extra validation on feed slug user id etc

kevin2314 · Nov 18, 2014 · c95b683 · c95b683
1 parent 5a73887
commit c95b683
Show file tree

Hide file tree

Showing 8 changed files with 95 additions and 6 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -2,6 +2,14 @@
  Change history
 ================
 
+2.0.1
+=====
+:release-date: 2014-11-18
+:by: Thierry Schellenbach
+
+* Added validation on feed slug and user id
+
+
 2.0.0
 =====
 :release-date: 2014-11-10

diff --git a/bower.json b/bower.json
@@ -1,6 +1,6 @@
 {
   "name": "getstream",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "main": "dist/js/getstream.js",
   "ignore": [
     "src",

diff --git a/dist/js/getstream.js b/dist/js/getstream.js
@@ -3131,6 +3131,7 @@ var StreamFeed = _dereq_('./feed');
 var signing = _dereq_('./signing');
 var errors = _dereq_('./errors');
 var crypto = _dereq_('crypto');
+var utils = _dereq_('./utils');
 
 var StreamClient = function() {
     this.initialize.apply(this, arguments);
@@ -3237,6 +3238,9 @@ StreamClient.prototype = {
         if (feedSlug.indexOf(':') != -1) {
         	throw new errors.FeedError('Please initialize the feed using client.feed("user", "1") not client.feed("user:1")');
         }
+
+        utils.validateFeedSlug(feedSlug);
+		utils.validateUserId(userId);
 
         // raise an error if there is no token
         if (!this.apiSecret && !token) {
@@ -3341,7 +3345,7 @@ StreamClient.prototype = {
 
 module.exports = StreamClient;
 }).call(this,_dereq_("1YiZ5S"))
-},{"./errors":7,"./feed":8,"./signing":9,"1YiZ5S":4,"crypto":3,"request":1}],7:[function(_dereq_,module,exports){
+},{"./errors":7,"./feed":8,"./signing":9,"./utils":10,"1YiZ5S":4,"crypto":3,"request":1}],7:[function(_dereq_,module,exports){
 var errors = module.exports;
 
 var canCapture = ( typeof Error.captureStackTrace === 'function');
@@ -3381,6 +3385,7 @@ errors.SiteError.prototype = new ErrorAbstract();
 
 },{}],8:[function(_dereq_,module,exports){
 var errors = _dereq_('./errors');
+var utils = _dereq_('./utils');
 
 var StreamFeed = function() {
 	this.initialize.apply(this, arguments);
@@ -3463,6 +3468,8 @@ StreamFeed.prototype = {
 		 * or
 		 * feed.follow('user', '1', callback);
 		 */
+		utils.validateFeedSlug(targetSlug);
+		utils.validateUserId(targetUserId);
 		var targetToken;
 		var last = arguments[arguments.length - 1];
 		// callback is always the last argument
@@ -3494,6 +3501,8 @@ StreamFeed.prototype = {
 		 * Unfollow the given feed, ie:
 		 * feed.unfollow('user', '2', callback);
 		 */
+		utils.validateFeedSlug(targetSlug);
+		utils.validateUserId(targetUserId);
 		var targetFeedId = targetSlug + ':' + targetUserId;
 		var xhr = this.client.delete( {
 			'url' : 'feed/' + this.feedUrl + '/follows/' + targetFeedId + '/',
@@ -3600,7 +3609,7 @@ StreamFeed.prototype = {
 };
 
 module.exports = StreamFeed; 
-},{"./errors":7,"faye":2}],9:[function(_dereq_,module,exports){
+},{"./errors":7,"./utils":10,"faye":2}],9:[function(_dereq_,module,exports){
 
 var crypto = _dereq_('crypto');
 
