diff --git a/functions/create-room/src/main.js b/functions/create-room/src/main.js index 7a1e63b..4dbb93a 100644 --- a/functions/create-room/src/main.js +++ b/functions/create-room/src/main.js @@ -1,6 +1,6 @@ import AppwriteService from "./appwrite.js"; import LivekitService from "./livekit.js"; -import { throwIfMissing } from "./utils.js"; +import { throwIfMissing, validateCreateRoomInput } from "./utils.js"; export default async ({ req, res, log, error }) => { throwIfMissing(process.env, [ @@ -15,17 +15,22 @@ export default async ({ req, res, log, error }) => { const appwrite = new AppwriteService(); const livekit = new LivekitService(); + let body; + let validatedData; try { - throwIfMissing(JSON.parse(req.body), ["name", "adminUid", "tags"]); + body = JSON.parse(req.body); + throwIfMissing(body, ["name", "adminUid", "tags"]); + validatedData = validateCreateRoomInput(body); } catch (err) { - error(err.message); - return res.json({ msg: err.message }, 400); + error(err.message); + return res.json({ msg: err.message }, 400); } + const { name, description, adminUid, tags } = validatedData; + try { log(req); - const { name, description, adminUid, tags } = JSON.parse(req.body); // create a new room on appwrite const newRoomdata = { diff --git a/functions/create-room/src/utils.js b/functions/create-room/src/utils.js index d40c4c6..2a23bc9 100644 --- a/functions/create-room/src/utils.js +++ b/functions/create-room/src/utils.js @@ -9,3 +9,26 @@ export const throwIfMissing = (obj, keys) => { throw new Error(`Missing required fields: ${missing.join(", ")}`); } }; + +export function validateCreateRoomInput(body) { + const { name, description, adminUid, tags } = body; + if (typeof name !== "string" || name.trim().length === 0) { + throw new Error("Invalid room name"); + } + if (typeof adminUid !== "string" || adminUid.trim().length === 0) { + throw new Error("Invalid adminUid"); + } + if (!Array.isArray(tags) || tags.some(tag => typeof tag !== "string")) { + throw new Error("Tags must be an array of strings"); + } + if (description !== undefined && typeof description !== "string") { + throw new Error("Description must be a string"); + } + return { + name: name.trim(), + description: typeof description === "string" ? description.trim() : "", + adminUid: adminUid.trim(), + tags, + }; +} +