From cfa5298718f52ddac8f19f967890d6a450a5319a Mon Sep 17 00:00:00 2001 From: anshifmonz Date: Tue, 20 May 2025 21:22:50 +0530 Subject: [PATCH 1/4] fix(auth): add email format validation to register endpoint --- src/app/routes/auth/auth.service.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/app/routes/auth/auth.service.ts b/src/app/routes/auth/auth.service.ts index d09a28d3d..e026d0586 100644 --- a/src/app/routes/auth/auth.service.ts +++ b/src/app/routes/auth/auth.service.ts @@ -1,4 +1,5 @@ import * as bcrypt from 'bcryptjs'; +import { validate } from 'email-validator'; import { RegisterInput } from './register-input.model'; import prisma from '../../../prisma/prisma-client'; import HttpException from '../../models/http-exception.model'; @@ -53,6 +54,10 @@ export const createUser = async (input: RegisterInput): Promise throw new HttpException(422, { errors: { password: ["can't be blank"] } }); } + if (!validate(email)) { + throw new HttpException(422, { errors: { email: ["is invalid"] } }); + } + await checkUserUniqueness(email, username); const hashedPassword = await bcrypt.hash(password, 10); From 4712557af5744f90bf3b65a638a9fb00414ec130 Mon Sep 17 00:00:00 2001 From: anshifmonz Date: Tue, 20 May 2025 21:23:41 +0530 Subject: [PATCH 2/4] chore(npm): install email-validator --- package-lock.json | 9 +++++++++ package.json | 1 + 2 files changed, 10 insertions(+) diff --git a/package-lock.json b/package-lock.json index 95e7c45e6..d9c8a358b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,6 +15,7 @@ "bcryptjs": "^2.4.3", "body-parser": "^1.20.2", "cors": "^2.8.5", + "email-validator": "^2.0.4", "express": "~4.18.1", "express-jwt": "^8.4.1", "jsonwebtoken": "^9.0.2", @@ -5541,6 +5542,14 @@ "integrity": "sha512-/bKPPcgZVUziECqDc+0HkT87+0zhaWSZHNXqF8FLd2lQcptpmUFwoCSWjCdOng9Gdq+afKArPdEg/0ZW461Eng==", "dev": true }, + "node_modules/email-validator": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/email-validator/-/email-validator-2.0.4.tgz", + "integrity": "sha512-gYCwo7kh5S3IDyZPLZf6hSS0MnZT8QmJFqYvbqlDZSbwdZlY6QZWxJ4i/6UhITOJ4XzyI647Bm2MXKCLqnJ4nQ==", + "engines": { + "node": ">4.0" + } + }, "node_modules/emittery": { "version": "0.13.1", "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", diff --git a/package.json b/package.json index 2e3b26cb0..d9dc95f1f 100644 --- a/package.json +++ b/package.json @@ -19,6 +19,7 @@ "bcryptjs": "^2.4.3", "body-parser": "^1.20.2", "cors": "^2.8.5", + "email-validator": "^2.0.4", "express": "~4.18.1", "express-jwt": "^8.4.1", "jsonwebtoken": "^9.0.2", From cc25114861e89730a9d0ef6e3e31397d8466aea1 Mon Sep 17 00:00:00 2001 From: anshifmonz Date: Tue, 20 May 2025 21:31:34 +0530 Subject: [PATCH 3/4] refactor(auth): validate email format early in login endpoint to avoid unnecessary DB lookup --- src/app/routes/auth/auth.service.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/app/routes/auth/auth.service.ts b/src/app/routes/auth/auth.service.ts index e026d0586..c2f92a66e 100644 --- a/src/app/routes/auth/auth.service.ts +++ b/src/app/routes/auth/auth.service.ts @@ -98,6 +98,10 @@ export const login = async (userPayload: any) => { throw new HttpException(422, { errors: { password: ["can't be blank"] } }); } + if (!validate(email)) { + throw new HttpException(422, { errors: { email: ["is invalid"] } }); + } + const user = await prisma.user.findUnique({ where: { email, From a349ba9613cdeb15cfabbf99f3965562b909fd7a Mon Sep 17 00:00:00 2001 From: anshifmonz Date: Tue, 20 May 2025 21:45:01 +0530 Subject: [PATCH 4/4] fix(auth): add email format validation to update user endpoint --- src/app/routes/auth/auth.service.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/app/routes/auth/auth.service.ts b/src/app/routes/auth/auth.service.ts index c2f92a66e..41521c727 100644 --- a/src/app/routes/auth/auth.service.ts +++ b/src/app/routes/auth/auth.service.ts @@ -159,8 +159,12 @@ export const getCurrentUser = async (id: number) => { export const updateUser = async (userPayload: any, id: number) => { const { email, username, password, image, bio } = userPayload; - let hashedPassword; + if (email && !validate(email)) { + throw new HttpException(422, { errors: { email: ["is invalid"] } }); + } + + let hashedPassword; if (password) { hashedPassword = await bcrypt.hash(password, 10); }