opt-cc/api/middleware/request-checks.js

68 lines
2.3 KiB
JavaScript

/** This module defines a express.Router() instance
* - checking Accept-Version header to be 1.0
* - body-data to be JSON on POST/PUT/PATCH
* - body to be not empty on POST/PUT/PATCH
* - Request accepts JSOn as reply content-type
*
* @author Johannes Konert
* @licence CC BY-SA 4.0
*
* @module restapi/request-checks
* @type {Router}
*/
// remember: in modules you have 3 variables given by CommonJS
// 1.) require() function
// 2.) module.exports
// 3.) exports (which is module.exports)
'use strict';
const express = require('express');
const router = new express.Router();
// API-Version control. We use HTTP Header field Accept-Version instead of URL-part /v1/
router.use((req, res, next) => {
// expect the Accept-Version header to be NOT set or being 1.0
const versionWanted = req.get('Accept-Version');
if (versionWanted !== undefined && versionWanted !== '1.0') {
// 406 Accept-* header cannot be fulfilled.
res.status(406).send('Accept-Version cannot be fulfilled').end();
} else {
next(); // all OK, call next handler
}
});
// request type application/json check
router.use((req, res, next) => {
if (['POST', 'PUT', 'PATCH'].indexOf(req.method) > -1 &&
(!(/multipart\/form-data/.test(req.get('Content-Type'))) &&
!(/application\/json/.test(req.get('Content-Type'))))) {
// send error code 415: unsupported media type
res.status(415).send('wrong Content-Type'); // user has SEND the wrong type
} else if (!req.accepts('json')) {
// send 406 that response will be application/json and request does not support it by now as answer
// user has REQUESTED the wrong type
res.status(406).send('response of application/json only supported, please accept this');
} else {
next(); // let this request pass through as it is OK
}
});
// request POST, PUT check that any content was send
router.use((req, res, next) => {
let err = undefined;
if (['POST', 'PUT', 'PATCH'].indexOf(req.method) > -1 && parseInt(req.get('Content-Length')) === 0) {
err = new Error('content in body is missing');
err.status = 400;
next(err);
} else if ('PUT' === req.method && !(req.body.id || req.body._id)) {
err = new Error('content in body is missing field id');
err.status = 400;
next(err);
}
next();
});
module.exports = router;