fix(striker-ui-api): sanitize config striker input, rename rqbody->body
This commit is contained in:
Tsu-ba-me
parent
c4232916f9
commit
dc4a49a94c
@ -3,13 +3,14 @@ import { RequestHandler } from 'express';
|
|||||||
|
|
||||||
import {
|
import {
|
||||||
REP_DOMAIN,
|
REP_DOMAIN,
|
||||||
REP_INTEGER,
|
|
||||||
REP_IPV4,
|
REP_IPV4,
|
||||||
REP_IPV4_CSV,
|
REP_IPV4_CSV,
|
||||||
} from '../../consts/REG_EXP_PATTERNS';
|
REP_PEACEFUL_STRING,
|
||||||
import SERVER_PATHS from '../../consts/SERVER_PATHS';
|
SERVER_PATHS,
|
||||||
|
} from '../../consts';
|
||||||
|
|
||||||
import { job } from '../../accessModule';
|
import { job } from '../../accessModule';
|
||||||
|
import { sanitize } from '../../sanitize';
|
||||||
import { stderr, stdoutVar } from '../../shell';
|
import { stderr, stdoutVar } from '../../shell';
|
||||||
|
|
||||||
const fvar = (configStepCount: number, fieldName: string) =>
|
const fvar = (configStepCount: number, fieldName: string) =>
|
||||||
@ -39,70 +40,72 @@ ${fvar(
|
|||||||
export const configStriker: RequestHandler<
|
export const configStriker: RequestHandler<
|
||||||
unknown,
|
unknown,
|
||||||
undefined,
|
undefined,
|
||||||
InitializeStrikerForm
|
Partial<InitializeStrikerForm>
|
||||||
> = ({ body }, response) => {
|
> = (request, response) => {
|
||||||
|
const { body = {} } = request;
|
||||||
|
|
||||||
stdoutVar(body, 'Begin initialize Striker; body=');
|
stdoutVar(body, 'Begin initialize Striker; body=');
|
||||||
|
|
||||||
const {
|
const {
|
||||||
adminPassword = '',
|
adminPassword: rAdminPassword = '',
|
||||||
domainName = '',
|
domainName: rDomainName = '',
|
||||||
hostName = '',
|
hostName: rHostName = '',
|
||||||
hostNumber = 0,
|
hostNumber: rHostNumber = 0,
|
||||||
networkDNS = '',
|
networkDNS: rNetworkDns = '',
|
||||||
networkGateway = '',
|
networkGateway: rNetworkGateway = '',
|
||||||
networks = [],
|
networks = [],
|
||||||
organizationName = '',
|
organizationName: rOrganizationName = '',
|
||||||
organizationPrefix = '',
|
organizationPrefix: rOrganizationPrefix = '',
|
||||||
} = body || {};
|
} = body;
|
||||||
|
|
||||||
const dataAdminPassword = String(adminPassword);
|
const adminPassword = sanitize(rAdminPassword, 'string');
|
||||||
const dataDomainName = String(domainName);
|
const domainName = sanitize(rDomainName, 'string');
|
||||||
const dataHostName = String(hostName);
|
const hostName = sanitize(rHostName, 'string');
|
||||||
const dataHostNumber = String(hostNumber);
|
const hostNumber = sanitize(rHostNumber, 'number');
|
||||||
const dataNetworkDNS = String(networkDNS);
|
const networkDns = sanitize(rNetworkDns, 'string');
|
||||||
const dataNetworkGateway = String(networkGateway);
|
const networkGateway = sanitize(rNetworkGateway, 'string');
|
||||||
const dataOrganizationName = String(organizationName);
|
const organizationName = sanitize(rOrganizationName, 'string');
|
||||||
const dataOrganizationPrefix = String(organizationPrefix);
|
const organizationPrefix = sanitize(rOrganizationPrefix, 'string');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
assert(
|
assert(
|
||||||
!/['"/\\><}{]/g.test(dataAdminPassword),
|
REP_PEACEFUL_STRING.test(adminPassword),
|
||||||
`Data admin password cannot contain single-quote, double-quote, slash, backslash, angle brackets, and curly brackets; got [${dataAdminPassword}]`,
|
`Data admin password cannot contain single-quote, double-quote, slash, backslash, angle brackets, and curly brackets; got [${adminPassword}]`,
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(
|
assert(
|
||||||
REP_DOMAIN.test(dataDomainName),
|
REP_DOMAIN.test(domainName),
|
||||||
`Data domain name can only contain alphanumeric, hyphen, and dot characters; got [${dataDomainName}]`,
|
`Data domain name can only contain alphanumeric, hyphen, and dot characters; got [${domainName}]`,
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(
|
assert(
|
||||||
REP_DOMAIN.test(dataHostName),
|
REP_DOMAIN.test(hostName),
|
||||||
