Add validation on route CreateWorkgroup

2021-04-16 00:08:57 +02:00
parent 3f392eece6
commit 994e266b52
3 changed files with 61 additions and 4 deletions
--- a/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt
+++ b/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt
@@ -1,8 +1,9 @@
 package fr.dcproject.component.workgroup.routes

-import fr.dcproject.common.response.toOutput
+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.security.assert
 import fr.dcproject.common.utils.receiveOrBadRequest
+import fr.dcproject.common.validation.isUrl
 import fr.dcproject.component.auth.citizen
 import fr.dcproject.component.auth.citizenOrNull
 import fr.dcproject.component.auth.mustBeAuth
@@ -10,6 +11,9 @@ import fr.dcproject.component.workgroup.WorkgroupAccessControl
 import fr.dcproject.component.workgroup.database.WorkgroupForUpdate
 import fr.dcproject.component.workgroup.database.WorkgroupRepository
 import fr.dcproject.component.workgroup.routes.CreateWorkgroup.PostWorkgroupRequest.Input
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.maxLength
+import io.konform.validation.jsonschema.minLength
 import io.ktor.application.call
 import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
@@ -29,13 +33,30 @@ object CreateWorkgroup {
            val description: String,
            val logo: String?,
            val anonymous: Boolean?
-        )
+        ) {
+            fun validate() = Validation<Input> {
+                Input::name {
+                    minLength(5)
+                    maxLength(80)
+                }
+                Input::description {
+                    minLength(50)
+                    maxLength(6000)
+                }
+                Input::logo ifPresent {
+                    isUrl()
+                    maxLength(2048)
+                }
+            }.validate(this)
+        }
    }

    fun Route.createWorkgroup(repo: WorkgroupRepository, ac: WorkgroupAccessControl) {
        post<PostWorkgroupRequest> {
            mustBeAuth()
            call.receiveOrBadRequest<Input>().run {
+                validate().badRequestIfNotValid()
+
                WorkgroupForUpdate(
                    id ?: UUID.randomUUID(),
                    name,