From df26b0c673c8c0c33acaf8a49ec411b35eca9922 Mon Sep 17 00:00:00 2001
From: d02ev <vikramadityapratapsingh98@gmail.com>
Date: Sat, 14 Dec 2024 23:57:35 +0530
Subject: [PATCH] updated setConfig validations

---
 backend/src/controllers/team.controller.js | 36 ++++++----------------
 backend/src/routes/team.routes.js          |  3 +-
 backend/src/utils/constants.helper.js      |  2 --
 backend/src/utils/team.helper.js           | 27 +++++++++++++---
 4 files changed, 33 insertions(+), 35 deletions(-)

diff --git a/backend/src/controllers/team.controller.js b/backend/src/controllers/team.controller.js
index 3099e4a1..8d25b84d 100644
--- a/backend/src/controllers/team.controller.js
+++ b/backend/src/controllers/team.controller.js
@@ -3,7 +3,8 @@ const TeamService = require("../service/team.service");
 const { internalServerError } = require("../utils/errors.helper");
 const { MAX_ORG_NAME_LENGTH, ORG_NAME_REGEX, VALID_URL_REGEX } = require('../utils/constants.helper');
 const db = require("../models");
-const { encryptApiKey, decryptApiKey, validateServerUrl } = require("../utils/team.helper");
+const { decryptApiKey, encryptApiKey } = require("../utils/team.helper");
+const { validationResult } = require("express-validator");
 
 const Team = db.Team;
 const teamService = new TeamService();
@@ -121,35 +122,16 @@ const updateTeamDetails = async (req, res) => {
 };
 
 const setConfig = async (req, res) => {
-  let { serverUrl, apiKey } = req.body;
-  if (!apiKey || typeof apiKey !== "string" || apiKey.trim().length === 0) {
-    return res.status(400).json({ message: 'API Key is required and should be a non-empty string' });
-  }
-
-  serverUrl = serverUrl && serverUrl !== "" ? serverUrl.trim() : serverUrl;
-  apiKey = apiKey.trim();
-  const encryptedApiKey = encryptApiKey(apiKey);
-
-  if (serverUrl) {
-    const result = validateServerUrl(serverUrl);
-
-    if (!result.valid) {
-      return res.status(400).json({ message: result.errors });
-    }
-  }
+  const validationErrors = validationResult(req);
   
-  if (serverUrl && serverUrl !== "") {
-    try {
-      const url = new URL(serverUrl);
-      if (url.username || url.password) {
-        throw new Error('URL cannot contain credentials');
-      }
-    } catch (err) {
-      return res.status(400).json({ message: 'Invalid server URL format.' });
-    }
+  if (!validationErrors.isEmpty()) {
+    return res.status(400).json({ errors: validationErrors.array() });
   }
 
   try {
+    const { serverUrl, apiKey } = req.body;
+    const encryptedApiKey = encryptApiKey(apiKey);
+
     await teamService.addServerUrlAndApiKey(serverUrl, encryptedApiKey);
     return res.status(200).json({ message: "Server URL and API Key Set Successfully" });
   } catch (err) {
@@ -190,4 +172,4 @@ const changeRole = async (req, res) => {
   }
 }
 
-module.exports = { setOrganisation, getTeamDetails, getServerUrlAndApiKey, updateTeamDetails, removeMember, changeRole, getTeamCount, setConfig };
+module.exports = { setOrganisation, getTeamDetails, getServerUrlAndApiKey, updateTeamDetails, removeMember, changeRole, getTeamCount, setConfig, teamService };
diff --git a/backend/src/routes/team.routes.js b/backend/src/routes/team.routes.js
index 7cc0474d..32db24ba 100644
--- a/backend/src/routes/team.routes.js
+++ b/backend/src/routes/team.routes.js
@@ -16,6 +16,7 @@ const {
 const authenticateJWT = require("../middleware/auth.middleware");
 const accessGuard = require("../middleware/accessGuard.middleware");
 const settings = require("../../config/settings");
+const { validateSetConfig } = require("../utils/team.helper");
 
 const router = express.Router();
 const teamPermissions = settings.team.permissions;
@@ -28,7 +29,7 @@ router.post("/set-organisation", authenticateJWT, accessGuard(teamPermissions.se
 router.post("/invite", authenticateJWT, accessGuard(teamPermissions.invite), sendTeamInvite);
 router.put("/update", authenticateJWT, accessGuard(teamPermissions.update), updateTeamDetails);
 router.put("/change-role", authenticateJWT, accessGuard(teamPermissions.changeRole), changeRole);
-router.put('/set-config', authenticateJWT, accessGuard(teamPermissions.serverUrlAndApiKey), setConfig);
+router.put('/set-config', authenticateJWT, accessGuard(teamPermissions.serverUrlAndApiKey), validateSetConfig, setConfig);
 
 router.delete("/remove/:memberId", authenticateJWT, accessGuard(teamPermissions.removeUser), removeMember);
 router.get('/get-all-invites', authenticateJWT, accessGuard(teamPermissions.removeUser), getAllInvites);
diff --git a/backend/src/utils/constants.helper.js b/backend/src/utils/constants.helper.js
index 4b5b71ed..b3d04bbc 100644
--- a/backend/src/utils/constants.helper.js
+++ b/backend/src/utils/constants.helper.js
@@ -13,7 +13,5 @@ module.exports = Object.freeze({
     ORG_NAME_REGEX: /^[a-zA-Z0-9\s\-_&.]+$/,
     URL_PROTOCOL_REGEX: /^(https?:\/\/)/,
     URL_DOMAIN_REGEX: /^https?:\/\/([a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/,
-    URL_PORT_REGEX: /^https?:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}(:[0-9]{1,5})?/,
-    URL_PATH_REGEX: /^https?:\/\/[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}(:[0-9]{1,5})?(\/[^\s]*)?$/
   }); 
   
\ No newline at end of file
diff --git a/backend/src/utils/team.helper.js b/backend/src/utils/team.helper.js
index 46cc99fe..fa241d01 100644
--- a/backend/src/utils/team.helper.js
+++ b/backend/src/utils/team.helper.js
@@ -1,5 +1,6 @@
 const jwt = require('jsonwebtoken');
 const { URL_PROTOCOL_REGEX, URL_DOMAIN_REGEX } = require('./constants.helper');
+const { check } = require('express-validator');
 
 require('dotenv').config();
 
@@ -18,10 +19,6 @@ const decryptApiKey = (apiKey) => {
 const validateServerUrl = url => {
   const errors = [];
 
-  if (url === "") {
-    return { valid: true, error: null }
-  }
-
   if (!URL_PROTOCOL_REGEX.test(url)) {
     errors.push("Invalid or missing protocol (must be 'http://' or 'https://').")
   }
@@ -43,4 +40,24 @@ const validateServerUrl = url => {
   return { valid: false, errors }
 };
 
-module.exports = { encryptApiKey, decryptApiKey, validateServerUrl };
\ No newline at end of file
+const validateSetConfig = [
+  check('apiKey')
+    .exists().withMessage('API Key is required')
+    .isString().withMessage('API Key must be a string')
+    .trim()
+    .notEmpty().withMessage('API Key cannot be empty'),
+
+  check('serverUrl')
+    .optional()
+    .isString().withMessage('Server URL must be a string')
+    .trim()
+    .custom(value => {
+      const result = validateServerUrl(value);
+      if (result.valid) {
+        return true;
+      }
+      throw new Error(result.errors);
+    })
+];
+
+module.exports = { encryptApiKey, decryptApiKey, validateSetConfig };
\ No newline at end of file