Switch to using zod for validation on voting API endpoints (#1476)

* add voteSchema to OttApiRequestVote * add voteSchema validation to addVote API endpoint * add voteSchema validation to removeVote API endpoint * made requested changes * update naming convention * fix lint * use body in makeRoomRequest calls * fix lint
dyc3 · Mar 12, 2024 · 50fe3a1 · 50fe3a1
1 parent 391e217
commit 50fe3a1
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 22 deletions.
diff --git a/common/models/rest-api.ts b/common/models/rest-api.ts
@@ -3,7 +3,7 @@ import { ServerMessageEvent } from "./messages";
 import { BehaviorOption, QueueMode, RoomSettings, RoomUserInfo, Visibility } from "./types";
 import { QueueItem, Video, VideoId } from "./video";
 import type { Category } from "sponsorblock-api";
-import { createRoomSchema } from "./zod-schemas";
+import { OttApiRequestRoomCreateSchema, OttApiRequestVoteSchema } from "./zod-schemas";
 import { z } from "zod";
 
 export type OttResponseBody<T = unknown, E extends OttApiError = OttApiError> =
@@ -35,7 +35,7 @@ export interface OttApiResponseRoomGenerate {
 }
 
 /** Endpoint: `/api/room/create` */
-export type OttApiRequestRoomCreate = z.infer<typeof createRoomSchema>;
+export type OttApiRequestRoomCreate = z.infer<typeof OttApiRequestRoomCreateSchema>;
 
 /** Endpoint: `/api/room/create` */
 export interface OttApiResponseRoomCreate {}
@@ -83,7 +83,7 @@ export type OttApiResponseAddPreview = {
 	result: Video[];
 };
 
-export interface OttApiRequestVote extends VideoId {}
+export type OttApiRequestVote = z.infer<typeof OttApiRequestVoteSchema>;
 
 export type OttApiRequestAccountRecoveryStart = {
 	email?: string;

diff --git a/common/models/zod-schemas.ts b/common/models/zod-schemas.ts
@@ -1,11 +1,12 @@
-import { ROOM_NAME_REGEX } from "ott-common/constants";
+import { ALL_VIDEO_SERVICES, ROOM_NAME_REGEX } from "ott-common/constants";
 import { Visibility, QueueMode } from "ott-common/models/types";
-import { z } from "zod";
+import { VideoService } from "./video";
+import { string, z } from "zod";
 
 // These strings are not allowed to be used as room names.
 const RESERVED_ROOM_NAMES = ["list", "create", "generate"];
 
-export const createRoomSchema = z.object({
+export const OttApiRequestRoomCreateSchema = z.object({
 	name: z
 		.string()
 		.min(3, "too short, must be atleast 3 characters")
@@ -18,3 +19,12 @@ export const createRoomSchema = z.object({
 	visibility: z.nativeEnum(Visibility).default(Visibility.Public).optional(),
 	queueMode: z.nativeEnum(QueueMode).optional(),
 });
+
+const VideoIdSchema = z.object({
+	service: z.enum(ALL_VIDEO_SERVICES),
+	id: z.string(),
+});
+
+export const OttApiRequestVoteSchema = z.object({
+	...VideoIdSchema.shape,
+});
diff --git a/server/api/room.ts b/server/api/room.ts
@@ -32,7 +32,10 @@ import { getApiKey } from "../admin";
 import { v4 as uuidv4 } from "uuid";
 import { counterHttpErrors } from "../metrics";
 import { conf } from "../ott-config";
-import { createRoomSchema } from "ott-common/models/zod-schemas";
+import {
+	OttApiRequestRoomCreateSchema,
+	OttApiRequestVoteSchema,
+} from "ott-common/models/zod-schemas";
 import { ZodError } from "zod";
 import { fromZodError } from "zod-validation-error";
 
@@ -119,7 +122,7 @@ const createRoom: RequestHandler<
 	OttResponseBody<OttApiResponseRoomCreate>,
 	OttApiRequestRoomCreate
 > = async (req, res) => {
-	const body = createRoomSchema.parse(req.body);
+	const body = OttApiRequestRoomCreateSchema.parse(req.body);
 
 	if (body.isTemporary && !conf.get("room.enable_create_temporary")) {
 		throw new FeatureDisabledException("Temporary rooms are disabled.");
@@ -304,20 +307,16 @@ const undoEvent: RequestHandler<{ name: string }> = async (req, res) => {
 };
 
 const addVote: RequestHandler<{ name: string }, unknown, OttApiRequestVote> = async (req, res) => {
+	const body = OttApiRequestVoteSchema.parse(req.body);
+
 	if (!req.token) {
 		throw new OttException("Missing token");
 	}
-	if (!req.body.service) {
-		throw new BadApiArgumentException("service", "missing");
-	}
-	if (!req.body.id) {
-		throw new BadApiArgumentException("id", "missing");
-	}
 
 	const client = clientmanager.getClientByToken(req.token, req.params.name);
 	await clientmanager.makeRoomRequest(client, {
 		type: RoomRequestType.VoteRequest,
-		video: { service: req.body.service, id: req.body.id },
+		video: { service: body.service, id: body.id },
 		add: true,
 	});
 	res.json({
@@ -329,20 +328,16 @@ const removeVote: RequestHandler<{ name: string }, unknown, OttApiRequestVote> =
 	req,
 	res
 ) => {
+	const body = OttApiRequestVoteSchema.parse(req.body);
+
 	if (!req.token) {
 		throw new OttException("Missing token");
 	}
-	if (!req.body.service) {
-		throw new BadApiArgumentException("service", "missing");
-	}
-	if (!req.body.id) {
-		throw new BadApiArgumentException("id", "missing");
-	}
 
 	const client = clientmanager.getClientByToken(req.token, req.params.name);
 	await clientmanager.makeRoomRequest(client, {
 		type: RoomRequestType.VoteRequest,
-		video: { service: req.body.service, id: req.body.id },
+		video: { service: body.service, id: body.id },
 		add: false,
 	});
 	res.json({