Skip to content

Commit

Permalink
Merge pull request #310 from bcgov/sprint-21-query-validation
Browse files Browse the repository at this point in the history 
Sprint 21 query validation
  • Loading branch information
@vietle-cgi
vietle-cgi authored Aug 1, 2024
2 parents 8119c37 + c04368a commit 34e5016
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 54 deletions.
5 changes: 0 additions & 5 deletions backend/src/components/fundingAgreements.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,6 @@ const log = require('./logger')
const { isEmpty } = require('lodash')

async function getFundingAgreements(req, res) {
// TODO (jenbeckett) We shoud validate that either facilityId or applicationId are required
// You should be able to do this in the route with oneOf() and then this can be removed
if (isEmpty(req?.query)) {
return res.status(HttpStatus.BAD_REQUEST).json({ message: 'Query parameter is required' })
}
try {
const fundingAgreements = []
let operation = 'ofm_fundings?$select=ofm_fundingid,ofm_funding_number,ofm_declaration,ofm_start_date,ofm_end_date,_ofm_application_value,_ofm_facility_value,statuscode,statecode'
Expand Down
4 changes: 0 additions & 4 deletions backend/src/components/payments.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,9 @@ const { buildFilterQuery, buildDateFilterQuery } = require('../util/common')
const { PaymentMappings } = require('../util/mapping/Mappings')
const HttpStatus = require('http-status-codes')
const log = require('./logger')
const { isEmpty } = require('lodash')

async function getPayments(req, res) {
try {
if (isEmpty(req?.query)) {
return res.status(HttpStatus.BAD_REQUEST).json({ message: 'Query parameter is required' })
}
const payments = []
let operation = 'ofm_payments?$select=ofm_paymentid,ofm_name,_ofm_facility_value,_ofm_funding_value,ofm_payment_type,ofm_amount,ofm_invoice_date,statuscode,statecode'
const filter = `${buildDateFilterQuery(req?.query, 'ofm_invoice_date')}${buildFilterQuery(req?.query, PaymentMappings)}`
Expand Down
6 changes: 0 additions & 6 deletions backend/src/components/reports.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,6 @@ function mapFixedResponseObjectForFront(fixedResponseQuery, data) {

async function getSurveySections(req, res) {
try {
if (isEmpty(req?.query)) {
return res.status(HttpStatus.BAD_REQUEST).json({ message: 'Query parameter is required' })
}
const sections = []
const operation = `ofm_sections?$filter=_ofm_survey_value eq '${req?.query?.surveyTemplateId}'&$orderby=ofm_section_order`
const response = await getOperation(operation)
Expand All @@ -67,9 +64,6 @@ async function getSurveySections(req, res) {

async function getSurveyQuestions(req, res) {
try {
if (isEmpty(req?.query)) {
return res.status(HttpStatus.BAD_REQUEST).json({ message: 'Query parameter is required' })
}
let operation
if (req?.query?.sectionId) {
operation = `ofm_questions?$select=ofm_question_choice,ofm_question_id,ofm_question_text,ofm_question_type,ofm_response_required,ofm_sequence,ofm_fixed_response,_ofm_header_value,ofm_maximum_rows&$expand=ofm_ofm_question_ofm_question_business_rule_parentquestionid($select=_ofm_child_question_value,ofm_condition,_ofm_false_child_question_value,ofm_parent_has_response,_ofm_parentquestionid_value,ofm_question_business_ruleid,_ofm_true_child_question_value)&$filter=_ofm_section_value eq '${req?.query?.sectionId}'`
Expand Down
44 changes: 28 additions & 16 deletions backend/src/routes/fundingAgreements.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const router = express.Router()
const auth = require('../components/auth')
const isValidBackendToken = auth.isValidBackendToken()
const { getFundingAgreements, updateFundingAgreement, getFundingAgreementById, getFundingPDFById } = require('../components/fundingAgreements')
const { param, query, validationResult } = require('express-validator')
const { param, query, validationResult, oneOf } = require('express-validator')
const validateExpenseAuthority = require('../middlewares/validateExpenseAuthority.js')
const validateFacility = require('../middlewares/validateFacility.js')
const validatePermission = require('../middlewares/validatePermission.js')
Expand All @@ -20,12 +20,10 @@ router.get(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.VIEW_FUNDING_AGREEMENT),
[
query('applicationId').optional().isUUID(),
query('facilityId').optional().isUUID(),
query('stateCode').optional().isInt({ min: 0, max: 1 }),
query('statusCode').optional().isInt({ min: 0, max: 10 }),
],
oneOf([query('applicationId').notEmpty().isUUID(), query('facilityId').notEmpty().isUUID()], {
message: 'URL query: [applicationId or facilityId] is required',
}),
[query('stateCode').optional().isInt({ min: 0, max: 1 }), query('statusCode').optional().isInt({ min: 0, max: 10 })],
validateFacility(),
(req, res) => {
validationResult(req).throw()
Expand All @@ -36,18 +34,32 @@ router.get(
/**
* Get Funding Agreement by ID
*/
router.get('/:fundingAgreementId', passport.authenticate('jwt', { session: false }), isValidBackendToken, validatePermission(PERMISSIONS.VIEW_FUNDING_AGREEMENT), (req, res) => {
validationResult(req).throw()
return getFundingAgreementById(req, res)
})
router.get(
'/:fundingAgreementId',
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.VIEW_FUNDING_AGREEMENT),
[param('fundingAgreementId', 'URL param: [fundingAgreementId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return getFundingAgreementById(req, res)
},
)

