Add types for parameters in Express routes

wnjuguna · Jan 2, 2022 · 43c757e · 43c757e
1 parent 1541bfa
commit 43c757e
Show file tree

Hide file tree

Showing 67 changed files with 222 additions and 122 deletions.
diff --git a/data/static/codefixes/dbSchemaChallenge_1.ts b/data/static/codefixes/dbSchemaChallenge_1.ts
@@ -1,6 +1,6 @@
 module.exports = function searchProducts () {
   return (req, res, next) => {
-    let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q || ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
     models.sequelize.query("SELECT * FROM Products WHERE ((name LIKE '%"+criteria+"%' OR description LIKE '%"+criteria+"%') AND deletedAt IS NULL) ORDER BY name")
       .then(([products]) => {

diff --git a/data/static/codefixes/dbSchemaChallenge_2_correct.ts b/data/static/codefixes/dbSchemaChallenge_2_correct.ts
@@ -1,6 +1,6 @@
 module.exports = function searchProducts () {
   return (req, res, next) => {
-    let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q || ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
     models.sequelize.query(
         `SELECT * FROM Products WHERE ((name LIKE '%:criteria%' OR description LIKE '%:criteria%') AND deletedAt IS NULL) ORDER BY name`,

diff --git a/data/static/codefixes/dbSchemaChallenge_3.ts b/data/static/codefixes/dbSchemaChallenge_3.ts
@@ -2,7 +2,7 @@ const injectionChars = /"|'|;|and|or|;|#/i;
 
 module.exports = function searchProducts () {
   return (req, res, next) => {
-    let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q || ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
     if (criteria.match(injectionChars)) {
       res.status(400).send()

diff --git a/data/static/codefixes/unionSqlInjectionChallenge_1.ts b/data/static/codefixes/unionSqlInjectionChallenge_1.ts
@@ -1,6 +1,6 @@
 module.exports = function searchProducts () {
   return (req, res, next) => {
-    let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q || ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
     criteria.replace(/"|'|;|and|or/i, "")
     models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)

diff --git a/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts b/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts
@@ -1,6 +1,6 @@
 module.exports = function searchProducts () {
   return (req, res, next) => {
-    let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q || ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
     models.sequelize.query(
         `SELECT * FROM Products WHERE ((name LIKE '%:criteria%' OR description LIKE '%:criteria%') AND deletedAt IS NULL) ORDER BY name`,

diff --git a/data/static/codefixes/unionSqlInjectionChallenge_3.ts b/data/static/codefixes/unionSqlInjectionChallenge_3.ts
@@ -1,6 +1,6 @@
 module.exports = function searchProducts () {
   return (req, res, next) => {
-    let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q || ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
     // only allow apple or orange related searches
     if (!criteria.startsWith("apple") || !criteria.startsWith("orange")) {

diff --git a/routes/2fa.ts b/routes/2fa.ts
@@ -4,6 +4,8 @@
  */
 
 import config = require('config')
+import { Request, Response } from 'express'
+
 const security = require('../lib/insecurity')
 const models = require('../models/index')
 const otplib = require('otplib')
@@ -16,7 +18,7 @@ otplib.authenticator.options = {
   window: 1
 }
 
-async function verify (req, res) {
+async function verify (req: Request, res: Response) {
   const { tmpToken, totpToken } = req.body
 
   try {
@@ -54,7 +56,7 @@ async function verify (req, res) {
  *
  * When 2FA is not set up, the result will include data required to start the setup.
  */
-async function status (req, res) {
+async function status (req: Request, res: Response) {
   try {
     const data = security.authenticatedUsers.from(req)
     if (!data) {
@@ -93,7 +95,7 @@ async function status (req, res) {
  *    was generated by the server and wasn't tampered with by the client
  * 3. The first TOTP Token, generated by the TOTP App. (e.g. Google Authenticator)
  */
-async function setup (req, res) {
+async function setup (req: Request, res: Response) {
   try {
     const data = security.authenticatedUsers.from(req)
     if (!data) {
@@ -134,7 +136,7 @@ async function setup (req, res) {
 /**
  * Disables 2fa for the current user
  */
-async function disable (req, res) {
+async function disable (req: Request, res: Response) {
   try {
     const data = security.authenticatedUsers.from(req)
     if (!data) {

