QT/bigcapital
1
0
Fork 0
mirror of https://github.com/bigcapitalhq/bigcapital.git synced 2026-02-18 22:00:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #571 from bigcapitalhq/remove-controller-escape

Browse Source 
fix: Remove the request body escape.
This commit is contained in:
Ahmed Bouhuolia
2024-08-08 16:12:31 +02:00
committed by GitHub
parent d43d46ebec 8da89ebe8b
commit fb58ab8cc1
30 changed files with 101 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
packages/server/src/api/controllers/Accounts.ts
View File

@@ -103,24 +103,20 @@ export default class AccountsController extends BaseController {
check('name') check('name')
.exists() .exists()
.isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
.trim() .trim(),
.escape(),
check('code') check('code')
.optional({ nullable: true }) .optional({ nullable: true })
.isLength({ min: 3, max: 6 }) .isLength({ min: 3, max: 6 })
.trim() .trim(),
.escape(),
check('currency_code').optional(), check('currency_code').optional(),
check('account_type') check('account_type')
.exists() .exists()
.isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
.trim() .trim(),
.escape(),
check('description') check('description')
.optional({ nullable: true }) .optional({ nullable: true })
.isLength({ max: DATATYPES_LENGTH.TEXT }) .isLength({ max: DATATYPES_LENGTH.TEXT })
.trim() .trim(),
.escape(),
check('parent_account_id') check('parent_account_id')
.optional({ nullable: true }) .optional({ nullable: true })
.isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 }) .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })
@@ -136,23 +132,19 @@ export default class AccountsController extends BaseController {
check('name') check('name')
.exists() .exists()
.isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
.trim() .trim(),
.escape(),
check('code') check('code')
.optional({ nullable: true }) .optional({ nullable: true })
.isLength({ min: 3, max: 6 }) .isLength({ min: 3, max: 6 })
.trim() .trim(),
.escape(),
check('account_type') check('account_type')
.exists() .exists()
.isLength({ min: 3, max: DATATYPES_LENGTH.STRING }) .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
.trim() .trim(),
.escape(),
check('description') check('description')
.optional({ nullable: true }) .optional({ nullable: true })
.isLength({ max: DATATYPES_LENGTH.TEXT }) .isLength({ max: DATATYPES_LENGTH.TEXT })
.trim() .trim(),
.escape(),
check('parent_account_id') check('parent_account_id')
.optional({ nullable: true }) .optional({ nullable: true })
.isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 }) .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })

12
packages/server/src/api/controllers/Authentication.ts
View File

@@ -90,27 +90,23 @@ export default class AuthenticationController extends BaseController {
.exists() .exists()
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('last_name') check('last_name')
.exists() .exists()
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('email') check('email')
.exists() .exists()
.isString() .isString()
.isEmail() .isEmail()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('password') check('password')
.exists() .exists()
.isString() .isString()
.isLength({ min: 6 }) .isLength({ min: 6 })
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
]; ];
} }
@@ -150,7 +146,7 @@ export default class AuthenticationController extends BaseController {
* @returns {ValidationChain[]} * @returns {ValidationChain[]}
*/ */
private get sendResetPasswordSchema(): ValidationChain[] { private get sendResetPasswordSchema(): ValidationChain[] {
return [check('email').exists().isEmail().trim().escape()]; return [check('email').exists().isEmail().trim()];
} }
/** /**
@@ -158,7 +154,11 @@ export default class AuthenticationController extends BaseController {
* @param {Request} req * @param {Request} req
* @param {Response} res * @param {Response} res
*/ */
private async login(req: Request, res: Response, next: Function): Response { private async login(
req: Request,
res: Response,
next: Function
): Promise<Response | null> {
const userDTO: ILoginDTO = this.matchedBodyData(req); const userDTO: ILoginDTO = this.matchedBodyData(req);
try { try {

5
packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts
View File

@@ -112,12 +112,11 @@ export default class NewCashflowTransactionController extends BaseController {
public get newTransactionValidationSchema() { public get newTransactionValidationSchema() {
return [ return [
check('date').exists().isISO8601().toDate(), check('date').exists().isISO8601().toDate(),
check('reference_no').optional({ nullable: true }).trim().escape(), check('reference_no').optional({ nullable: true }).trim(),
check('description') check('description')
.optional({ nullable: true }) .optional({ nullable: true })
.isLength({ min: 3 }) .isLength({ min: 3 })
.trim() .trim(),
.escape(),
check('transaction_type').exists(), check('transaction_type').exists(),
check('amount').exists().isFloat().toFloat(), check('amount').exists().isFloat().toFloat(),

