Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
// eslint-disable-next-line no-unused-vars
const logger = loggerFactory('growi:routes:apiv3:notification-setting');
const express = require('express');
const router = express.Router();
const { body } = require('express-validator/check');
const ErrorV3 = require('../../models/vo/error-apiv3');
const validator = {
slackConfiguration: [
body('webhookUrl').isString().trim(),
body('isIncomingWebhookPrioritized').isBoolean(),
body('slackToken').isString().trim(),
],
userNotification: [
body('pathPattern').isString().trim(),
body('channel').isString().trim(),
],
};
/**
* @swagger
* tags:
* name: NotificationSetting
*/
/**
* @swagger
return new Response.ResourceNotFound().send(res);
}
return new Response.Success({ roles: user.roles }).send(res);
} catch (err) {
return next(err);
}
},
);
/* PUT /users/:userId/roles */
router.put(
'/',
middlewares.permission(GRANT_REVOKE_ROLE),
[
param('userId').trim().isInt(),
body('roleIds.*').custom(v => Number.isInteger(v)),
],
[
sanitizeParam('userId').trim().toInt(),
],
middlewares.validate(),
async ({ params: { userId }, body: { roleIds } }, res, next) => {
try {
const user = await User.findByPk(userId);
if (!user) {
return new Response.ResourceNotFound().send(res);
}
if (roleIds.includes(Role.Known.anonymous.id) || !roleIds.includes(Role.Known.loggedIn.id)) {
return new Response.BadRequest().send(res);
}
await user.setRoles(roleIds);
return new Response.Success({ roles: user.roles }).send(res);
);
/* set permissions */
router.put(
'/:fullTitle/permissions',
middlewares.permission(SET_ARTICLE_PERMISSION),
[
param('fullTitle')
.trim()
.custom(v => Article.validateFullTitle(v)),
body('articlePermissions.*.roleId')
.custom(v => Number.isInteger(v)),
body('articlePermissions.*.readable')
.optional()
.custom(v => [true, false, null].includes(v)),
body('articlePermissions.*.editable')
.optional()
.custom(v => [true, false, null].includes(v)),
body('articlePermissions.*.renamable')
.optional()
.custom(v => [true, false, null].includes(v)),
body('articlePermissions.*.deletable')
.optional()
.custom(v => [true, false, null].includes(v)),
],
[
sanitizeParam('fullTitle').trim(),
],
middlewares.validate(),
middlewares.checkBlock(),
async ({ params: { fullTitle }, body: { articlePermissions } }, res, next) => {
try {
* returns create a payment (requires confirmation)
*
* @Method POST
* @URL /api/transactions/create
*
*/
createRouter
.route("/create")
.post(
[
body("accountBill")
.exists()
.isString()
.isLength({ min: 26, max: 26 }),
body("amountMoney")
.exists()
.isNumeric()
.isLength({ min: 1 }),
body("transferTitle")
.exists()
.isString()
.isLength({ min: 1, max: 255 }),
body("locale")
.exists()
.isString()
.isLength({ min: 2, max: 2 })
],
async (req: Request, res: Response, next: NextFunction) => {
const transactionService = new TransactionService();
const billService = new BillService();
api.validators.add = function() {
const validator = [
body('commentForm.page_id').exists(),
body('commentForm.revision_id').exists(),
body('commentForm.comment').exists(),
body('commentForm.comment_position').isInt(),
body('commentForm.is_markdown').isBoolean(),
body('commentForm.replyTo').exists().custom((value) => {
if (value === '') {
return undefined;
}
return ObjectId(value);
}),
body('slackNotificationForm.isSlackEnabled').isBoolean().exists(),
];
return validator;
};
const { body } = require('express-validator/check');
const mongoose = require('mongoose');