`Data host name can only contain alphanumeric, hyphen, and dot characters; got [${dataHostName}]`,
|
`Data host name can only contain alphanumeric, hyphen, and dot characters; got [${hostName}]`,
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(
|
assert(
|
||||||
REP_INTEGER.test(dataHostNumber) && hostNumber > 0,
|
Number.isInteger(hostNumber) && hostNumber > 0,
|
||||||
`Data host number can only contain digits; got [${dataHostNumber}]`,
|
`Data host number can only contain digits; got [${hostNumber}]`,
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(
|
assert(
|
||||||
REP_IPV4_CSV.test(dataNetworkDNS),
|
REP_IPV4_CSV.test(networkDns),
|
||||||
`Data network DNS must be a comma separated list of valid IPv4 addresses; got [${dataNetworkDNS}]`,
|
`Data network DNS must be a comma separated list of valid IPv4 addresses; got [${networkDns}]`,
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(
|
assert(
|
||||||
REP_IPV4.test(dataNetworkGateway),
|
REP_IPV4.test(networkGateway),
|
||||||
`Data network gateway must be a valid IPv4 address; got [${dataNetworkGateway}]`,
|
`Data network gateway must be a valid IPv4 address; got [${networkGateway}]`,
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(
|
assert(
|
||||||
dataOrganizationName.length > 0,
|
REP_PEACEFUL_STRING.test(organizationName),
|
||||||
`Data organization name cannot be empty; got [${dataOrganizationName}]`,
|
`Data organization name cannot be empty; got [${organizationName}]`,
|
||||||
);
|
);
|
||||||
|
|
||||||
assert(
|
assert(
|
||||||
/^[a-z0-9]{1,5}$/.test(dataOrganizationPrefix),
|
/^[a-z0-9]{1,5}$/.test(organizationPrefix),
|
||||||
`Data organization prefix can only contain 1 to 5 lowercase alphanumeric characters; got [${dataOrganizationPrefix}]`,
|
`Data organization prefix can only contain 1 to 5 lowercase alphanumeric characters; got [${organizationPrefix}]`,
|
||||||
);
|
);
|
||||||
} catch (assertError) {
|
} catch (assertError) {
|
||||||
stderr(
|
stderr(
|
||||||
@ -120,7 +123,7 @@ export const configStriker: RequestHandler<
|
|||||||
${fvar(1, 'organization')}=${organizationName}
|
${fvar(1, 'organization')}=${organizationName}
|
||||||
${fvar(1, 'prefix')}=${organizationPrefix}
|
${fvar(1, 'prefix')}=${organizationPrefix}
|
||||||
${fvar(1, 'sequence')}=${hostNumber}
|
${fvar(1, 'sequence')}=${hostNumber}
|
||||||
${fvar(2, 'dns')}=${networkDNS}
|
${fvar(2, 'dns')}=${networkDns}
|
||||||
${fvar(2, 'gateway')}=${networkGateway}
|
${fvar(2, 'gateway')}=${networkGateway}
|
||||||
${fvar(2, 'host_name')}=${hostName}
|
${fvar(2, 'host_name')}=${hostName}
|
||||||
${fvar(2, 'striker_password')}=${adminPassword}
|
${fvar(2, 'striker_password')}=${adminPassword}
|
||||||
|
|||||||
@ -9,9 +9,9 @@ import { sanitize } from '../../sanitize';
|
|||||||
import { stderr, stdout, stdoutVar } from '../../shell';
|
import { stderr, stdout, stdoutVar } from '../../shell';
|
||||||
|
|
||||||
export const createServer: RequestHandler = async (request, response) => {
|
export const createServer: RequestHandler = async (request, response) => {
|
||||||
const { body: rqbody = {} } = request;
|
const { body = {} } = request;
|
||||||
|
|
||||||
stdoutVar({ rqbody }, 'Creating server.\n');
|
stdoutVar(body, 'Creating server; body=');
|
||||||
|
|
||||||
const {
|
const {
|
||||||
serverName: rServerName,
|
serverName: rServerName,
|
||||||
@ -27,7 +27,7 @@ export const createServer: RequestHandler = async (request, response) => {
|
|||||||
driverISOFileUUID: rDriverIsoUuid,
|
driverISOFileUUID: rDriverIsoUuid,
|
||||||
anvilUUID: rAnvilUuid,
|
anvilUUID: rAnvilUuid,
|
||||||
optimizeForOS: rOptimizeForOs,
|
optimizeForOS: rOptimizeForOs,
|
||||||
} = rqbody;
|
} = body;
|
||||||
|
|
||||||
const serverName = sanitize(rServerName, 'string');
|
const serverName = sanitize(rServerName, 'string');
|
||||||
const os = sanitize(rOptimizeForOs, 'string');
|
const os = sanitize(rOptimizeForOs, 'string');
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user