26
packages/server/src/api/controllers/Contacts/Contacts.ts
View File

@@ -56,7 +56,7 @@ export default class ContactsController extends BaseController {
*/ */
get autocompleteQuerySchema() { get autocompleteQuerySchema() {
return [ return [
query('column_sort_by').optional().trim().escape(), query('column_sort_by').optional().trim(),
query('sort_order').optional().isIn(['desc', 'asc']), query('sort_order').optional().isIn(['desc', 'asc']),
query('stringified_filter_roles').optional().isJSON(), query('stringified_filter_roles').optional().isJSON(),
@@ -122,32 +122,27 @@ export default class ContactsController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('first_name') check('first_name')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('last_name') check('last_name')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('company_name') check('company_name')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('display_name') check('display_name')
.exists() .exists()
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('email') check('email')
@@ -165,120 +160,101 @@ export default class ContactsController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('personal_phone') check('personal_phone')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_1') check('billing_address_1')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_2') check('billing_address_2')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_city') check('billing_address_city')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_country') check('billing_address_country')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_email') check('billing_address_email')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.isEmail() .isEmail()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_postcode') check('billing_address_postcode')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_phone') check('billing_address_phone')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('billing_address_state') check('billing_address_state')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_1') check('shipping_address_1')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_2') check('shipping_address_2')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_city') check('shipping_address_city')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_country') check('shipping_address_country')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_email') check('shipping_address_email')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.isEmail() .isEmail()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_postcode') check('shipping_address_postcode')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_phone') check('shipping_address_phone')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('shipping_address_state') check('shipping_address_state')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('note') check('note')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.TEXT }), .isLength({ max: DATATYPES_LENGTH.TEXT }),
check('active').optional().isBoolean().toBoolean(), check('active').optional().isBoolean().toBoolean(),
]; ];

9
packages/server/src/api/controllers/Contacts/Customers.ts
View File

@@ -106,11 +106,7 @@ export default class CustomersController extends ContactsController {
*/ */
get customerDTOSchema() { get customerDTOSchema() {
return [ return [
check('customer_type') check('customer_type').exists().isIn(['business', 'individual']).trim(),
.exists()
.isIn(['business', 'individual'])
.trim()
.escape(),
]; ];
} }
@@ -123,7 +119,6 @@ export default class CustomersController extends ContactsController {
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: 3 }), .isLength({ max: 3 }),
]; ];
} }
@@ -133,7 +128,7 @@ export default class CustomersController extends ContactsController {
*/ */
get validateListQuerySchema() { get validateListQuerySchema() {
return [ return [
query('column_sort_by').optional().trim().escape(), query('column_sort_by').optional().trim(),
query('sort_order').optional().isIn(['desc', 'asc']), query('sort_order').optional().isIn(['desc', 'asc']),
query('page').optional().isNumeric().toInt(), query('page').optional().isNumeric().toInt(),

1
packages/server/src/api/controllers/Contacts/Vendors.ts
View File

@@ -106,7 +106,6 @@ export default class VendorsController extends ContactsController {
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ min: 3, max: 3 }), .isLength({ min: 3, max: 3 }),
]; ];
} }

14
packages/server/src/api/controllers/Currencies.ts
View File

@@ -67,7 +67,7 @@ export default class CurrenciesController extends BaseController {
} }
get currencyParamSchema(): ValidationChain[] { get currencyParamSchema(): ValidationChain[] {
return [param('currency_code').exists().trim().escape()]; return [param('currency_code').exists().trim()];
} }
get listSchema(): ValidationChain[] { get listSchema(): ValidationChain[] {
@@ -187,11 +187,13 @@ export default class CurrenciesController extends BaseController {
} }
if (error.errorType === 'currency_code_exists') { if (error.errorType === 'currency_code_exists') {
return res.boom.badRequest(null, { return res.boom.badRequest(null, {
errors: [{ errors: [
type: 'CURRENCY_CODE_EXISTS', {
message: 'The given currency code is already exists.', type: 'CURRENCY_CODE_EXISTS',
code: 200, message: 'The given currency code is already exists.',
}], code: 200,
},
],
}); });
} }
if (error.errorType === 'CANNOT_DELETE_BASE_CURRENCY') { if (error.errorType === 'CANNOT_DELETE_BASE_CURRENCY') {

