4 лет назад · 426b0456ce
--- a/packages/app/src/server/middlewares/apiv1-form-validator.ts
+++ b/packages/app/src/server/middlewares/apiv1-form-validator.ts
@@ -0,0 +1,25 @@
 
				+import { validationResult } from 'express-validator';
			
 
				+import { NextFunction, Request, Response } from 'express';
			
 
				+
			
 
				+import loggerFactory from '~/utils/logger';
			
 
				+import ApiResponse from '../util/apiResponse';
			
 
				+
			
 
				+const logger = loggerFactory('growi:middlewares:ApiV1FormValidator');
			
 
				+
			
 
				+export default (req: Request, res: Response, next: NextFunction): void => {
			
 
				+  logger.debug('req.query', req.query);
			
 
				+  logger.debug('req.params', req.params);
			
 
				+  logger.debug('req.body', req.body);
			
 
				+
			
 
				+  const errObjArray = validationResult(req);
			
 
				+  if (errObjArray.isEmpty()) {
			
 
				+    return next();
			
 
				+  }
			
 
				+
			
 
				+  const errs = errObjArray.array().map((err) => {
			
 
				+    logger.error(`${err.location}.${err.param}: ${err.msg}`);
			
 
				+    return ApiResponse.error(`${err.param}: ${err.msg}`, 'validation_failed');
			
 
				+  });
			
 
				+
			
 
				+  res.json(errs);
			
 
				+};
			
--- a/packages/app/src/server/routes/index.js
+++ b/packages/app/src/server/routes/index.js
@@ -2,6 +2,7 @@ import express from 'express';
 
				 
			
 
				 import injectResetOrderByTokenMiddleware from '../middlewares/inject-reset-order-by-token-middleware';
			
 
				 import injectUserRegistrationOrderByTokenMiddleware from '../middlewares/inject-user-registration-order-by-token-middleware';
			
 
				+import apiV1FormValidator from '../middlewares/apiv1-form-validator';
			
 
				 
			
 
				 import * as forgotPassword from './forgot-password';
			
 
				 import * as privateLegacyPages from './private-legacy-pages';
			
@@ -165,8 +166,8 @@ module.exports = function(crowi, app) {
 
				   app.get('/_api/pages.updatePost'    , accessTokenParser, loginRequired, page.api.getUpdatePost);
			
 
				   app.get('/_api/pages.getPageTag'    , accessTokenParser , loginRequired , page.api.getPageTag);
			
 
				   // allow posting to guests because the client doesn't know whether the user logged in
			
 
				-  app.post('/_api/pages.remove'       , loginRequiredStrictly , csrf, page.validator.remove, page.api.remove); // (Avoid from API Token)
			
 
				-  app.post('/_api/pages.revertRemove' , loginRequiredStrictly , csrf, page.validator.revertRemove, page.api.revertRemove); // (Avoid from API Token)
			
 
				+  app.post('/_api/pages.remove'       , /*loginRequiredStrictly , csrf,*/ page.validator.remove, apiV1FormValidator, page.api.remove); // (Avoid from API Token)
			
 
				+  app.post('/_api/pages.revertRemove' , loginRequiredStrictly , csrf, page.validator.revertRemove, apiV1FormValidator, page.api.revertRemove); // (Avoid from API Token)
			
 
				   app.post('/_api/pages.unlink'       , loginRequiredStrictly , csrf, page.api.unlink); // (Avoid from API Token)
			
 
				   app.post('/_api/pages.duplicate'    , accessTokenParser, loginRequiredStrictly, csrf, page.api.duplicate);
			
 
				   app.get('/tags'                     , loginRequired, tag.showPage);