add validation for request json

1 year ago · a3afe63aa0
parent 1f55f39a77
commit a3afe63aa0
2 changed files with 35 additions and 2 deletions
--- a/app/helpers.php
+++ b/app/helpers.php
@ -0,0 +1,31 @@
+<?php
+
+class Helpers
+{
+    static public function validJson(string $json, array $keys): bool
+    {
+        if (Helpers::isJson($json)) {
+            if (!Helpers::expectedArrayKeys(json_decode($json, true), $keys)) {
+                return false;
+            }
+            return true;
+        }
+
+        return false;
+    }
+
+    static public function isJson(string $json): bool
+    {
+        json_decode($json);
+        return json_last_error() === JSON_ERROR_NONE;
+    }
+
+    static public function expectedArrayKeys(array $json, array $keys): bool
+    {
+        foreach ($keys as $key) {
+            if (!array_key_exists($key, $json)) return false;
+        }
+
+        return true;
+    }
+}
--- a/app/routes.php
+++ b/app/routes.php
@ -5,6 +5,7 @@ require_once "gateway/user_gateway.php";
 require_once "gateway/file_gateway.php";
 require_once "database_con.php";
 require_once "token.php";
+require_once "helpers.php";

 header("Access-Control-Allow-Origin: *");
 header("Access-Control-Allow-Headers: Access-Control-Allow-Origin, X-Requested-With, Content-Type, Accept, Origin, Authorization");
@ -40,10 +41,11 @@ return function (App $app) {
    #### ACCOUNT ####
    // Create User 
    $app->post('/user', function (Request $req, Response $res) {
-        $req_body = $req->getParsedBody();
-        if (!array_key_exists('email', $req_body) || !array_key_exists('hash', $req_body) || !array_key_exists('username', $req_body)) {
+        if (!Helpers::validJson((string) $req->getBody(), array("email", "hash", "username"))) {
            return $res->withStatus(400);
        }
+
+        $req_body = $req->getParsedBody();
        $code = (new UserGateway)->createUser($req_body['email'], $req_body['hash'], $req_body['username']);
        if ($code === -1) return $res->withStatus(409);