4
packages/server/src/api/controllers/Expenses/Expenses.ts
View File

@@ -89,7 +89,6 @@ export class ExpensesController extends BaseController {
check('reference_no') check('reference_no')
.optional({ nullable: true }) .optional({ nullable: true })
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('payment_date').exists().isISO8601().toDate(), check('payment_date').exists().isISO8601().toDate(),
check('payment_account_id') check('payment_account_id')
@@ -123,7 +122,6 @@ export class ExpensesController extends BaseController {
check('categories.*.description') check('categories.*.description')
.optional() .optional()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('categories.*.landed_cost').optional().isBoolean().toBoolean(), check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
check('categories.*.project_id') check('categories.*.project_id')
@@ -144,7 +142,6 @@ export class ExpensesController extends BaseController {
check('reference_no') check('reference_no')
.optional({ nullable: true }) .optional({ nullable: true })
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('payment_date').exists().isISO8601().toDate(), check('payment_date').exists().isISO8601().toDate(),
check('payment_account_id') check('payment_account_id')
@@ -179,7 +176,6 @@ export class ExpensesController extends BaseController {
check('categories.*.description') check('categories.*.description')
.optional() .optional()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('categories.*.landed_cost').optional().isBoolean().toBoolean(), check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
check('categories.*.project_id') check('categories.*.project_id')

9
packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts
View File

@@ -1,9 +1,7 @@
import { query } from 'express-validator'; import { query } from 'express-validator';
import BaseController from "../BaseController"; import BaseController from '../BaseController';
export default class BaseFinancialReportController extends BaseController { export default class BaseFinancialReportController extends BaseController {
get sheetNumberFormatValidationSchema() { get sheetNumberFormatValidationSchema() {
return [ return [
query('number_format.precision') query('number_format.precision')
@@ -19,8 +17,7 @@ export default class BaseFinancialReportController extends BaseController {
query('number_format.negative_format') query('number_format.negative_format')
.optional() .optional()
.isIn(['parentheses', 'mines']) .isIn(['parentheses', 'mines'])
.trim() .trim(),
.escape(),
]; ];
} }
} }

3
packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts
View File

@@ -51,8 +51,7 @@ export default class InventoryDetailsController extends BaseController {
query('number_format.negative_format') query('number_format.negative_format')
.optional() .optional()
.isIn(['parentheses', 'mines']) .isIn(['parentheses', 'mines'])
.trim() .trim(),
.escape(),
query('from_date').optional(), query('from_date').optional(),
query('to_date').optional(), query('to_date').optional(),

2
packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts
View File

@@ -36,7 +36,7 @@ export default class JournalSheetController extends BaseFinancialReportControlle
return [ return [
query('from_date').optional().isISO8601(), query('from_date').optional().isISO8601(),
query('to_date').optional().isISO8601(), query('to_date').optional().isISO8601(),
query('transaction_type').optional().trim().escape(), query('transaction_type').optional().trim(),
query('transaction_id').optional().isInt().toInt(), query('transaction_id').optional().isInt().toInt(),
oneOf( oneOf(
[ [

3
packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts
View File

@@ -40,8 +40,7 @@ export default class TransactionsByReferenceController extends BaseController {
query('number_format.negative_format') query('number_format.negative_format')
.optional() .optional()
.isIn(['parentheses', 'mines']) .isIn(['parentheses', 'mines'])
.trim() .trim(),
.escape(),
]; ];
} }

2
packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts
View File

@@ -86,7 +86,7 @@ export default class InventoryAdjustmentsController extends BaseController {
*/ */
get validateListQuerySchema() { get validateListQuerySchema() {
return [ return [
query('column_sort_by').optional().trim().escape(), query('column_sort_by').optional().trim(),
query('sort_order').optional().isIn(['desc', 'asc']), query('sort_order').optional().isIn(['desc', 'asc']),
query('page').optional().isNumeric().toInt(), query('page').optional().isNumeric().toInt(),

12
packages/server/src/api/controllers/InviteUsers.ts
View File

@@ -25,7 +25,7 @@ export default class InviteUsersController extends BaseController {
router.post( router.post(
'/send', '/send',
[ [
body('email').exists().trim().escape(), body('email').exists().trim(),
body('role_id').exists().isNumeric().toInt(), body('role_id').exists().isNumeric().toInt(),
], ],
this.validationResult, this.validationResult,
@@ -57,7 +57,7 @@ export default class InviteUsersController extends BaseController {
); );
router.get( router.get(
'/invited/:token', '/invited/:token',
[param('token').exists().trim().escape()], [param('token').exists().trim()],
this.validationResult, this.validationResult,
asyncMiddleware(this.invited.bind(this)), asyncMiddleware(this.invited.bind(this)),
this.handleServicesError this.handleServicesError
@@ -72,10 +72,10 @@ export default class InviteUsersController extends BaseController {
*/ */
private get inviteUserDTO() { private get inviteUserDTO() {
return [ return [
check('first_name').exists().trim().escape(), check('first_name').exists().trim(),
check('last_name').exists().trim().escape(), check('last_name').exists().trim(),
check('password').exists().trim().escape().isLength({ min: 5 }), check('password').exists().trim().isLength({ min: 5 }),
param('token').exists().trim().escape(), param('token').exists().trim(),
]; ];
} }

