From a3afe63aa0ff3862e99113fc1fc6c127aa93d8b4 Mon Sep 17 00:00:00 2001
From: RemRem <remrem@github.com>
Date: Wed, 15 Nov 2023 01:06:25 +0100
Subject: [PATCH] add validation for request json

---
 app/helpers.php | 31 +++++++++++++++++++++++++++++++
 app/routes.php  |  6 ++++--
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 app/helpers.php

diff --git a/app/helpers.php b/app/helpers.php
new file mode 100644
index 0000000..baadf85
--- /dev/null
+++ b/app/helpers.php
@@ -0,0 +1,31 @@
+<?php
+
+class Helpers
+{
+    static public function validJson(string $json, array $keys): bool
+    {
+        if (Helpers::isJson($json)) {
+            if (!Helpers::expectedArrayKeys(json_decode($json, true), $keys)) {
+                return false;
+            }
+            return true;
+        }
+
+        return false;
+    }
+
+    static public function isJson(string $json): bool
+    {
+        json_decode($json);
+        return json_last_error() === JSON_ERROR_NONE;
+    }
+
+    static public function expectedArrayKeys(array $json, array $keys): bool
+    {
+        foreach ($keys as $key) {
+            if (!array_key_exists($key, $json)) return false;
+        }
+
+        return true;
+    }
+}
diff --git a/app/routes.php b/app/routes.php
index 3226181..c5831bc 100644
--- a/app/routes.php
+++ b/app/routes.php
@@ -5,6 +5,7 @@ require_once "gateway/user_gateway.php";
 require_once "gateway/file_gateway.php";
 require_once "database_con.php";
 require_once "token.php";
+require_once "helpers.php";
 
 header("Access-Control-Allow-Origin: *");
 header("Access-Control-Allow-Headers: Access-Control-Allow-Origin, X-Requested-With, Content-Type, Accept, Origin, Authorization");
@@ -40,10 +41,11 @@ return function (App $app) {
     #### ACCOUNT ####
     // Create User 
     $app->post('/user', function (Request $req, Response $res) {
-        $req_body = $req->getParsedBody();
-        if (!array_key_exists('email', $req_body) || !array_key_exists('hash', $req_body) || !array_key_exists('username', $req_body)) {
+        if (!Helpers::validJson((string) $req->getBody(), array("email", "hash", "username"))) {
             return $res->withStatus(400);
         }
+
+        $req_body = $req->getParsedBody();
         $code = (new UserGateway)->createUser($req_body['email'], $req_body['hash'], $req_body['username']);
         if ($code === -1) return $res->withStatus(409);