From 4e74c4db86f9c8179ad3af487cd01f305a02feb4 Mon Sep 17 00:00:00 2001 From: Julian Simioni Date: Mon, 14 Sep 2015 17:52:48 -0400 Subject: [PATCH] Add autocomplete sanitiser This is similar to the search sanitiser but with a more limited scope. It doesn't support layers, sorces, or bounding boxes. --- routes/v1.js | 3 ++- sanitiser/_geo_autocomplete.js | 19 +++++++++++++++++++ sanitiser/autocomplete.js | 24 ++++++++++++++++++++++++ test/unit/run.js | 1 + test/unit/sanitiser/autocomplete.js | 21 +++++++++++++++++++++ 5 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 sanitiser/_geo_autocomplete.js create mode 100644 sanitiser/autocomplete.js create mode 100644 test/unit/sanitiser/autocomplete.js diff --git a/routes/v1.js b/routes/v1.js index 49fb3021..97ddcc0b 100644 --- a/routes/v1.js +++ b/routes/v1.js @@ -4,6 +4,7 @@ var reverseQuery = require('../query/reverse'); /** ----------------------- sanitisers ----------------------- **/ var sanitisers = { + autocomplete: require('../sanitiser/autocomplete'), place: require('../sanitiser/place'), search: require('../sanitiser/search'), reverse: require('../sanitiser/reverse') @@ -60,7 +61,7 @@ function addRoutes(app, peliasConfig) { postProc.sendJSON ]), autocomplete: createRouter([ - sanitisers.search.middleware, + sanitisers.autocomplete.middleware, middleware.types, controllers.search(null, require('../query/autocomplete')), postProc.confidenceScores(peliasConfig), diff --git a/sanitiser/_geo_autocomplete.js b/sanitiser/_geo_autocomplete.js new file mode 100644 index 00000000..4a2d1144 --- /dev/null +++ b/sanitiser/_geo_autocomplete.js @@ -0,0 +1,19 @@ +var geo_common = require ('./_geo_common'); +var LAT_LON_IS_REQUIRED = false; + +// validate inputs, convert types and apply defaults +module.exports = function sanitize( raw, clean ){ + + // error & warning messages + var messages = { errors: [], warnings: [] }; + + try { + geo_common.sanitize_coord( 'lat', clean, raw['focus.point.lat'], LAT_LON_IS_REQUIRED ); + geo_common.sanitize_coord( 'lon', clean, raw['focus.point.lon'], LAT_LON_IS_REQUIRED ); + } + catch (err) { + messages.errors.push( err.message ); + } + + return messages; +}; diff --git a/sanitiser/autocomplete.js b/sanitiser/autocomplete.js new file mode 100644 index 00000000..84e8752a --- /dev/null +++ b/sanitiser/autocomplete.js @@ -0,0 +1,24 @@ +var sanitizeAll = require('../sanitiser/sanitizeAll'), + sanitizers = { + text: require('../sanitiser/_text'), + size: require('../sanitiser/_size'), + private: require('../sanitiser/_flag_bool')('private', false), + geo_autocomplete: require('../sanitiser/_geo_autocomplete'), + }; + +var sanitize = function(req, cb) { sanitizeAll(req, sanitizers, cb); }; + +// export sanitize for testing +module.exports.sanitize = sanitize; +module.exports.sanitiser_list = sanitizers; + +// middleware +module.exports.middleware = function( req, res, next ){ + sanitize( req, function( err, clean ){ + if( err ){ + res.status(400); // 400 Bad Request + return next(err); + } + next(); + }); +}; diff --git a/test/unit/run.js b/test/unit/run.js index bc166c4b..efdc405d 100644 --- a/test/unit/run.js +++ b/test/unit/run.js @@ -9,6 +9,7 @@ var tests = [ require('./service/mget'), require('./service/search'), require('./sanitiser/_flag_bool'), + require('./sanitiser/autocomplete'), require('./sanitiser/_sources'), require('./sanitiser/search'), require('./sanitiser/_layers'), diff --git a/test/unit/sanitiser/autocomplete.js b/test/unit/sanitiser/autocomplete.js new file mode 100644 index 00000000..a2a0e59e --- /dev/null +++ b/test/unit/sanitiser/autocomplete.js @@ -0,0 +1,21 @@ +var autocomplete = require('../../../sanitiser/autocomplete'); + +module.exports.tests = {}; + +module.exports.tests.sanitisers = function(test, common) { + test('check sanitiser list', function (t) { + var expected = ['text', 'size', 'private', 'geo_autocomplete' ]; + t.deepEqual(Object.keys(autocomplete.sanitiser_list), expected); + t.end(); + }); +}; + +module.exports.all = function (tape, common) { + function test(name, testFunction) { + return tape('SANTIZE /autocomplete ' + name, testFunction); + } + + for( var testCase in module.exports.tests ){ + module.exports.tests[testCase](test, common); + } +};