21
packages/server/src/api/controllers/ItemCategories.ts
View File

@@ -73,13 +73,11 @@ export default class ItemsCategoriesController extends BaseController {
check('name') check('name')
.exists() .exists()
.trim() .trim()
.escape()
.isLength({ min: 0, max: DATATYPES_LENGTH.STRING }), .isLength({ min: 0, max: DATATYPES_LENGTH.STRING }),
check('description') check('description')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.TEXT }), .isLength({ max: DATATYPES_LENGTH.TEXT }),
check('sell_account_id') check('sell_account_id')
.optional({ nullable: true }) .optional({ nullable: true })
@@ -101,9 +99,8 @@ export default class ItemsCategoriesController extends BaseController {
*/ */
get categoriesListValidationSchema() { get categoriesListValidationSchema() {
return [ return [
query('column_sort_by').optional().trim().escape(), query('column_sort_by').optional().trim(),
query('sort_order').optional().trim().escape().isIn(['desc', 'asc']), query('sort_order').optional().trim().isIn(['desc', 'asc']),
query('stringified_filter_roles').optional().isJSON(), query('stringified_filter_roles').optional().isJSON(),
]; ];
} }
@@ -207,14 +204,12 @@ export default class ItemsCategoriesController extends BaseController {
}; };
try { try {
const { const { itemCategories, filterMeta } =
itemCategories, await this.itemCategoriesService.getItemCategoriesList(
filterMeta, tenantId,
} = await this.itemCategoriesService.getItemCategoriesList( itemCategoriesFilter,
tenantId, user
itemCategoriesFilter, );
user
);
return res.status(200).send({ return res.status(200).send({
item_categories: itemCategories, item_categories: itemCategories,
filter_meta: this.transfromToResponse(filterMeta), filter_meta: this.transfromToResponse(filterMeta),

7
packages/server/src/api/controllers/Items/Items.ts
View File

@@ -96,13 +96,11 @@ export default class ItemsController extends BaseController {
.exists() .exists()
.isString() .isString()
.trim() .trim()
.escape()
.isIn(['service', 'non-inventory', 'inventory']), .isIn(['service', 'non-inventory', 'inventory']),
check('code') check('code')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
// Purchase attributes. // Purchase attributes.
check('purchasable').optional().isBoolean().toBoolean(), check('purchasable').optional().isBoolean().toBoolean(),
@@ -141,13 +139,11 @@ export default class ItemsController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.TEXT }), .isLength({ max: DATATYPES_LENGTH.TEXT }),
check('purchase_description') check('purchase_description')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.TEXT }), .isLength({ max: DATATYPES_LENGTH.TEXT }),
check('sell_tax_rate_id').optional({ nullable: true }).isInt().toInt(), check('sell_tax_rate_id').optional({ nullable: true }).isInt().toInt(),
check('purchase_tax_rate_id') check('purchase_tax_rate_id')
@@ -162,7 +158,6 @@ export default class ItemsController extends BaseController {
.optional() .optional()
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.TEXT }), .isLength({ max: DATATYPES_LENGTH.TEXT }),
check('active').optional().isBoolean().toBoolean(), check('active').optional().isBoolean().toBoolean(),
@@ -184,7 +179,7 @@ export default class ItemsController extends BaseController {
*/ */
private get validateListQuerySchema() { private get validateListQuerySchema() {
return [ return [
query('column_sort_by').optional().trim().escape(), query('column_sort_by').optional().trim(),
query('sort_order').optional().isIn(['desc', 'asc']), query('sort_order').optional().isIn(['desc', 'asc']),
query('page').optional().isNumeric().toInt(), query('page').optional().isNumeric().toInt(),

