params: Joi.object({
128-
objectId: type.uuidv4
130+
objectId: type.uuidv4.required()
129131
}),
130132
query: Joi.object({
131133
tagset: type.tagset(),
@@ -165,12 +167,14 @@ const schema = {
165167
syncObject: {
166168
params: Joi.object({
167169
objectId: type.uuidv4.required()
170+
}),
171+
query: Joi.object({
168172
})
169173
},
170174

171175
togglePublic: {
172176
params: Joi.object({
173-
objectId: type.uuidv4
177+
objectId: type.uuidv4.required()
174178
}),
175179
query: Joi.object({
176180
public: type.truthy
@@ -180,7 +184,7 @@ const schema = {
180184
updateObject: {
181185
headers: type.metadata(),
182186
params: Joi.object({
183-
objectId: type.uuidv4
187+
objectId: type.uuidv4.required()
184188
}),
185189
query: Joi.object({
186190
tagset: type.tagset(),

app/src/validators/objectPermission.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@ const schema = {
4444
permCode: Joi.string().required().valid(...Object.values(Permissions)),
4545
}).required()
4646
).required(),
47+
query: Joi.object({
48+
})
4749
},
4850

4951
removePermissions: {

app/tests/unit/routes/v1/user.spec.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ jest.mock('config');
1212
//
1313
jest.mock('../../../../src/middleware/authorization', () => ({
1414
checkAppMode: jest.fn((_req, _res, next) => next()),
15+
checkS3BasicAccess: jest.fn((_req, _res, next) => next()),
1516
}));
1617

1718
jest.mock('../../../../src/middleware/featureToggle', () => ({

app/tests/unit/validators/object.spec.js

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ describe('addMetadata', () => {
3030
const objectId = params.keys.objectId;
3131

3232
it('is the expected schema', () => {
33-
expect(objectId).toEqual(type.uuidv4.describe());
33+
expect(objectId).toEqual(type.uuidv4.required().describe());
3434
});
3535
});
3636
});
@@ -57,7 +57,7 @@ describe('addTags', () => {
5757
const objectId = params.keys.objectId;
5858

5959
it('is the expected schema', () => {
60-
expect(objectId).toEqual(type.uuidv4.describe());
60+
expect(objectId).toEqual(type.uuidv4.required().describe());
6161
});
6262
});
6363
});
@@ -98,7 +98,7 @@ describe('createObject', () => {
9898
const bucketId = schema.createObject.query.describe().keys.bucketId;
9999

100100
it('is the expected schema', () => {
101-
expect(bucketId).toEqual(type.uuidv4.describe());
101+
expect(bucketId).toEqual(type.uuidv4.required().describe());
102102
});
103103
});
104104

@@ -129,7 +129,7 @@ describe('deleteMetadata', () => {
129129
const objectId = params.keys.objectId;
130130

131131
it('is the expected schema', () => {
132-
expect(objectId).toEqual(type.uuidv4.describe());
132+
expect(objectId).toEqual(type.uuidv4.required().describe());
133133
});
134134
});
135135
});
@@ -156,7 +156,7 @@ describe('deleteObject', () => {
156156
const objectId = params.keys.objectId;
157157

158158
it('is the expected schema', () => {
159-
expect(objectId).toEqual(type.uuidv4.describe());
159+
expect(objectId).toEqual(type.uuidv4.required().describe());
160160
});
161161
});
162162
});
@@ -183,7 +183,7 @@ describe('deleteTags', () => {
183183
const objectId = params.keys.objectId;
184184

185185
it('is the expected schema', () => {
186-
expect(objectId).toEqual(type.uuidv4.describe());
186+
expect(objectId).toEqual(type.uuidv4.required().describe());
187187
});
188188
});
189189
});
@@ -248,7 +248,7 @@ describe('listObjectVersion', () => {
248248
const objectId = params.keys.objectId;
249249

250250
it('is the expected schema', () => {
251-
expect(objectId).toEqual(type.uuidv4.describe());
251+
expect(objectId).toEqual(type.uuidv4.required().describe());
252252
});
253253
});
254254
});
@@ -263,7 +263,7 @@ describe('readObject', () => {
263263
const objectId = params.keys.objectId;
264264

265265
it('is the expected schema', () => {
266-
expect(objectId).toEqual(type.uuidv4.describe());
266+
expect(objectId).toEqual(type.uuidv4.required().describe());
267267
});
268268
});
269269
});
@@ -317,7 +317,7 @@ describe('replaceMetadata', () => {
317317
const objectId = params.keys.objectId;
318318

319319
it('is the expected schema', () => {
320-
expect(objectId).toEqual(type.uuidv4.describe());
320+
expect(objectId).toEqual(type.uuidv4.required().describe());
321321
});
322322
});
323323
});
@@ -345,7 +345,7 @@ describe('replaceTags', () => {
345345
const objectId = params.keys.objectId;
346346

347347
it('is the expected schema', () => {
348-
expect(objectId).toEqual(type.uuidv4.describe());
348+
expect(objectId).toEqual(type.uuidv4.required().describe());
349349
});
350350
});
351351
});
@@ -619,7 +619,7 @@ describe('togglePublic', () => {
619619
const objectId = params.keys.objectId;
620620

621621
it('is the expected schema', () => {
622-
expect(objectId).toEqual(type.uuidv4.describe());
622+
expect(objectId).toEqual(type.uuidv4.required().describe());
623623
});
624624
});
625625
});
@@ -655,7 +655,7 @@ describe('updateObject', () => {
655655
const objectId = params.keys.objectId;
656656

657657
it('is the expected schema', () => {
658-
expect(objectId).toEqual(type.uuidv4.describe());
658+
expect(objectId).toEqual(type.uuidv4.required().describe());
659659
});
660660
});
661661
});

0 commit comments

Comments
 (0)