kjao/archive
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve error function

Browse Source
This commit is contained in:
Yaman Qalieh 2016-10-25 22:06:46 -04:00
parent 692c13f812
commit 2029b49a12
1 changed files with 32 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
hourglass/server/main.js
View File

@ -145,91 +145,99 @@ var errors = [
["other", "Error could not be processed"] ["other", "Error could not be processed"]
]; ];
function securityCheck(checklist) { function securityCheck(checklist, input) {
var error = -1; var error = -1;
for(var checkpoint = 0; checkpoint < checklist.length; checklist++) { var results = [];
for(var checkpoint = 0; checkpoint < checklist.length - 1; checklist++) {
if (Array.isArray(checkpoint)) {
results.push(securityCheck(checkpoint, input));
continue;
}
switch (checkpoint) { switch (checkpoint) {
// Superadmin // Superadmin
case 0: case 0:
if (!Roles.userIsInRole(Meteor.userId(), ['superadmin'])) error = 0; if (!Roles.userIsInRole(Meteor.userId(), ['superadmin'])) error = 0;
continue; break;
// Any admin // Any admin
case 1: case 1:
if (Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin'])) error = 0; if (Roles.userIsInRole(Meteor.userId(), ['superadmin', 'admin'])) error = 0;
continue; break;
// Unverified classes // Unverified classes
case 2: case 2:
if (classes.find({status:false, admin: Meteor.userId()}).fetch().length > 5) error = 1; if (classes.find({status:false, admin: Meteor.userId()}).fetch().length > 5) error = 1;
continue; break;
// School existence // School existence
case 3: case 3:
if (!schools.findOne({name: input.school})) error = 2; if (!schools.findOne({name: input.school})) error = 2;
continue; break;
// TODO: teachers with same name // TODO: teachers with same name
// Duplicate classes // Duplicate classes
case 4: case 4:
if (classes.findOne({school: input.school, status: true, privacy: false, teacher: input.teacher, hour: input.hour}) || (input.teacher === "" && input.hour === "")) error = 3; if (classes.findOne({school: input.school, status: true, privacy: false, teacher: input.teacher, hour: input.hour}) || (input.teacher === "" && input.hour === "")) error = 3;
continue; break;
// Class admin // Class admin
case 5: case 5:
if (input.admin !== Meteor.userId) error = 4; if (input.admin !== Meteor.userId) error = 4;
continue; break;
// Class existence // Class existence
case 6: case 6:
if (!input) error = 5; if (!input) error = 5;
continue; break;
// User existence // User existence
case 7: case 7:
if (!input) error = 6; if (!input) error = 6;
continue; break;
// Not banned // Not banned
case 8: case 8:
if (_.contains(input.banned, input.userId)) error = 7; if (_.contains(input.banned, input.userId)) error = 7;
continue; break;
// Subscribed // Subscribed
case 9: case 9:
if (!_.contains(input.subscribers, input.userId)) error = 8; if (!_.contains(input.subscribers, input.userId)) error = 8;
continue; break;
// Date is today or onward // Date is today or onward
case 10: case 10:
var ref = new Date(); var ref = new Date();
ref.setHours(0, 0, 0, 0); ref.setHours(0, 0, 0, 0);
ref = ref.getTime(); ref = ref.getTime();
if (ref > input.dueDate.getTime()) error = 9; if (ref > input.dueDate.getTime()) error = 9;
continue; break;
case 11: case 11:
if (input.name > 50) error = 10; if (input.name > 50) error = 10;
continue; break;
case 12: case 12:
if (input.description > 150) error = 11; if (input.description > 150) error = 11;
continue; break;
case 13: case 13:
if (!_.contains(input.moderators.concat(input.admin)), Meteor.userId()) error = 4; if (!_.contains(input.moderators.concat(input.admin)), Meteor.userId()) error = 4;
continue; break;
case 14: case 14:
if (Meteor.userId() !== input.creator) error = 12; if (Meteor.userId() !== input.creator) error = 12;
continue; break;
case 15: case 15:
if (input.comment > 200) error = 13; if (input.comment > 200) error = 13;
continue; break;
case 16: case 16:
if (input.class !== Meteor.userId()) error = errors.length - 1; if (input.class !== Meteor.userId()) error = errors.length - 1;
continue; break;
case 17: case 17:
if (input.code !== pass && input.privacy) error = 14; if (input.code !== pass && input.privacy) error = 14;
continue; break;
case 18: case 18:
if (_.contains(input.classes, input.classId)) error = 15; if (_.contains(input.classes, input.classId)) error = 15;
continue; break;
case 19: case 19:
if (input.content.length > 500) error = 16; if (input.content.length > 500) error = 16;
continue; break;
} }
results.push(error);
} }
if (error => 0) return [false].concat(errors[error]); error = results.find(function(result){return result >= 0;});
if (checklist[checklist.length - 1] && error !== undefined) return error;
else if (results.find(function(result){return result === -1;}) === undefined) return results[0];
else return -1;
} }
Meteor.methods({ Meteor.methods({
// Stuff that is accessible in client // Stuff that is accessible in client