6
packages/server/src/api/controllers/ManualJournals.ts
View File

@@ -94,25 +94,21 @@ export default class ManualJournalsController extends BaseController {
.optional() .optional()
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('journal_type') check('journal_type')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('reference') check('reference')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.STRING }), .isLength({ max: DATATYPES_LENGTH.STRING }),
check('description') check('description')
.optional({ nullable: true }) .optional({ nullable: true })
.isString() .isString()
.trim() .trim()
.escape()
.isLength({ max: DATATYPES_LENGTH.TEXT }), .isLength({ max: DATATYPES_LENGTH.TEXT }),
check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
check('publish').optional().isBoolean().toBoolean(), check('publish').optional().isBoolean().toBoolean(),
@@ -163,7 +159,7 @@ export default class ManualJournalsController extends BaseController {
query('page_size').optional().isNumeric().toInt(), query('page_size').optional().isNumeric().toInt(),
query('custom_view_id').optional().isNumeric().toInt(), query('custom_view_id').optional().isNumeric().toInt(),
query('column_sort_by').optional().trim().escape(), query('column_sort_by').optional().trim(),
query('sort_order').optional().isIn(['desc', 'asc']), query('sort_order').optional().isIn(['desc', 'asc']),
query('stringified_filter_roles').optional().isJSON(), query('stringified_filter_roles').optional().isJSON(),

7
packages/server/src/api/controllers/Media.ts
View File

@@ -61,15 +61,14 @@ export default class MediaController extends BaseController {
get uploadValidationSchema() { get uploadValidationSchema() {
return [ return [
// check('attachment'), check('model_name').optional().trim(),
check('model_name').optional().trim().escape(), check('model_id').optional().isNumeric(),
check('model_id').optional().isNumeric().toInt(),
]; ];
} }
get linkValidationSchema() { get linkValidationSchema() {
return [ return [
check('model_name').exists().trim().escape(), check('model_name').exists().trim(),
check('model_id').exists().isNumeric().toInt(), check('model_id').exists().isNumeric().toInt(),
] ]
} }

8
packages/server/src/api/controllers/Organization.ts
View File

@@ -62,7 +62,7 @@ export default class OrganizationController extends BaseController {
private get commonOrganizationValidationSchema(): ValidationChain[] { private get commonOrganizationValidationSchema(): ValidationChain[] {
return [ return [
check('name').exists().trim(), check('name').exists().trim(),
check('industry').optional({ nullable: true }).isString().trim().escape(), check('industry').optional({ nullable: true }).isString().trim(),
check('location').exists().isString().isISO31661Alpha2(), check('location').exists().isString().isISO31661Alpha2(),
check('base_currency').exists().isISO4217(), check('base_currency').exists().isISO4217(),
check('timezone').exists().isIn(moment.tz.names()), check('timezone').exists().isIn(moment.tz.names()),
@@ -87,11 +87,7 @@ export default class OrganizationController extends BaseController {
private get updateOrganizationValidationSchema(): ValidationChain[] { private get updateOrganizationValidationSchema(): ValidationChain[] {
return [ return [
...this.commonOrganizationValidationSchema, ...this.commonOrganizationValidationSchema,
check('tax_number') check('tax_number').optional({ nullable: true }).isString().trim(),
.optional({ nullable: true })
.isString()
.trim()
.escape(),
]; ];
} }