@@ -3636,6 +3645,53 @@ exports.sign = function(apiSecret, feedId) {
 	var token = makeUrlSafe(digest);
 	return token;
 };
-},{"crypto":3}]},{},[5])
+},{"crypto":3}],10:[function(_dereq_,module,exports){
+var validRe = /^\w+$/;
+
+
+function validateFeedId(feedId) {
+	/*
+	 * Validate that the feedId matches the spec user:1
+	 */
+	var parts = feedId.split(':');
+	if (parts.length != 2) {
+        throw new errors.FeedError('Invalid feedId, expected something like user:1 got ' + feedId);
+	}
+	var feedSlug = parts[0];
+	var userId = parts[1];
+	validateFeedSlug(feedSlug);
+	validateUserId(userId);
+	return feedId;
+}
+exports.validateFeedId = validateFeedId;
+
+
+function validateFeedSlug(feedSlug) {
+	/*
+	 * Validate that the feedSlug matches \w
+	 */
+	var valid = validRe.test(feedSlug);
+	if (!valid) {
+        throw new errors.FeedError('Invalid feedSlug, please use letters, numbers or _ got: ' + feedSlug);
+	}
+	return feedSlug;
+}
+exports.validateFeedSlug = validateFeedSlug;
+
+
+function validateUserId(userId) {
+	/*
+	 * Validate the userId matches \w
+	 */
+	var valid = validRe.test(userId);
+	if (!valid) {
+        throw new errors.FeedError('Invalid feedSlug, please use letters, numbers or _ got: ' + userId);
+	}
+	return userId;	
+}
+exports.validateUserId = validateUserId;
+
+
+},{}]},{},[5])
 (5)
 });
diff --git a/dist/js_min/getstream.js b/dist/js_min/getstream.js
diff --git a/package.json b/package.json
@@ -7,7 +7,7 @@
   "description": "The official low-level GetStream.io client for Node.js and the browser.",
   "main": "./src/getstream.js",
   "homepage": "https://getstream.io/",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "config": {
     "blanket": {
       "pattern": "src"

diff --git a/src/lib/client.js b/src/lib/client.js
@@ -3,6 +3,7 @@ var StreamFeed = require('./feed');
 var signing = require('./signing');
 var errors = require('./errors');
 var crypto = require('crypto');
+var utils = require('./utils');
 
 var StreamClient = function() {
     this.initialize.apply(this, arguments);
@@ -109,6 +110,9 @@ StreamClient.prototype = {
         if (feedSlug.indexOf(':') != -1) {
         	throw new errors.FeedError('Please initialize the feed using client.feed("user", "1") not client.feed("user:1")');
         }
+
+        utils.validateFeedSlug(feedSlug);
+		utils.validateUserId(userId);
 
         // raise an error if there is no token
         if (!this.apiSecret && !token) {

diff --git a/src/lib/feed.js b/src/lib/feed.js
@@ -1,4 +1,5 @@
 var errors = require('./errors');
+var utils = require('./utils');
 
 var StreamFeed = function() {
 	this.initialize.apply(this, arguments);
@@ -81,6 +82,8 @@ StreamFeed.prototype = {
 		 * or
 		 * feed.follow('user', '1', callback);
 		 */
+		utils.validateFeedSlug(targetSlug);
+		utils.validateUserId(targetUserId);
 		var targetToken;
 		var last = arguments[arguments.length - 1];
 		// callback is always the last argument
@@ -112,6 +115,8 @@ StreamFeed.prototype = {
 		 * Unfollow the given feed, ie:
 		 * feed.unfollow('user', '2', callback);
 		 */
+		utils.validateFeedSlug(targetSlug);
+		utils.validateUserId(targetUserId);
 		var targetFeedId = targetSlug + ':' + targetUserId;
 		var xhr = this.client.delete( {
 			'url' : 'feed/' + this.feedUrl + '/follows/' + targetFeedId + '/',

diff --git a/test/integration/index.js b/test/integration/index.js
@@ -156,6 +156,22 @@ describe('Stream client', function () {
 	});
     done();
   });
+
+  it('get invalid format', function (done) {
+  	var invalidFormats = [];
+  	invalidFormats.push(function() { client.feed('flat-1', '2');});
+  	invalidFormats.push(function() { client.feed('flat1', '2:3');});
+  	invalidFormats.push(function() { user1.follow('flat 1', '3');});
+  	invalidFormats.push(function() { user1.follow('flat', '3-3');});
+  	// verify all of the above throw an error
+  	for (var i = 0; i < invalidFormats.length; i++) { 
+	    var callable = invalidFormats[i];
+        expect(callable).to.throwException(function (e) {
+		  	expect(e).to.be.a(errors.FeedError);
+		});
+	}
+    done();
+  });
 
   it('add activity', function (done) {
     var activity = {'actor': 1, 'verb': 'add', 'object': 1};