Feature/add param validation

.github/workflows/deploy_to_dev_manually.yml

@@ -0,0 +1,19 @@
+name: Deploy to dev manually
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy_dev:
+    uses: 18F/analytics-reporter-api/.github/workflows/deploy.yml@develop
+    with:
+      APP_NAME: ${{ vars.APP_NAME_DEV }}
+      CF_ORGANIZATION_NAME: ${{ vars.CF_ORGANIZATION_NAME }}
+      CF_SPACE_NAME: ${{ vars.CF_SPACE_NAME_DEV }}
+      DB_SERVICE_NAME: ${{ vars.DB_SERVICE_NAME_DEV }}
+      NEW_RELIC_APP_NAME: ${{ vars.NEW_RELIC_APP_NAME_DEV }}
+    secrets:
+      API_DATA_GOV_SECRET: ${{ secrets.API_DATA_GOV_SECRET_DEV }}
+      CF_USERNAME: ${{ secrets.CF_USERNAME_DEV }}
+      CF_PASSWORD: ${{ secrets.CF_PASSWORD_DEV }}
+      NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY_DEV }}

package.json

@@ -47,7 +47,8 @@
     "knex": "^3.0.1",
     "lodash": ">= 4.17.21",
     "pg": "^8.11.3",
-    "winston": "^3.11.0"
+    "winston": "^3.11.0",
+    "yup": "^1.4.0"
   },
   "optionalDependencies": {
     "newrelic": "^11.3.0"

src/app.js

@@ -4,6 +4,7 @@
 const logger = require("./logger");
 const router = express.Router();
 const routesVersioning = require("express-routes-versioning")();
+const yup = require("yup");
 
 const app = express();
 
@@ -15,6 +16,10 @@
 app.use(router);
 app.use(logger.errorLoggingMiddleware());
 
+/**
+ * Converts date object to an ISO date string without time and zone.
+ * @param dataPoint
+ */
 const formatDateForDataPoint = (dataPoint) => {
   if (dataPoint.date) {
     return dataPoint.date.toISOString().slice(0, 10);
@@ -29,6 +34,17 @@
   "second-level-domain",
 ];
 
+/**
+ * Currently the only regex match in request validation is on date string
+ * formatting. Hard code that the yup.string().matches() validation returns a
+ * helpful error message when dates are not formatted correctly.
+ */
+yup.setLocale({
+  string: {
+    matches: "must be a date in format 'YYYY-MM-DD'",
+  },
+});
+
 const checkDomainFilter = (req, res) => {
   if (
     acceptableDomainReports.includes(req.params.reportName) &&
@@ -45,8 +61,18 @@
 };
 
 const fetchData = (req, res) => {
+  try {
+    validateRequest(req);
+  } catch (err) {
+    res.status(400);
+    return res.json({
+      message: `Invalid request params: ${err}`,
+      status: 400,
+    });
+  }
   const params = Object.assign(req.query, req.params);
-  db.query(params)
+  return db
+    .query(params)
     .then((result) => {
       const response = result.map((dataPoint) =>
         Object.assign(
@@ -68,14 +94,33 @@
     })
     .catch((err) => {
       console.error("Unexpected Error:", err);
-      res.status(400);
+      res.status(500);
       return res.json({
         message: "An error occurred. Please check the application logs.",
-        status: 400,
+        status: 500,
       });
     });
 };
 
+const validateRequest = (req) => {
+  const isoDateRegex = /^\d{4}-([0][1-9]|1[0-2])-([0][1-9]|[1-2]\d|3[01])$/;
+  const requestSchema = yup.object({
+    query: yup.object({
+      before: yup.string().matches(isoDateRegex),
+      after: yup.string().matches(isoDateRegex),
+      limit: yup.number().positive().integer().max(10000),
+      page: yup.number().positive().integer(),
+    }),
+    params: yup.object({
+      domain: yup.string(),
+      reportAgency: yup.string(),
+      reportName: yup.string(),
+      version: yup.string(),
+    }),
+  });
+  return requestSchema.validateSync(req);
+};
+
 app.get("/", (req, res) => {
   res.json({
     current_time: new Date(),