27
packages/server/src/api/controllers/Purchases/Bills.ts
View File

@@ -100,8 +100,8 @@ export default class BillsController extends BaseController {
*/ */
private get billValidationSchema() { private get billValidationSchema() {
return [ return [
check('bill_number').exists().trim().escape(), check('bill_number').exists().trim(),
check('reference_no').optional().trim().escape(), check('reference_no').optional().trim(),
check('bill_date').exists().isISO8601(), check('bill_date').exists().isISO8601(),
check('due_date').optional().isISO8601(), check('due_date').optional().isISO8601(),
@@ -112,7 +112,7 @@ export default class BillsController extends BaseController {
check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
check('project_id').optional({ nullable: true }).isNumeric().toInt(), check('project_id').optional({ nullable: true }).isNumeric().toInt(),
check('note').optional().trim().escape(), check('note').optional().trim(),
check('open').default(false).isBoolean().toBoolean(), check('open').default(false).isBoolean().toBoolean(),
check('is_inclusive_tax').default(false).isBoolean().toBoolean(), check('is_inclusive_tax').default(false).isBoolean().toBoolean(),
@@ -126,10 +126,7 @@ export default class BillsController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
.toFloat(), .toFloat(),
check('entries.*.description') check('entries.*.description').optional({ nullable: true }).trim(),
.optional({ nullable: true })
.trim()
.escape(),
check('entries.*.landed_cost') check('entries.*.landed_cost')
.optional({ nullable: true }) .optional({ nullable: true })
.isBoolean() .isBoolean()
@@ -141,7 +138,6 @@ export default class BillsController extends BaseController {
check('entries.*.tax_code') check('entries.*.tax_code')
.optional({ nullable: true }) .optional({ nullable: true })
.trim() .trim()
.escape()
.isString(), .isString(),
check('entries.*.tax_rate_id') check('entries.*.tax_rate_id')
.optional({ nullable: true }) .optional({ nullable: true })
@@ -158,8 +154,8 @@ export default class BillsController extends BaseController {
*/ */
private get billEditValidationSchema() { private get billEditValidationSchema() {
return [ return [
check('bill_number').optional().trim().escape(), check('bill_number').optional().trim(),
check('reference_no').optional().trim().escape(), check('reference_no').optional().trim(),
check('bill_date').exists().isISO8601(), check('bill_date').exists().isISO8601(),
check('due_date').optional().isISO8601(), check('due_date').optional().isISO8601(),
@@ -170,7 +166,7 @@ export default class BillsController extends BaseController {
check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
check('project_id').optional({ nullable: true }).isNumeric().toInt(), check('project_id').optional({ nullable: true }).isNumeric().toInt(),
check('note').optional().trim().escape(), check('note').optional().trim(),
check('open').default(false).isBoolean().toBoolean(), check('open').default(false).isBoolean().toBoolean(),
check('entries').isArray({ min: 1 }), check('entries').isArray({ min: 1 }),
@@ -184,10 +180,7 @@ export default class BillsController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
.toFloat(), .toFloat(),
check('entries.*.description') check('entries.*.description').optional({ nullable: true }).trim(),
.optional({ nullable: true })
.trim()
.escape(),
check('entries.*.landed_cost') check('entries.*.landed_cost')
.optional({ nullable: true }) .optional({ nullable: true })
.isBoolean() .isBoolean()
@@ -222,8 +215,8 @@ export default class BillsController extends BaseController {
private get dueBillsListingValidationSchema() { private get dueBillsListingValidationSchema() {
return [ return [
query('vendor_id').optional().trim().escape(), query('vendor_id').optional().trim(),
query('payment_made_id').optional().trim().escape(), query('payment_made_id').optional().trim(),
]; ];
} }

6
packages/server/src/api/controllers/Purchases/BillsPayments.ts
View File

@@ -113,10 +113,10 @@ export default class BillsPayments extends BaseController {
check('amount').exists().isNumeric().toFloat(), check('amount').exists().isNumeric().toFloat(),
check('payment_account_id').exists().isNumeric().toInt(), check('payment_account_id').exists().isNumeric().toInt(),
check('payment_number').optional({ nullable: true }).trim().escape(), check('payment_number').optional({ nullable: true }).trim(),
check('payment_date').exists(), check('payment_date').exists(),
check('statement').optional().trim().escape(), check('statement').optional().trim(),
check('reference').optional().trim().escape(), check('reference').optional().trim(),
check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
check('entries').exists().isArray(), check('entries').exists().isArray(),

28
packages/server/src/api/controllers/Purchases/VendorCredit.ts
View File

@@ -156,13 +156,10 @@ export default class VendorCreditController extends BaseController {
check('vendor_id').exists().isNumeric().toInt(), check('vendor_id').exists().isNumeric().toInt(),
check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
check('vendor_credit_number') check('vendor_credit_number').optional({ nullable: true }).trim(),
.optional({ nullable: true }) check('reference_no').optional().trim(),
.trim()
.escape(),
check('reference_no').optional().trim().escape(),
check('vendor_credit_date').exists().isISO8601().toDate(), check('vendor_credit_date').exists().isISO8601().toDate(),
check('note').optional().trim().escape(), check('note').optional().trim(),
check('open').default(false).isBoolean().toBoolean(), check('open').default(false).isBoolean().toBoolean(),
check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -178,10 +175,7 @@ export default class VendorCreditController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
.toFloat(), .toFloat(),
check('entries.*.description') check('entries.*.description').optional({ nullable: true }).trim(),
.optional({ nullable: true })
.trim()
.escape(),
check('entries.*.warehouse_id') check('entries.*.warehouse_id')
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
@@ -202,13 +196,10 @@ export default class VendorCreditController extends BaseController {
check('vendor_id').exists().isNumeric().toInt(), check('vendor_id').exists().isNumeric().toInt(),
check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
check('vendor_credit_number') check('vendor_credit_number').optional({ nullable: true }).trim(),
.optional({ nullable: true }) check('reference_no').optional().trim(),
.trim()
.escape(),
check('reference_no').optional().trim().escape(),
check('vendor_credit_date').exists().isISO8601().toDate(), check('vendor_credit_date').exists().isISO8601().toDate(),
check('note').optional().trim().escape(), check('note').optional().trim(),
check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -223,10 +214,7 @@ export default class VendorCreditController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
.toFloat(), .toFloat(),
check('entries.*.description') check('entries.*.description').optional({ nullable: true }).trim(),
.optional({ nullable: true })
.trim()
.escape(),
check('entries.*.warehouse_id') check('entries.*.warehouse_id')
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()