diff --git a/routes/address.ts b/routes/address.ts
@@ -4,16 +4,17 @@
  */
 
 import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
 
 module.exports.getAddress = function getAddress () {
-  return async (req, res, next) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
     const addresses = await models.Address.findAll({ where: { UserId: req.body.UserId } })
     res.status(200).json({ status: 'success', data: addresses })
   }
 }
 
 module.exports.getAddressById = function getAddressById () {
-  return async (req, res, next) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
     const address = await models.Address.findOne({ where: { id: req.params.id, UserId: req.body.UserId } })
     if (address) {
       res.status(200).json({ status: 'success', data: address })
@@ -24,7 +25,7 @@ module.exports.getAddressById = function getAddressById () {
 }
 
 module.exports.delAddressById = function delAddressById () {
-  return async (req, res, next) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
     const address = await models.Address.destroy({ where: { id: req.params.id, UserId: req.body.UserId } })
     if (address) {
       res.status(200).json({ status: 'success', data: 'Address deleted successfully.' })

diff --git a/routes/angular.ts b/routes/angular.ts
@@ -4,10 +4,12 @@
  */
 
 import path = require('path')
+import { Request, Response, NextFunction } from 'express'
+
 const utils = require('../lib/utils')
 
 module.exports = function serveAngularClient () {
-  return ({ url }, res, next) => {
+  return ({ url }: Request, res: Response, next: NextFunction) => {
     if (!utils.startsWith(url, '/api') && !utils.startsWith(url, '/rest')) {
       res.sendFile(path.resolve('frontend/dist/frontend/index.html'))
     } else {

diff --git a/routes/appConfiguration.ts b/routes/appConfiguration.ts
@@ -4,9 +4,10 @@
  */
 
 import config = require('config')
+import { Request, Response } from 'express'
 
 module.exports = function retrieveAppConfiguration () {
-  return (req, res) => {
+  return (req: Request, res: Response) => {
     res.json({ config })
   }
 }
diff --git a/routes/appVersion.ts b/routes/appVersion.ts
@@ -4,10 +4,12 @@
  */
 
 import config = require('config')
+import { Request, Response } from 'express'
+
 const utils = require('../lib/utils')
 
 module.exports = function retrieveAppVersion () {
-  return (req, res) => {
+  return (req: Request, res: Response) => {
     res.json({
       version: config.get('application.showVersionNumber') ? utils.version() : ''
     })

diff --git a/routes/authenticatedUsers.ts b/routes/authenticatedUsers.ts
@@ -4,11 +4,13 @@
  */
 
 import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
+
 const utils = require('../lib/utils')
 const security = require('../lib/insecurity')
 
 module.exports = function retrieveUserList () {
-  return (req, res, next) => {
+  return (req: Request, res: Response, next: NextFunction) => {
     models.User.findAll().then(users => {
       const usersWithLoginStatus = utils.queryResultToJson(users)
       usersWithLoginStatus.data.forEach(user => {

diff --git a/routes/b2bOrder.ts b/routes/b2bOrder.ts
@@ -4,13 +4,15 @@
  */
 
 import vm = require('vm')
+import { Request, Response, NextFunction } from 'express'
+
 const utils = require('../lib/utils')
 const security = require('../lib/insecurity')
 const safeEval = require('notevil')
 const challenges = require('../data/datacache').challenges
 
 module.exports = function b2bOrder () {
-  return ({ body }, res, next) => {
+  return ({ body }: Request, res: Response, next: NextFunction) => {
     if (!utils.disableOnContainerEnv()) {
       const orderLinesData = body.orderLinesData || ''
       try {

