add new validator

packages/remark-lsx/src/server/index.ts

@@ -14,7 +14,11 @@ const loginRequiredFallback = (req: Request, res: Response) => {
 const filterXSS = new FilterXSS();
 
 const lsxValidator = [
+  query('pagePath').notEmpty().isString(),
+  query('offset').optional().isNumeric(),
+  query('limit').optional().isNumeric(),
   query('options')
+    .optional()
     .customSanitizer((options) => {
       try {
         const jsonData: LsxApiOptions = JSON.parse(options);
@@ -29,6 +33,7 @@ const lsxValidator = [
         throw new Error('Invalid JSON format in options');
       }
     }),
+  query('options.*').optional().isString(),
 ];
 
 // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types, @typescript-eslint/no-explicit-any

packages/remark-lsx/src/server/routes/list-pages/index.spec.ts

@@ -9,7 +9,7 @@ import type { PageQuery, PageQueryBuilder } from './generate-base-query';
 
 import { listPages } from '.';
 
-interface listPagesRequest extends Request<undefined, undefined, undefined, LsxApiParams> {
+interface IListPagesRequest extends Request<undefined, undefined, undefined, LsxApiParams> {
   user: IUser,
 }
 
@@ -33,7 +33,7 @@ describe('listPages', () => {
 
   it("returns 400 HTTP response when the query 'pagePath' is undefined", async() => {
     // setup
-    const reqMock = mock<listPagesRequest>();
+    const reqMock = mock<IListPagesRequest>();
     const resMock = mock<Response>();
     const resStatusMock = mock<Response>();
     resMock.status.calledWith(400).mockReturnValue(resStatusMock);
@@ -49,7 +49,7 @@ describe('listPages', () => {
 
   describe('with num option', () => {
 
-    const reqMock = mock<listPagesRequest>();
+    const reqMock = mock<IListPagesRequest>();
     reqMock.query = { pagePath: '/Sandbox' };
 
     const builderMock = mock<PageQueryBuilder>();
@@ -100,7 +100,7 @@ describe('listPages', () => {
 
     it('returns 500 HTTP response when an unexpected error occured', async() => {
       // setup
-      const reqMock = mock<listPagesRequest>();
+      const reqMock = mock<IListPagesRequest>();
       reqMock.query = { pagePath: '/Sandbox' };
 
       // an Error instance will be thrown by addNumConditionMock
@@ -127,7 +127,7 @@ describe('listPages', () => {
 
     it('returns 400 HTTP response when the value is invalid', async() => {
       // setup
-      const reqMock = mock<listPagesRequest>();
+      const reqMock = mock<IListPagesRequest>();
       reqMock.query = { pagePath: '/Sandbox' };
 
       // an http-errors instance will be thrown by addNumConditionMock

packages/remark-lsx/src/server/routes/list-pages/index.ts

@@ -4,6 +4,7 @@ import { OptionParser } from '@growi/core/dist/remark-plugins';
 import { pathUtils } from '@growi/core/dist/utils';
 import escapeStringRegexp from 'escape-string-regexp';
 import type { Request, Response } from 'express';
+import { validationResult } from 'express-validator';
 import createError, { isHttpError } from 'http-errors';
 
 import type { LsxApiParams, LsxApiResponseData } from '../../../interfaces/api';
@@ -56,16 +57,20 @@ function addExceptCondition(query, pagePath, optionsFilter): PageQuery {
   return addFilterCondition(query, pagePath, optionsFilter, true);
 }
 
-interface listPagesRequest extends Request<undefined, undefined, undefined, LsxApiParams> {
+interface IListPagesRequest extends Request<undefined, undefined, undefined, LsxApiParams> {
   user: IUser,
 }
 
-export const listPages = async(req: listPagesRequest, res: Response): Promise<Response> => {
+
+export const listPages = async(req: IListPagesRequest, res: Response): Promise<Response> => {
   const user = req.user;
 
-  // TODO: use express-validator
-  if (req.query.pagePath == null) {
-    return res.status(400).send("The 'pagePath' query must not be null.");
+  const error = validationResult(req);
+  if (!error.isEmpty()) {
+    if (req.query.pagePath == null) {
+      return res.status(400).send("The 'pagePath' query must not be null.");
+    }
+    throw new Error('invalid query');
   }
 
   const params: LsxApiParams = {