8
packages/server/src/api/controllers/Resources.ts
View File

@@ -18,9 +18,7 @@ export default class ResourceController extends BaseController {
router.get( router.get(
'/:resource_model/meta', '/:resource_model/meta',
[ [param('resource_model').exists().trim()],
param('resource_model').exists().trim().escape()
],
this.asyncMiddleware(this.resourceMeta.bind(this)), this.asyncMiddleware(this.resourceMeta.bind(this)),
this.handleServiceErrors this.handleServiceErrors
); );
@@ -48,9 +46,7 @@ export default class ResourceController extends BaseController {
resourceModel resourceModel
); );
return res.status(200).send({ return res.status(200).send({
resource_meta: this.transfromToResponse( resource_meta: this.transfromToResponse(resourceMeta),
resourceMeta,
),
}); });
} catch (error) { } catch (error) {
next(error); next(error);

11
packages/server/src/api/controllers/Sales/CreditNotes.ts
View File

@@ -210,9 +210,9 @@ export default class PaymentReceivesController extends BaseController {
check('credit_note_date').exists().isISO8601().toDate(), check('credit_note_date').exists().isISO8601().toDate(),
check('reference_no').optional(), check('reference_no').optional(),
check('credit_note_number').optional({ nullable: true }).trim().escape(), check('credit_note_number').optional({ nullable: true }).trim(),
check('note').optional().trim().escape(), check('note').optional().trim(),
check('terms_conditions').optional().trim().escape(), check('terms_conditions').optional().trim(),
check('open').default(false).isBoolean().toBoolean(), check('open').default(false).isBoolean().toBoolean(),
check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -228,10 +228,7 @@ export default class PaymentReceivesController extends BaseController {
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
.toFloat(), .toFloat(),
check('entries.*.description') check('entries.*.description').optional({ nullable: true }).trim(),
.optional({ nullable: true })
.trim()
.escape(),
check('entries.*.warehouse_id') check('entries.*.warehouse_id')
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()

5
packages/server/src/api/controllers/Sales/PaymentReceives.ts
View File

@@ -154,8 +154,8 @@ export default class PaymentReceivesController extends BaseController {
check('payment_date').exists(), check('payment_date').exists(),
check('reference_no').optional(), check('reference_no').optional(),
check('deposit_account_id').exists().isNumeric().toInt(), check('deposit_account_id').exists().isNumeric().toInt(),
check('payment_receive_no').optional({ nullable: true }).trim().escape(), check('payment_receive_no').optional({ nullable: true }).trim(),
check('statement').optional().trim().escape(), check('statement').optional().trim(),
check('branch_id').optional({ nullable: true }).isNumeric().toInt(), check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -176,7 +176,6 @@ export default class PaymentReceivesController extends BaseController {
private get validatePaymentReceiveList(): ValidationChain[] { private get validatePaymentReceiveList(): ValidationChain[] {
return [ return [
query('stringified_filter_roles').optional().isJSON(), query('stringified_filter_roles').optional().isJSON(),
query('view_slug').optional({ nullable: true }).isString().trim(), query('view_slug').optional({ nullable: true }).isString().trim(),
query('column_sort_by').optional(), query('column_sort_by').optional(),

11
packages/server/src/api/controllers/Sales/SalesEstimates.ts
View File

@@ -155,7 +155,7 @@ export default class SalesEstimatesController extends BaseController {
check('estimate_date').exists().isISO8601().toDate(), check('estimate_date').exists().isISO8601().toDate(),
check('expiration_date').exists().isISO8601().toDate(), check('expiration_date').exists().isISO8601().toDate(),
check('reference').optional(), check('reference').optional(),
check('estimate_number').optional().trim().escape(), check('estimate_number').optional().trim(),
check('delivered').default(false).isBoolean().toBoolean(), check('delivered').default(false).isBoolean().toBoolean(),
check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
@@ -170,8 +170,7 @@ export default class SalesEstimatesController extends BaseController {
check('entries.*.rate').exists().isNumeric().toFloat(), check('entries.*.rate').exists().isNumeric().toFloat(),
check('entries.*.description') check('entries.*.description')
.optional({ nullable: true }) .optional({ nullable: true })
.trim() .trim(),
.escape(),
check('entries.*.discount') check('entries.*.discount')
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
@@ -181,9 +180,9 @@ export default class SalesEstimatesController extends BaseController {
.isNumeric() .isNumeric()
.toInt(), .toInt(),
check('note').optional().trim().escape(), check('note').optional().trim(),
check('terms_conditions').optional().trim().escape(), check('terms_conditions').optional().trim(),
check('send_to_email').optional().trim().escape(), check('send_to_email').optional().trim(),
check('attachments').isArray().optional(), check('attachments').isArray().optional(),
check('attachments.*.key').exists().isString(), check('attachments.*.key').exists().isString(),