diff --git a/routes/basket.ts b/routes/basket.ts
@@ -4,12 +4,14 @@
  */
 
 import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
+
 const utils = require('../lib/utils')
 const security = require('../lib/insecurity')
 const challenges = require('../data/datacache').challenges
 
 module.exports = function retrieveBasket () {
-  return (req, res, next) => {
+  return (req: Request, res: Response, next: NextFunction) => {
     const id = req.params.id
     models.Basket.findOne({ where: { id }, include: [{ model: models.Product, paranoid: false }] })
       .then(basket => {

diff --git a/routes/basketItems.ts b/routes/basketItems.ts
@@ -4,12 +4,14 @@
  */
 
 import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
+
 const utils = require('../lib/utils')
 const challenges = require('../data/datacache').challenges
 const security = require('../lib/insecurity')
 
 module.exports.addBasketItem = function addBasketItem () {
-  return (req, res, next) => {
+  return (req: Request, res: Response, next: NextFunction) => {
     const result = utils.parseJsonCustom(req.rawBody)
     const productIds = []
     const basketIds = []
@@ -51,15 +53,15 @@ module.exports.addBasketItem = function addBasketItem () {
 }
 
 module.exports.quantityCheckBeforeBasketItemAddition = function quantityCheckBeforeBasketItemAddition () {
-  return (req, res, next) => {
+  return (req: Request, res: Response, next: NextFunction) => {
     void quantityCheck(req, res, next, req.body.ProductId, req.body.quantity).catch(error => {
       next(error)
     })
   }
 }
 
 module.exports.quantityCheckBeforeBasketItemUpdate = function quantityCheckBeforeBasketItemUpdate () {
-  return (req, res, next) => {
+  return (req: Request, res: Response, next: NextFunction) => {
     models.BasketItem.findOne({ where: { id: req.params.id } }).then((item) => {
       const user = security.authenticatedUsers.from(req)
       utils.solveIf(challenges.basketManipulateChallenge, () => { return user && req.body.BasketId && user.bid != req.body.BasketId }) // eslint-disable-line eqeqeq
@@ -74,7 +76,7 @@ module.exports.quantityCheckBeforeBasketItemUpdate = function quantityCheckBefor
   }
 }
 
-async function quantityCheck (req, res, next, id, quantity) {
+async function quantityCheck (req: Request, res: Response, next: NextFunction, id, quantity) {
   const product = await models.Quantity.findOne({ where: { ProductId: id } })
 
   // is product limited per user and order, except if user is deluxe?

diff --git a/routes/captcha.ts b/routes/captcha.ts
@@ -4,9 +4,10 @@
  */
 
 import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
 
 function captchas () {
-  return (req, res) => {
+  return (req: Request, res: Response) => {
     const captchaId = req.app.locals.captchaId++
     const operators = ['*', '+', '-']
 
@@ -32,7 +33,7 @@ function captchas () {
   }
 }
 
-captchas.verifyCaptcha = () => (req, res, next) => {
+captchas.verifyCaptcha = () => (req: Request, res: Response, next: NextFunction) => {
   models.Captcha.findOne({ where: { captchaId: req.body.captchaId } }).then(captcha => {
     if (captcha && req.body.captcha === captcha.dataValues.answer) {
       next()

diff --git a/routes/changePassword.ts b/routes/changePassword.ts
@@ -4,13 +4,15 @@
  */
 
 import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
+
 const utils = require('../lib/utils')
 const security = require('../lib/insecurity')
 const cache = require('../data/datacache')
 const challenges = cache.challenges
 
 module.exports = function changePassword () {
-  return ({ query, headers, connection }, res, next) => {
+  return ({ query, headers, connection }: Request, res: Response, next: NextFunction) => {
     const currentPassword = query.current
     const newPassword = query.new
     const repeatPassword = query.repeat

diff --git a/routes/chatbot.ts b/routes/chatbot.ts
@@ -4,6 +4,8 @@
  */
 
 import fs = require('fs')
+import { Request, Response, NextFunction } from 'express'
+
 const { Bot } = require('juicy-chat-bot')
 const security = require('../lib/insecurity')
 const jwt = require('jsonwebtoken')
@@ -40,7 +42,7 @@ async function initialize () {
 
 void initialize()
 
