4 лет назад · 426b0456ce
--- a/packages/app/src/server/middlewares/apiv1-form-validator.ts
+++ b/packages/app/src/server/middlewares/apiv1-form-validator.ts
@@ -0,0 +1,25 @@
 
															+import { validationResult } from 'express-validator';
														
 
															+import { NextFunction, Request, Response } from 'express';
														
 
															+
														
 
															+import loggerFactory from '~/utils/logger';
														
 
															+import ApiResponse from '../util/apiResponse';
														
 
															+
														
 
															+const logger = loggerFactory('growi:middlewares:ApiV1FormValidator');
														
 
															+
														
 
															+export default (req: Request, res: Response, next: NextFunction): void => {
														
 
															+  logger.debug('req.query', req.query);
														
 
															+  logger.debug('req.params', req.params);
														
 
															+  logger.debug('req.body', req.body);
														
 
															+
														
 
															+  const errObjArray = validationResult(req);
														
 
															+  if (errObjArray.isEmpty()) {
														
 
															+    return next();
														
 
															+  }
														
 
															+
														
 
															+  const errs = errObjArray.array().map((err) => {
														
 
															+    logger.error(`${err.location}.${err.param}: ${err.msg}`);
														
 
															+    return ApiResponse.error(`${err.param}: ${err.msg}`, 'validation_failed');
														
 
															+  });
														
 
															+
														
 
															+  res.json(errs);
														
 
															+};
														
--- a/packages/app/src/server/routes/index.js
+++ b/packages/app/src/server/routes/index.js
@@ -2,6 +2,7 @@ import express from 'express';
 
															 import injectResetOrderByTokenMiddleware from '../middlewares/inject-reset-order-by-token-middleware';
														
 
															 import injectUserRegistrationOrderByTokenMiddleware from '../middlewares/inject-user-registration-order-by-token-middleware';
														
 
															+import apiV1FormValidator from '../middlewares/apiv1-form-validator';
														
 
															 import * as forgotPassword from './forgot-password';
														
 
															 import * as privateLegacyPages from './private-legacy-pages';
														
@@ -165,8 +166,8 @@ module.exports = function(crowi, app) {
 
															   app.get('/_api/pages.updatePost'    , accessTokenParser, loginRequired, page.api.getUpdatePost);
														
 
															   app.get('/_api/pages.getPageTag'    , accessTokenParser , loginRequired , page.api.getPageTag);
														
 
															   // allow posting to guests because the client doesn't know whether the user logged in
														
 
															-  app.post('/_api/pages.remove'       , loginRequiredStrictly , csrf, page.validator.remove, page.api.remove); // (Avoid from API Token)
														
 
															-  app.post('/_api/pages.revertRemove' , loginRequiredStrictly , csrf, page.validator.revertRemove, page.api.revertRemove); // (Avoid from API Token)
														
 
															+  app.post('/_api/pages.remove'       , /*loginRequiredStrictly , csrf,*/ page.validator.remove, apiV1FormValidator, page.api.remove); // (Avoid from API Token)
														
 
															+  app.post('/_api/pages.revertRemove' , loginRequiredStrictly , csrf, page.validator.revertRemove, apiV1FormValidator, page.api.revertRemove); // (Avoid from API Token)
														
 
															   app.post('/_api/pages.unlink'       , loginRequiredStrictly , csrf, page.api.unlink); // (Avoid from API Token)
														
 
															   app.post('/_api/pages.duplicate'    , accessTokenParser, loginRequiredStrictly, csrf, page.api.duplicate);
														
 
															   app.get('/tags'                     , loginRequired, tag.showPage);