12
packages/server/src/api/controllers/Sales/SalesInvoices.ts
View File

@@ -200,12 +200,12 @@ export default class SaleInvoicesController extends BaseController {
check('customer_id').exists().isNumeric().toInt(), check('customer_id').exists().isNumeric().toInt(),
check('invoice_date').exists().isISO8601().toDate(), check('invoice_date').exists().isISO8601().toDate(),
check('due_date').exists().isISO8601().toDate(), check('due_date').exists().isISO8601().toDate(),
check('invoice_no').optional().trim().escape(), check('invoice_no').optional().trim(),
check('reference_no').optional().trim().escape(), check('reference_no').optional().trim(),
check('delivered').default(false).isBoolean().toBoolean(), check('delivered').default(false).isBoolean().toBoolean(),
check('invoice_message').optional().trim().escape(), check('invoice_message').optional().trim(),
check('terms_conditions').optional().trim().escape(), check('terms_conditions').optional().trim(),
check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(), check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
@@ -226,12 +226,10 @@ export default class SaleInvoicesController extends BaseController {
.toFloat(), .toFloat(),
check('entries.*.description') check('entries.*.description')
.optional({ nullable: true }) .optional({ nullable: true })
.trim() .trim(),
.escape(),
check('entries.*.tax_code') check('entries.*.tax_code')
.optional({ nullable: true }) .optional({ nullable: true })
.trim() .trim()
.escape()
.isString(), .isString(),
check('entries.*.tax_rate_id') check('entries.*.tax_rate_id')
.optional({ nullable: true }) .optional({ nullable: true })

11
packages/server/src/api/controllers/Sales/SalesReceipts.ts
View File

@@ -130,8 +130,8 @@ export default class SalesReceiptsController extends BaseController {
check('deposit_account_id').exists().isNumeric().toInt(), check('deposit_account_id').exists().isNumeric().toInt(),
check('receipt_date').exists().isISO8601(), check('receipt_date').exists().isISO8601(),
check('receipt_number').optional().trim().escape(), check('receipt_number').optional().trim(),
check('reference_no').optional().trim().escape(), check('reference_no').optional().trim(),
check('closed').default(false).isBoolean().toBoolean(), check('closed').default(false).isBoolean().toBoolean(),
check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(), check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -150,14 +150,13 @@ export default class SalesReceiptsController extends BaseController {
.toInt(), .toInt(),
check('entries.*.description') check('entries.*.description')
.optional({ nullable: true }) .optional({ nullable: true })
.trim() .trim(),
.escape(),
check('entries.*.warehouse_id') check('entries.*.warehouse_id')
.optional({ nullable: true }) .optional({ nullable: true })
.isNumeric() .isNumeric()
.toInt(), .toInt(),
check('receipt_message').optional().trim().escape(), check('receipt_message').optional().trim(),
check('statement').optional().trim().escape(), check('statement').optional().trim(),
check('attachments').isArray().optional(), check('attachments').isArray().optional(),
check('attachments.*.key').exists().isString(), check('attachments.*.key').exists().isString(),
]; ];

5
packages/server/src/api/controllers/Settings/Settings.ts
View File

@@ -52,10 +52,7 @@ export default class SettingsController extends BaseController {
* Retrieve the application options from the storage. * Retrieve the application options from the storage.
*/ */
private get getSettingsSchema() { private get getSettingsSchema() {
return [ return [query('key').optional().trim(), query('group').optional().trim()];
query('key').optional().trim().escape(),
query('group').optional().trim().escape(),
];
} }
/** /**

2
packages/server/src/api/controllers/Views.ts
View File

@@ -32,7 +32,7 @@ export default class ViewsController extends BaseController {
* Custom views list validation schema. * Custom views list validation schema.
*/ */
get viewsListSchemaValidation() { get viewsListSchemaValidation() {
return [param('resource_model').exists().trim().escape()]; return [param('resource_model').exists().trim()];
} }
/** /**