-async function processQuery (user, req, res) {
+async function processQuery (user, req: Request, res: Response) {
   const username = user.username
   if (!username) {
     res.status(200).json({
@@ -102,7 +104,7 @@ async function processQuery (user, req, res) {
   }
 }
 
-function setUserName (user, req, res) {
+function setUserName (user, req: Request, res: Response) {
   models.User.findByPk(user.id).then(user => {
     user.update({ username: req.body.query }).then(newuser => {
       newuser = utils.queryResultToJson(newuser)
@@ -123,7 +125,7 @@ module.exports.initialize = initialize
 module.exports.bot = bot
 
 module.exports.status = function status () {
-  return async (req, res, next) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
     if (!bot) {
       res.status(200).json({
         status: false,
@@ -176,7 +178,7 @@ module.exports.status = function status () {
 }
 
 module.exports.process = function respond () {
-  return async (req, res, next) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
     if (!bot) {
       res.status(200).json({
         action: 'response',

diff --git a/routes/continueCode.ts b/routes/continueCode.ts
@@ -5,13 +5,15 @@
 
 import Hashids = require('hashids/cjs')
 import models = require('../models/index')
+import { Request, Response } from 'express'
+
 const sequelize = require('sequelize')
 const challenges = require('../data/datacache').challenges
 const Op = sequelize.Op
 
 module.exports.continueCode = function continueCode () {
   const hashids = new Hashids('this is my salt', 60, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
-  return (req, res) => {
+  return (req: Request, res: Response) => {
     const ids = []
     for (const name in challenges) {
       if (Object.prototype.hasOwnProperty.call(challenges, name)) {
@@ -25,7 +27,7 @@ module.exports.continueCode = function continueCode () {
 
 module.exports.continueCodeFindIt = function continueCodeFindIt () {
   const hashids = new Hashids('this is the salt for findIt challenges', 60, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
-  return async (req, res) => {
+  return async (req: Request, res: Response) => {
     const ids = []
     const challenges = await models.Challenge.findAll({ where: { codingChallengeStatus: { [Op.gte]: 1 } } })
     for (const challenge of challenges) {
@@ -38,7 +40,7 @@ module.exports.continueCodeFindIt = function continueCodeFindIt () {
 
 module.exports.continueCodeFixIt = function continueCodeFixIt () {
   const hashids = new Hashids('yet another salt for the fixIt challenges', 60, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
-  return async (req, res) => {
+  return async (req: Request, res: Response) => {
     const ids = []
     const challenges = await models.Challenge.findAll({ where: { codingChallengeStatus: { [Op.gte]: 2 } } })
     for (const challenge of challenges) {

diff --git a/routes/countryMapping.ts b/routes/countryMapping.ts
@@ -4,9 +4,10 @@
  */
 
 import logger = require('../lib/logger')
+import { Request, Response } from 'express'
 
 module.exports = function countryMapping (config = require('config')) {
-  return (req, res) => {
+  return (req: Request, res: Response) => {
     try {
       const countryMapping = config.get('ctf.countryMapping')
       if (!countryMapping) {

diff --git a/routes/coupon.ts b/routes/coupon.ts
@@ -4,10 +4,12 @@
  */
 
 import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
+
 const security = require('../lib/insecurity')
 
 module.exports = function applyCoupon () {
-  return ({ params }, res, next) => {
+  return ({ params }: Request, res: Response, next: NextFunction) => {
     const id = params.id
     let coupon = params.coupon ? decodeURIComponent(params.coupon) : undefined
     const discount = security.discountFromCoupon(coupon)