Skip to content

Commit

Permalink
add: validation to createFetureFlag api
Browse files Browse the repository at this point in the history
  • Loading branch information
@MehulKChaudhari
MehulKChaudhari committed Nov 25, 2024
1 parent 7bf47cd commit f669133
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 8 deletions.
1 change: 0 additions & 1 deletion controllers/featureFlags.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ export const createFeatureFlag = async (req: CustomRequest, res: CustomResponse)
export const updateFeatureFlag = async (req: CustomRequest, res: CustomResponse) => {
try {
const { flagId } = req.params;
console.log("Mehulllll", flagId)
const updateData: UpdateFeatureFlagRequestBody = {
Status: req.body.Status,
UserId: req.body.UserId,
Expand Down
30 changes: 29 additions & 1 deletion middlewares/validators/featureFlag.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,32 @@ export const validateUpdateFeatureFlag = async (req: Request, res: CustomRespons
logger.error(`Error validating update feature flag payload: ${error.message}`);
res.boom.badRequest(error.message);
}
};
};

const createFeatureFlagSchema = Joi.object({
Name: Joi.string()
.required()
.messages({
'any.required': 'Name is required'
}),
Description: Joi.string()
.required()
.messages({
'any.required': 'Description is required'
}),
UserId: Joi.string()
.required()
.messages({
'any.required': 'UserId is required'
})
});

export const validateCreateFeatureFlag = async (req: Request, res: CustomResponse, next: NextFunction) => {
try {
await createFeatureFlagSchema.validateAsync(req.body);
next();
} catch (error) {
logger.error(`Error validating create feature flag payload: ${error.message}`);
res.boom.badRequest(error.message);
}
};
8 changes: 4 additions & 4 deletions routes/featureFlag.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ import express from "express";
const router = express.Router();
import authenticate from "../middlewares/authenticate";
const authorizeRoles = require("../middlewares/authorizeRoles");
import { createFeatureFlag, getAllFeatureFlags, getFeatureFlagById, updateFeatureFlag} from "../controllers/featureFlags";
import { createFeatureFlag, getAllFeatureFlags, getFeatureFlagById, updateFeatureFlag } from "../controllers/featureFlags";
const { SUPERUSER } = require("../constants/roles");
import { validateUpdateFeatureFlag } from '../middlewares/validators/featureFlag';
import { validateUpdateFeatureFlag, validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), createFeatureFlag);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
router.patch('/updateFeatureFlag/:flagId', authenticate, authorizeRoles([SUPERUSER]), validateUpdateFeatureFlag, updateFeatureFlag);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

module.exports = router;
module.exports = router;
4 changes: 2 additions & 2 deletions services/featureFlagService.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,12 @@ const updateFeatureFlag = async (
updateData: UpdateFeatureFlagRequestBody
): Promise<FeatureFlagResponse> => {
try {
const response = await fetch(`http://127.0.0.1:3000/feature-flags/${flagId}`, {
const response = await fetch(`${FEATURE_FLAG_BASE_URL}/feature-flags/${flagId}`, {
method: "PATCH",
headers: generateHeaders(),
body: JSON.stringify(updateData),
});

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
console.log("Mehulllll", response)

if (!response.ok) {
const error = await response.json();
return {
Expand Down

0 comments on commit f669133

Please sign in to comment.