diff options
author | Dennis Eriksen <dennis.se@gmail.com> | 2013-05-14 13:11:28 +0200 |
---|---|---|
committer | Dennis Eriksen <dennis.se@gmail.com> | 2013-05-14 13:11:28 +0200 |
commit | 86148cf9f247f62552270fc997a77a7f88c5408c (patch) | |
tree | 92a2609484d0dd3c4edc9d300686c2314c8fb543 | |
parent | added check for permissions as well as check for access (diff) | |
download | Divid-86148cf9f247f62552270fc997a77a7f88c5408c.tar.gz |
new errorhandler.. uses node-validator now
-rw-r--r-- | config/express.js | 5 | ||||
-rw-r--r-- | controllers/system.js | 38 |
2 files changed, 28 insertions, 15 deletions
diff --git a/config/express.js b/config/express.js index 034eff5..eb10b20 100644 --- a/config/express.js +++ b/config/express.js @@ -3,8 +3,7 @@ * Module dependencies */ -var express = require('express') - , expressValidator = require('express-validator'); +var express = require('express'); /** @@ -29,8 +28,6 @@ module.exports = function (app, config, passport) { app.use(express.bodyParser()); //must be above methodOverride - app.use(expressValidator); // loads validation - app.use(express.methodOverride()); app.use(express.session({ secret: 'lsdrghoi4hgqio42nqf2uqi32f3bilu23fl23b' })); diff --git a/controllers/system.js b/controllers/system.js index 21e367e..a7830f3 100644 --- a/controllers/system.js +++ b/controllers/system.js @@ -8,7 +8,23 @@ var mongoose = require('mongoose') , Project = mongoose.model('Project') , Access = mongoose.model('Access') , User = mongoose.model('User') - , pPost = mongoose.model('pPost'); + , pPost = mongoose.model('pPost') + , Validator = require('validator').Validator + , v = new Validator() + , sanitize = require('validator').sanitize; + + +// validation error handling. This collects all errors before pushing them out in getErrors() +Validator.prototype.error = function(msg) { + this._errors.push(msg); + return this; +} +Validator.prototype.getErrors = function() { + var returnThis = this._errors; + this._errors = ''; // need to reset errors between sessions because of object model + return returnThis; +} + /** * Before the user log in @@ -157,13 +173,13 @@ exports.projectPost = function(req, res) { exports.postProjectPost = function(req, res) { // Validation - req.assert('project', 'The project was lost').notEmpty(); - req.assert('what', 'You need to fill in the what-field').notEmpty(); - req.assert('value', 'The value must be a positive number').notEmpty().isInt().min(0); + v.check('project', 'The project was lost').notEmpty(); + v.check('what', 'You need to fill in the what-field').notEmpty(); + v.check('value', 'The value must be a positive number').notEmpty().isInt().min(0); // error when validation fails - var errors = req.validationErrors(); - if (errors) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil', error: errors.stack }); + var errors = v.getErrors(); + if (errors.length !== 0) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil', error: errors.stack }); Project.load(req.sanitize('project').escape(), function(err, project) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); @@ -178,11 +194,11 @@ exports.postProjectPost = function(req, res) { ppost.user = req.user._id; ppost.for = req.user._id; ppost.project = project._id; - ppost.what = req.sanitize('what').escape(); - ppost.comment = req.sanitize('comment').xss(); // xss will remove cross-site-scripting in the textfield. - ppost.participants = req.sanitize('participants').escape(); - ppost.value = req.sanitize('value').toInt(); // this will remove leading zeroes. '0123' => '123' - ppost.when = new Date(req.sanitize('date').escape() + ' ' + req.sanitize('time').escape() + ':00'); + ppost.what = sanitize(req.body.what).escape(); + ppost.comment = sanitize(req.body.comment).xss(); // xss will remove cross-site-scripting in the textfield. + ppost.participants = sanitize(req.body.participants).escape(); + ppost.value = sanitize(req.body.value).toInt(); // this will remove leading zeroes. '0123' => '123' + ppost.when = new Date(sanitize(req.body.date).escape() + ' ' + sanitize(req.body.time).escape() + ':00'); ppost.save(function(err) { if (err) { |