express-blog/src/middleware/validateRequestIntegrity.js at c63c570d1db5ea3fe7287dc4adbae753602fcc21

Fork: 0

jason / express-blog

Find file

Newer

Older

express-blog / src / middleware / validateRequestIntegrity.js

Jason on 14 Jul 1 KB modified: src/middleware/validateRequestIntegrity.js

Raw Blame History

// middleware/validateHttpRequest.js
const HttpError = require("../utils/HttpError");
const {
  ALLOWED_HTTP_METHODS,
  MAX_HEADER_COUNT,
  DISALLOWED_CONTENT_TYPE_SUBSTRINGS,
  MAX_CONTENT_LENGTH,
} = require("../constants/httpLimits");
const { HTTP_ERRORS } = require("../constants/httpMessages");

module.exports = (req, res, next) => {
  const contentLength = parseInt(req.get("content-length") || "0", 10);
  const contentType = req.headers["content-type"] || "";
  const headerCount = Object.keys(req.headers).length;

  if (!ALLOWED_HTTP_METHODS.includes(req.method)) {
    return next(new HttpError(HTTP_ERRORS.METHOD_NOT_ALLOWED(req.method), 405));
  }

  if (contentLength > MAX_CONTENT_LENGTH) {
    return next(new HttpError(HTTP_ERRORS.PAYLOAD_TOO_LARGE, 413));
  }

  if (DISALLOWED_CONTENT_TYPE_SUBSTRINGS.some((t) => contentType.includes(t))) {
    return next(new HttpError(HTTP_ERRORS.FILE_UPLOADS_NOT_ALLOWED, 400));
  }

  if (headerCount > MAX_HEADER_COUNT) {
    return next(new HttpError(HTTP_ERRORS.TOO_MANY_HEADERS, 400));
  }

  next();
};