/**
* Get Funding Agreement PDF by ID
*/
router.get('/:fundingAgreementId/pdf', passport.authenticate('jwt', { session: false }), isValidBackendToken, validatePermission(PERMISSIONS.VIEW_FUNDING_AGREEMENT), (req, res) => {
validationResult(req).throw()
return getFundingPDFById(req, res)
})
router.get(
'/:fundingAgreementId/pdf',
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.VIEW_FUNDING_AGREEMENT),
[param('fundingAgreementId', 'URL param: [fundingAgreementId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return getFundingPDFById(req, res)
},
)

/**
* Update an existing Funding Agreement using fundingAgreementId
Expand All @@ -58,7 +70,7 @@ router.patch(
isValidBackendToken,
validatePermission(PERMISSIONS.VIEW_FUNDING_AGREEMENT),
validateExpenseAuthority(),
[param('fundingAgreementId', 'URL param: [fundingAgreementId] is required').not().isEmpty()],
[param('fundingAgreementId', 'URL param: [fundingAgreementId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return updateFundingAgreement(req, res)
Expand Down
2 changes: 1 addition & 1 deletion backend/src/routes/payments.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ router.get(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.VIEW_FUNDING_AMOUNTS),
[query('facilityId', 'URL query: [facilityId] is required').notEmpty(), query('stateCode').optional().isInt({ min: 0, max: 1 }), query('statusCode').optional().isInt({ min: 0, max: 8 })],
[query('facilityId', 'URL query: [facilityId] is required').notEmpty().isUUID(), query('stateCode').optional().isInt({ min: 0, max: 1 }), query('statusCode').optional().isInt({ min: 0, max: 8 })],
validateFacility(),
(req, res) => {
validationResult(req).throw()
Expand Down
55 changes: 33 additions & 22 deletions backend/src/routes/reports.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,24 +39,35 @@ const postQuestionResponseSchema = {
}

/**
* Get survey's sections using query:
* Accepted queries:
* - surveyTemplateId: to find all sections in a survey
* Get survey's sections using query
*/
router.get('/survey-sections', passport.authenticate('jwt', { session: false }), isValidBackendToken, validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS), (req, res) => {
validationResult(req).throw()
return getSurveySections(req, res)
})
router.get(
'/survey-sections',
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS),
[query('surveyTemplateId', 'URL query: [surveyTemplateId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return getSurveySections(req, res)
},
)

/**
* Get survey's questions using query:
* Accepted queries:
* - sectionId: to find all questions in a survey section
* Get survey's questions using query
*/
router.get('/survey-questions', passport.authenticate('jwt', { session: false }), isValidBackendToken, validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS), validateFacility(), (req, res) => {
validationResult(req).throw()
return getSurveyQuestions(req, res)
})
router.get(
'/survey-questions',
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS),
[query('sectionId', 'URL query: [sectionId] is required').notEmpty().isUUID(), query('facilityId', 'URL query: [facilityId] is required').notEmpty().isUUID()],
validateFacility(),
(req, res) => {
validationResult(req).throw()
return getSurveyQuestions(req, res)
},
)

/**
* Get an existing Application details using applicationId
Expand All @@ -66,7 +77,7 @@ router.get(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS),
[param('surveyResponseId', 'URL param: [surveyResponseId] is required').not().isEmpty()],
[param('surveyResponseId', 'URL param: [surveyResponseId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return getSurveyResponse(req, res)
Expand All @@ -81,7 +92,7 @@ router.get(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS),
[query('surveyResponseId', 'URL query: [surveyResponseId] is required').not().isEmpty()],
[query('surveyResponseId', 'URL query: [surveyResponseId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return getQuestionResponses(req, res)
Expand All @@ -96,7 +107,7 @@ router.get(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS),
[query('facilityId', 'URL query: [facilityId] is required').not().isEmpty()],
[query('facilityId', 'URL query: [facilityId] is required').notEmpty().isUUID(), query('isSubmitted').optional().isBoolean()],
validateFacility(),
(req, res) => {
validationResult(req).throw()
Expand All @@ -112,7 +123,7 @@ router.get(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SEARCH_VIEW_REPORTS),
[query('facilityId', 'URL query: [facilityId] is required').not().isEmpty()],
[query('facilityId', 'URL query: [facilityId] is required').notEmpty().isUUID(), query('isSubmitted').optional().isBoolean()],
validateFacility(),
(req, res) => {
validationResult(req).throw()
Expand All @@ -128,7 +139,7 @@ router.patch(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SUBMIT_DRAFT_REPORTS),
[param('surveyResponseId', 'URL param: [surveyResponseId] is required').not().isEmpty()],
[param('surveyResponseId', 'URL param: [surveyResponseId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return updateSurveyResponse(req, res)
Expand All @@ -143,7 +154,7 @@ router.delete(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.DELETE_DRAFT_REPORTS),
[param('surveyResponseId', 'URL param: [surveyResponseId] is required').not().isEmpty()],
[param('surveyResponseId', 'URL param: [surveyResponseId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return deleteSurveyResponse(req, res)
Expand Down Expand Up @@ -173,7 +184,7 @@ router.patch(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SUBMIT_DRAFT_REPORTS),
[param('questionResponseId', 'URL param: [questionResponseId] is required').not().isEmpty()],
[param('questionResponseId', 'URL param: [questionResponseId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return updateQuestionResponse(req, res)
Expand All @@ -188,7 +199,7 @@ router.delete(
passport.authenticate('jwt', { session: false }),
isValidBackendToken,
validatePermission(PERMISSIONS.SUBMIT_DRAFT_REPORTS),
[param('questionResponseId', 'URL param: [questionResponseId] is required').not().isEmpty()],
[param('questionResponseId', 'URL param: [questionResponseId] is required').notEmpty().isUUID()],
(req, res) => {
validationResult(req).throw()
return deleteQuestionResponse(req, res)
Expand Down

0 comments on commit 34e5016

Please sign in to comment.