diff --git a/app/src/api/controllers/buildingController.ts b/app/src/api/controllers/buildingController.ts index 269ea7b1..b729329e 100644 --- a/app/src/api/controllers/buildingController.ts +++ b/app/src/api/controllers/buildingController.ts @@ -34,9 +34,10 @@ const getBuildingsByReference = asyncController(async (req: express.Request, res // GET individual building, POST building updates const getBuildingById = asyncController(async (req: express.Request, res: express.Response) => { - const { building_id } = req.params; + const buildingId = parseBuildingId(req.params.building_id); + try { - const result = await buildingService.getBuildingById(building_id); + const result = await buildingService.getBuildingById(buildingId); res.send(result); } catch(error) { console.error(error); @@ -61,11 +62,12 @@ const updateBuildingById = asyncController(async (req: express.Request, res: exp }); async function updateBuilding(req: express.Request, res: express.Response, userId: string) { - const { building_id } = req.params; + const buildingId = parseBuildingId(req.params.building_id); + const buildingUpdate = req.body; try { - const building = await buildingService.saveBuilding(building_id, buildingUpdate, userId); + const building = await buildingService.saveBuilding(buildingId, buildingUpdate, userId); if (typeof (building) === 'undefined') { return res.send({ error: 'Database error' }); @@ -81,9 +83,10 @@ async function updateBuilding(req: express.Request, res: express.Response, userI // GET building UPRNs const getBuildingUPRNsById = asyncController(async (req: express.Request, res: express.Response) => { - const { building_id } = req.params; + const buildingId = parseBuildingId(req.params.building_id); + try { - const result = await buildingService.getBuildingUPRNsById(building_id); + const result = await buildingService.getBuildingUPRNsById(buildingId); if (typeof (result) === 'undefined') { return res.send({ error: 'Database error' }); @@ -100,9 +103,11 @@ const getBuildingLikeById = asyncController(async (req: express.Request, res: ex if (!req.session.user_id) { return res.send({ like: false }); // not logged in, so cannot have liked } - const { building_id } = req.params; + + const buildingId = parseBuildingId(req.params.building_id); + try { - const like = await buildingService.getBuildingLikeById(building_id, req.session.user_id); + const like = await buildingService.getBuildingLikeById(buildingId, req.session.user_id); // any value returned means like res.send({ like: like }); @@ -112,9 +117,10 @@ const getBuildingLikeById = asyncController(async (req: express.Request, res: ex }); const getBuildingEditHistoryById = asyncController(async (req: express.Request, res: express.Response) => { - const { building_id } = req.params; + const buildingId = parseBuildingId(req.params.building_id); + try { - const editHistory = await buildingService.getBuildingEditHistory(building_id); + const editHistory = await buildingService.getBuildingEditHistory(buildingId); res.send({ history: editHistory }); } catch(error) { @@ -127,13 +133,13 @@ const updateBuildingLikeById = asyncController(async (req: express.Request, res: return res.send({ error: 'Must be logged in' }); } - const { building_id } = req.params; + const buildingId = parseBuildingId(req.params.building_id); const { like } = req.body; try { const building = like ? - await buildingService.likeBuilding(building_id, req.session.user_id) : - await buildingService.unlikeBuilding(building_id, req.session.user_id); + await buildingService.likeBuilding(buildingId, req.session.user_id) : + await buildingService.unlikeBuilding(buildingId, req.session.user_id); if (building.error) { return res.send(building); @@ -156,6 +162,14 @@ const getLatestRevisionId = asyncController(async (req: express.Request, res: ex } }); +function parseBuildingId(building_id: string) { + const result = parseInt(building_id, 10); + if(isNaN(result)) { + throw new Error('Invalid building ID format'); + } + return result; +} + export default { getBuildingsByLocation, getBuildingsByReference,