From ec9fbee7d365eaa611d62452b5b17265d83eed43 Mon Sep 17 00:00:00 2001
From: canove <cassio@economicros.com.br>
Date: Sun, 4 Oct 2020 09:04:36 -0300
Subject: [PATCH] improvement: add validation to contacts create/update

---
 backend/src/controllers/ContactController.ts | 53 ++++++++++++++++----
 1 file changed, 42 insertions(+), 11 deletions(-)

diff --git a/backend/src/controllers/ContactController.ts b/backend/src/controllers/ContactController.ts
index 3b50675..efc1c4f 100644
--- a/backend/src/controllers/ContactController.ts
+++ b/backend/src/controllers/ContactController.ts
@@ -1,3 +1,4 @@
+import * as Yup from "yup";
 import { Request, Response } from "express";
 import { getIO } from "../libs/socket";
 
@@ -9,23 +10,13 @@ import DeleteContactService from "../services/ContactServices/DeleteContactServi
 
 import CheckIsValidContact from "../services/WbotServices/CheckIsValidContact";
 import GetProfilePicUrl from "../services/WbotServices/GetProfilePicUrl";
+import AppError from "../errors/AppError";
 
 type IndexQuery = {
   searchParam: string;
   pageNumber: string;
 };
 
-export const index = async (req: Request, res: Response): Promise<Response> => {
-  const { searchParam, pageNumber } = req.query as IndexQuery;
-
-  const { contacts, count, hasMore } = await ListContactsService({
-    searchParam,
-    pageNumber
-  });
-
-  return res.json({ contacts, count, hasMore });
-};
-
 interface ExtraInfo {
   name: string;
   value: string;
@@ -37,9 +28,33 @@ interface ContactData {
   extraInfo?: ExtraInfo[];
 }
 
+export const index = async (req: Request, res: Response): Promise<Response> => {
+  const { searchParam, pageNumber } = req.query as IndexQuery;
+
+  const { contacts, count, hasMore } = await ListContactsService({
+    searchParam,
+    pageNumber
+  });
+
+  return res.json({ contacts, count, hasMore });
+};
+
 export const store = async (req: Request, res: Response): Promise<Response> => {
   const newContact: ContactData = req.body;
 
+  const schema = Yup.object().shape({
+    name: Yup.string().required(),
+    number: Yup.string()
+      .required()
+      .matches(/^\d+$/, "Invalid number format. Only numbers is allowed.")
+  });
+
+  try {
+    await schema.validate(newContact);
+  } catch (err) {
+    throw new AppError(err.message);
+  }
+
   await CheckIsValidContact(newContact.number);
 
   const profilePicUrl = await GetProfilePicUrl(newContact.number);
@@ -72,6 +87,22 @@ export const update = async (
 ): Promise<Response> => {
   const contactData: ContactData = req.body;
 
+  const schema = Yup.object().shape({
+    name: Yup.string(),
+    number: Yup.string().matches(
+      /^\d+$/,
+      "Invalid number format. Only numbers is allowed."
+    )
+  });
+
+  try {
+    await schema.validate(contactData);
+  } catch (err) {
+    throw new AppError(err.message);
+  }
+
+  await CheckIsValidContact(contactData.number);
+
   const { contactId } = req.params;
 
   const contact = await UpdateContactService({ contactData, contactId });