@dvsa/appdev-api-common 0.1.1 → 0.2.0

package/index.d.ts

@@ -2,3 +2,4 @@ export * from "./api/http-status-codes";
 export * from "./auth/auth-checker";
 export * from "./auth/auth-errors";
 export * from "./auth/verify-jwt";
+export * from "./validation/request-body";

package/index.js

@@ -18,3 +18,4 @@ __exportStar(require("./api/http-status-codes"), exports);
 __exportStar(require("./auth/auth-checker"), exports);
 __exportStar(require("./auth/auth-errors"), exports);
 __exportStar(require("./auth/verify-jwt"), exports);
+__exportStar(require("./validation/request-body"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dvsa/appdev-api-common",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "keywords": [
     "dvsa",
     "nodejs",
@@ -23,6 +23,7 @@
     "postpublish": "git clean -fd && npm run clean:temp"
   },
   "dependencies": {
+    "ajv": "^8.17.1",
     "jose": "^5.9.6"
   },
   "devDependencies": {

package/validation/request-body.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Decorator tp validate an express request body against a specified schema
+ * @param {object} schema
+ * @param errorDetails - whether to return detailed error messages (Note: errors are logged regardless of this setting)
+ */
+export declare function ValidateRequestBody<T>(schema: object, { errorDetails }?: {
+    errorDetails: boolean;
+}): (_target: T, _propertyKey: string, descriptor: PropertyDescriptor) => void;

package/validation/request-body.js

@@ -0,0 +1,47 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ValidateRequestBody = ValidateRequestBody;
+const ajv_1 = __importDefault(require("ajv"));
+const http_status_codes_1 = require("../api/http-status-codes");
+const ajv = new ajv_1.default({ removeAdditional: true, allErrors: true });
+ajv.addKeyword("tsEnumNames");
+/**
+ * Decorator tp validate an express request body against a specified schema
+ * @param {object} schema
+ * @param errorDetails - whether to return detailed error messages (Note: errors are logged regardless of this setting)
+ */
+function ValidateRequestBody(schema, { errorDetails } = { errorDetails: false }) {
+    return (_target, _propertyKey, descriptor) => {
+        const originalMethod = descriptor.value;
+        descriptor.value = async function (body, res, next) {
+            // just to be safe, check the bodies existence before attempting to validate it
+            if (!body) {
+                return res
+                    .status(http_status_codes_1.HttpStatus.BAD_REQUEST)
+                    .json({ message: "No request body detected" });
+            }
+            const payload = Buffer.isBuffer(body)
+                ? JSON.parse(body.toString("utf-8"))
+                : body;
+            const validateFunction = ajv.compile(schema);
+            // validate the request body against the schema passed in
+            const isValid = validateFunction(payload);
+            // if an error exists, then return a 400 with details
+            if (!isValid) {
+                console.error(validateFunction.errors);
+                const response = {
+                    message: "Validation error",
+                };
+                if (errorDetails) {
+                    Object.assign(response, { errors: validateFunction.errors });
+                }
+                return res.status(http_status_codes_1.HttpStatus.BAD_REQUEST).json(response);
+            }
+            // proceed with attached method if schema is valid
+            return originalMethod.apply(this, [body, res, next]);
+        };
+    };
+}