Skip to content
This repository has been archived by the owner on Dec 10, 2023. It is now read-only.

Commit

Permalink
Merge pull request #145 from GammaMicrowave/main
Browse files Browse the repository at this point in the history 
added guard conditions in submit form controller and other minor changes
  • Loading branch information
@BuddyLongLegs
BuddyLongLegs committed Jul 5, 2023
2 parents 3aa5116 + 6b08877 commit 2f5bc43
Show file tree
Hide file tree
Showing 9 changed files with 103 additions and 21 deletions.
4 changes: 2 additions & 2 deletions controllers/auth.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import {
} from '../utils/responseCodes.js';
import { hash_password, getJwt } from '../utils/password.js';
import User from '../models/user.model.js';
import verifycaptcha from '../utils/recaptcha.js';
import { verifycaptcha } from '../utils/recaptcha.js';
import validator from 'validator';
import { OAuth2Client } from 'google-auth-library';
const client = new OAuth2Client(
Expand Down Expand Up @@ -64,7 +64,7 @@ export async function signUp(req, res) {
if (checkUser) return response_400(res, 'Email already in use');
if (!verifycaptcha(recaptcha_token))
return response_400(res, 'Captcha was found incorrect');

const password = await hash_password(req.body.password);
let newUser = User({
email,
Expand Down
35 changes: 25 additions & 10 deletions controllers/form.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,13 @@ import {
response_401,
response_500,
} from '../utils/responseCodes.js';
import verifycaptcha from '../utils/recaptcha.js';
import { verifycaptcha } from '../utils/recaptcha.js';
import { hash_password, encryptString } from '../utils/password.js';
import Form from '../models/form.model.js';
import Project from '../models/project.model.js';
import { generateRandomString } from '../utils/generateRandomString.js';
import { prisma } from '../config/sql.config.js';

export async function updateForm(req, res) {
const id = req.params.id;

Expand Down Expand Up @@ -195,27 +196,41 @@ export async function getForm(req, res) {
]);
form = form[0];
if (!form) return response_400(res, 'Form not found');
return response_200(res, 'OK', form);
} catch (error) {
console.log(error);
return response_500(res, 'Server Error', error);
}
}

export async function getFormSubmissions(req, res) {
try {
const { formId } = req.params;
const { limit, skip } = req.query;

const formSubmissions = await prisma.formSubmission.findMany({
select: {
id: true,
data: true,
createdAt: true,
where: {
formId: formId,
},
orderBy: {
createdAt: 'desc',
},
where: {
formId: formId,
select: {
id: true,
data: true,
createdAt: true,
},
take: limit,
skip: skip,
});
form.submission = formSubmissions;
console.log(form);
return response_200(res, 'OK', form);

return response_200(res, 'OK', formSubmissions);
} catch (error) {
console.log(error);
return response_500(res, 'Server Error', error);
}
}

export async function deleteForm(req, res) {
try {
const id = req.body.id;
Expand Down
52 changes: 48 additions & 4 deletions controllers/formSubmission.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,29 +9,73 @@ import {
response_500,
} from '../utils/responseCodes.js';
import Form from '../models/form.model.js';
import { createFile } from '../utils/fileUpload.js';
import { verifySubmissionRecaptcha } from '../utils/recaptcha.js';

export async function createFormSubmission(req, res) {
try {

const grcToken = req.body['grc-token'];
const encryptedStr = req.query.formRef;
const decryptedStr = dcryptString(encryptedStr);
console.log(decryptedStr);
const { formId, submisssionLinkGeneratedAt } = JSON.parse(decryptedStr);
const form = await Form.findOne({ formId: formId });

const form = await Form.findOne({ formId: formId }).populate('project');
if (!form) return response_400(res, 'Form not found');


let incomingTime = new Date(form.submisssionLinkGeneratedAt).getTime();
console.log(incomingTime);
console.log(submisssionLinkGeneratedAt);
if (incomingTime !== submisssionLinkGeneratedAt)
return response_400(res, 'Link expired');


if (form.project.allowRecaptcha) {
if (!grcToken) return response_401(res, 'Recaptcha token not found');
const recaptcha = await verifySubmissionRecaptcha(
grcToken,
form.project.recaptchaSecretKey,
);
if (!recaptcha) return response_401(res, 'Recaptcha verification failed');
}


