node.js - Do i need to validate variables again in router.get method after validating in router.use method? -


i using nodejs , express framework , mysql database

i validating data in use method only

what don't understand should validate data again in method ?

i have code

var express = require('express'); var router = express.router(); var jwt = require('jsonwebtoken');  function isnullorwhitespace(input) { if (typeof input === 'undefined' || input == null) return true; return input.replace(/\s/g, '').length < 1; }  function haswhitespace(s) { return /\s/g.test(s); }    router.use(function(req, res, next) { var auth_key = req.headers['auth_key']; var api_key = req.query['api_key']; var source_id = req.query['source_id']; if( (auth_key) && (api_key) && (source_id) && (auth_key!==undefined) && (api_key!==undefined) &&(source_id!==undefined) && !isnullorwhitespace(auth_key) && !isnullorwhitespace(api_key) && !isnullorwhitespace(source_id) && !haswhitespace(auth_key) && !haswhitespace(api_key) && !(haswhitespace(source_id))) { next(); } else {     if( (!auth_key) || (auth_key===undefined) || isnullorwhitespace(auth_key) || haswhitespace(auth_key))     {         var auth_key_error = {         status : "fail",         message : "invalid auth key"     };           return res.status(403).send(auth_key_error); }     else if((!api_key) || (api_key===undefined) || isnullorwhitespace(api_key) || haswhitespace(api_key))     {         var api_key_error = {             status : "fail",             message : "invalid api key"         };           return res.status(403).send(api_key_error);      }     else if((!source_id) || (source_id===undefined) || isnullorwhitespace(source_id) || haswhitespace(source_id))     {         var sourceid_error = {             status : "fail",             message : "invalid source id"         };           return res.status(403).send(sourceid_error);      }     else{         var fieldsempty_error = {             status : "fail",             message : "some field incorrect or left empty"         };           return res.status(403).send(fieldsempty_error);     } }  });  router.get('/', function (req, res, next) {   var auth_key = req.headers['auth_key']; var api_key = req.query['api_key']; var source_id = req.query['source_id']; //do here      });  module.exports = router;

now want use header[] , query string [] variables again in method

how should access variables in method properly?

also sanitization ?

do need perform sanitization variables in code ?

also 1 more thing .. read next method used execute next order middleware function

what should if have 1 use function middleware ?

logically data validation might differ 1 route end point another, it's better not use route.use() use methods according verbs using (get, post, delete ...).

use express-validator validate data, gives possibility make async/synchron validation in human readable uniform code.

to access data, usally in req.query, if url sent is: host.com?data1=x ==> req.query.data1

if in body, usally case post/put/patch requests, use req.body.data1.

to access data, have encode them. if sent data in json form, should decode them before accessing them, using middleware purpose, able access them this: req.body.name ....


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more