Made edit profile data validation more robust.

2025-12-16 10:18:48 +00:00 · 2019-09-29 21:01:06 -04:00 · 2019-09-29 21:01:06 -04:00 · d05f87c7a7
commit d05f87c7a7
parent 15f976398a
3 changed files with 25 additions and 13 deletions
--- a/functions/handlers/users.js
+++ b/functions/handlers/users.js
@ -19,18 +19,12 @@ exports.updateProfileInfo = (req, res) => {

    // TODO: Add functionality for adding/updating profile images

-    // ?: Should users be able to change their handles?
-    const profileData = {
-        firstName: req.body.firstName.trim(),   // Can be empty
-        lastName: req.body.lastName.trim(),     // Can be empty
-        email: req.body.email.trim(),           // Cannot be empty
-        bio: req.body.bio.trim(),               // Can be empty
-    };
    
    // Data validation
-    const {valid, errors} = validateUpdateProfileInfo(profileData);
+    const {valid, errors, profileData} = validateUpdateProfileInfo(req.body);
    if (!valid) return res.status(400).json(errors);
    
+
    // Update the database entry for this user
    db.collection('users').doc(req.user.handle).set(profileData, {merge: true})
        .then(() => {
--- a/functions/index.js
+++ b/functions/index.js
@ -7,7 +7,6 @@ const FBAuth = require('./util/FBAuth');
 /*------------------------------------------------------------------*
 *  users.js                                                        *
 *------------------------------------------------------------------*/
-
 const {getProfileInfo, updateProfileInfo} = require('./handlers/users');

 // Returns all profile data of the currently logged in user
--- a/functions/util/validator.js
+++ b/functions/util/validator.js
@ -3,15 +3,34 @@ const isEmpty = (str) => {
    else return false;
 };

-exports.validateUpdateProfileInfo = (profileData) => {
-    let errors = {}
+const isEmail = (str) => {
+    const emailRegEx = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    if (str.match(emailRegEx)) return true;
+    else return false;
+}

-    if (isEmpty(profileData.email)) {
+exports.validateUpdateProfileInfo = (data) => {
+    let errors = {};
+    let profileData = {};
+
+    // ?: Should users be able to change their handles and emails?
+
+    // Only adds the key to the DB if the values are not empty
+    if (!isEmpty(data.firstName)) profileData.firstName = data.firstName.trim();
+    if (!isEmpty(data.lastName)) profileData.lastName = data.lastName.trim();
+    if (!isEmpty(data.bio)) profileData.bio = data.bio.trim();
+
+    if (isEmpty(data.email)) {
        errors.email = "Must not be empty.";
+    } else if (!isEmail(data.email)) {
+        errors.email = "Must be a valid email."
+    } else {
+        profileData.email = data.email;
    }

    return {
        errors,
-        valid: Object.keys(errors).length === 0 ? true : false
+        valid: Object.keys(errors).length === 0 ? true : false,
+        profileData
    }
 };