const allowedOrigins = form.project.allowedOrigins;
if (allowedOrigins.length > 0) {
const origin = req.headers.origin;
if (!allowedOrigins.includes(origin))
return response_401(res, 'Origin not allowed');
}

const schema = form.schema;
const submissionData = req.body;

if (form.hasFileField) {
if (req.files.length > 1) {
return response_400(res, 'Too many files');
}

if (req.files.length === 1) {
let fieldName = req.files[0].fieldname;
submissionData[fieldName] = fieldName;
}
}

const isValid = validateSchema(schema, submissionData);
if (!isValid) return response_400(res, 'Invalid data');

if (form.hasFileField) {
const fileUrl = (await createFile(req.files[0])).url;
if (!fileUrl) return response_500(res, 'File upload failed');
submissionData[req.files[0].fieldname] = fileUrl;
}

const submission = await prisma.formSubmission.create({
data: {
formId: formId,
data: submissionData,
},
});

return response_201(res, submission);
} catch (err) {
return response_500(res, err);
Expand Down
2 changes: 1 addition & 1 deletion controllers/project.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import Project from '../models/project.model.js';
import User from '../models/user.model.js';
import Form from '../models/form.model.js';
import Collaborators from '../models/invitedCollaborators.model.js';
import verifycaptcha from '../utils/recaptcha.js';
import { verifycaptcha } from '../utils/recaptcha.js';
import { sendCollabInvitationLink } from '../utils/mailer.js';
import { getJwt, hash_password } from '../utils/password.js';
import {
Expand Down
2 changes: 1 addition & 1 deletion controllers/user.controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { sendVerificationLink } from '../utils/mailer.js';
import { getJwt, hash_password } from '../utils/password.js';
import { response_200, response_400 } from '../utils/responseCodes.js';
import verifycaptcha from '../utils/recaptcha.js';
import { verifycaptcha } from '../utils/recaptcha.js';
import validator from 'validator';
import jwt from 'jsonwebtoken';
import User from '../models/user.model.js';
Expand Down
2 changes: 2 additions & 0 deletions routes/form.routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import {
deleteForm,
updateForm,
getForm,
getFormSubmissions,
} from '../controllers/form.controller.js';
const router = Router();

Expand All @@ -16,4 +17,5 @@ router.post('/new/:projectId', verifiedMiddleware, createForm);
router.patch('/update/:id', verifiedMiddleware, updateForm);
router.delete('/', verifiedMiddleware, deleteForm);
router.get('/dashboard/:formId', verifiedMiddleware, getForm);
router.get('/submissions/:formId', verifiedMiddleware, getFormSubmissions);
export default router;
4 changes: 3 additions & 1 deletion routes/formSubmission.routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ import { greet } from '../controllers/auth.controller.js';
import verifiedMiddleware from '../middlewares/verify.middleware.js';
import { Router } from 'express';
import { createFormSubmission } from '../controllers/formSubmission.controller.js';
import upload from '../config/multer.config.js';

const router = Router();
router.post('/submit', createFormSubmission);
router.post('/submit', upload.any(), createFormSubmission);
export default router;
3 changes: 2 additions & 1 deletion utils/fileUpload.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import {
GetObjectCommand,
} from '@aws-sdk/client-s3';
import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
import crypto from 'crypto';
import dotenv from 'dotenv';

dotenv.config();
Expand Down Expand Up @@ -50,6 +51,6 @@ export const getFile = async (fileName) => {
Key: fileName,
};
const command = new GetObjectCommand(getObjectParams);
const url = await getSignedUrl(s3, command, );
const url = await getSignedUrl(s3, command);
return { url };
};
20 changes: 19 additions & 1 deletion utils/recaptcha.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
export default async function verifycaptcha(token) {
export async function verifycaptcha(token) {
if (process.env.ENV === 'dev') return true;
var secretKey = process.env.GOOGLE_RECAPTCHA_SECRET_KEY;
var userKey = token;
Expand All @@ -16,3 +16,21 @@ export default async function verifycaptcha(token) {

return false;
}

export async function verifySubmissionRecaptcha(token, secret) {
var secretKey = secret;
var userKey = token;
let res = await fetch('https://www.google.com/recaptcha/api/siteverify', {
method: 'POST',
body: {
secret: secretKey,
response: userKey,
},
});

if (res.body.success) {
return true;
}

return false;
}

0 comments on commit 2f5bc43

Please sign in to comment.