const ObjectId = mongoose.Schema.Types.ObjectId;
module.exports = [
body('commentForm.page_id').exists(),
body('commentForm.revision_id').exists(),
body('commentForm.comment').exists(),
body('commentForm.comment_position').isInt(),
body('commentForm.is_markdown').isBoolean(),
body('commentForm.replyTo').exists().custom((value) => {
if (value === '') {
return undefined;
}
return ObjectId(value);
}),
body('slackNotificationForm.isSlackEnabled').isBoolean().exists(),
];
body('confidential'),
body('globalLang').isIn(['en-US', 'ja']),
body('fileUpload').isBoolean(),
],
siteUrlSetting: [
body('siteUrl').trim().matches(/^(https?:\/\/[^/]+|)$/).isURL({ require_tld: false }),
],
mailSetting: [
body('fromAddress').trim().isEmail(),
body('smtpHost').trim(),
body('smtpPort').trim().isPort(),
body('smtpUser').trim(),
body('smtpPassword').trim(),
],
awsSetting: [
body('region').trim().matches(/^[a-z]+-[a-z]+-\d+$/).withMessage('リージョンには、AWSリージョン名を入力してください。 例: ap-northeast-1'),
body('customEndpoint').trim().matches(/^(https?:\/\/[^/]+|)$/).withMessage('カスタムエンドポイントは、http(s)://で始まるURLを指定してください。また、末尾の/は不要です。'),
body('bucket').trim(),
body('accessKeyId').trim().matches(/^[\da-zA-Z]+$/),
body('secretKey').trim(),
],
pluginSetting: [
body('isEnabledPlugins').isBoolean(),
],
};
/**
* @swagger
*
* /app-settings/:
* get:
* tags: [AppSettings]
association: User.associations.roles,
}],
where,
limit,
});
new Response.Success({ users }).send(res);
} catch (err) {
next(err);
}
},
);
router.post(
'/',
[
body('username')
.trim()
.custom(v => User.validateUsername(v)),
body('password')
.trim()
.isLength({ min: 6 }),
body('email')
.trim()
.isEmail()
.isLength({ max: 128 }),
],
[
sanitizeBody('fullTitle').trim(),
sanitizeBody('password').trim(),
sanitizeBody('email').trim(),
],
middlewares.validate(),
body('pageCompleteDeletionAuthority').isString(),
body('hideRestrictedByOwner').isBoolean(),
body('hideRestrictedByGroup').isBoolean(),
],
localSetting: [
body('isLocalEnabled').isBoolean(),
body('registrationMode').isString(),
body('registrationwhiteList').isString(),
],
googleOAuth: [
body('googleClientId').isString(),
body('googleClientSecret').isString(),
body('isSameUsernameTreatedAsIdenticalUser').isBoolean(),
],
githubOAuth: [
body('githubClientId').isString(),
body('githubClientSecret').isString(),
body('isSameUsernameTreatedAsIdenticalUser').isBoolean(),
],
twitterOAuth: [
body('twitterConsumerKey').isString(),
body('twitterConsumerSecret').isString(),
body('isSameUsernameTreatedAsIdenticalUser').isBoolean(),
],
};
/**
* @swagger
* tags:
* name: SecuritySetting
*/
[
param('fullTitle')
.trim()
.custom(v => Article.validateFullTitle(v)),
body('articlePermissions.*.roleId')
.custom(v => Number.isInteger(v)),
body('articlePermissions.*.readable')
.optional()
.custom(v => [true, false, null].includes(v)),
body('articlePermissions.*.editable')
.optional()
.custom(v => [true, false, null].includes(v)),
body('articlePermissions.*.renamable')
.optional()
.custom(v => [true, false, null].includes(v)),
body('articlePermissions.*.deletable')
.optional()
.custom(v => [true, false, null].includes(v)),
],
[
sanitizeParam('fullTitle').trim(),
],
middlewares.validate(),
middlewares.checkBlock(),
async ({ params: { fullTitle }, body: { articlePermissions } }, res, next) => {
try {
const article = await Article.findByFullTitle(fullTitle);
if (!article) {
return new Response.ResourceNotFound().send(res);
}
return sequelize.transaction(async (t) => {
const permissionsToInsert = articlePermissions