From 286074f9723fa428a5912500360515a1fe63238a Mon Sep 17 00:00:00 2001
From: Riku Rouvila <riku.rouvila@gmail.com>
Date: Sat, 8 Jul 2017 18:18:43 +0100
Subject: [PATCH] add request validation to membership endpoint

---
 package.json             |  1 +
 routes/membership.js     | 18 +++++++++++++++++-
 utils/validateRequest.js | 12 ++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 utils/validateRequest.js

diff --git a/package.json b/package.json
index 03edf61..48cf6cf 100644
--- a/package.json
+++ b/package.json
@@ -25,6 +25,7 @@
     "cors": "^2.7.1",
     "express": "^4.11.0",
     "google-spreadsheet": "^2.0.4",
+    "joi": "^10.6.0",
     "lodash": "^3.10.1",
     "moment": "^2.18.1",
     "morgan": "^1.5.1",
diff --git a/routes/membership.js b/routes/membership.js
index 7bac04b..d6bff78 100644
--- a/routes/membership.js
+++ b/routes/membership.js
@@ -4,10 +4,12 @@ var Promise           = require('bluebird');
 var GoogleSpreadsheet = require('google-spreadsheet');
 var async             = require('async');
 var moment            = require('moment');
+var Joi               = require('joi');
 
 var slack   = require('../services/slack');
 var config  = require('../lib/config');
 var stripe  = require('stripe')(config.stripe.secretKey);
+var validateRequest = require('../utils/validateRequest');
 
 function log(message) {
   console.log(message);
@@ -54,7 +56,21 @@ module.exports = function (app) {
    * POST /membership
    * Endpoint for adding a new member to the association
    */
-  app.post('/membership', function(req, res, next) {
+
+  const schema = Joi.object().keys({
+    userInfo: Joi.object().keys({
+      name: Joi.string().required(),
+      email: Joi.string().email().required(),
+      handle: Joi.string().required(),
+      address: Joi.string().required(),
+      city: Joi.string().required(),
+      postcode: Joi.string().required()
+    }),
+    stripeToken: Joi.string().required()
+  })
+
+  app.post('/membership', validateRequest(schema), function(req, res, next) {
+
     console.log(`Start membership addition with body: ${JSON.stringify(req.body)}`);
 
     stripe.charges.create({
diff --git a/utils/validateRequest.js b/utils/validateRequest.js
new file mode 100644
index 0000000..bb6bb77
--- /dev/null
+++ b/utils/validateRequest.js
@@ -0,0 +1,12 @@
+var Joi = require('joi');
+
+module.exports = function validateRequest(schema) {
+  return function handler(req, res, next) {
+    Joi.validate(req.body, schema, function (err, value) {
+      if(err) {
+        return res.status(400).send(err.details)
+      }
+      next();
+    });
+  }
+}