Merge pull request #130 from Human-Connection/124-change-validation-fields-message-countries

124 change validation fields message countries

Author: matboehm

.dockerignore

@@ -0,0 +1 @@
+node_modules

core/entryController.js

@@ -5,7 +5,8 @@ let formidable = require('formidable'),
     fs = require('fs'),
     crypto = require('crypto'),
     resize = require('./resize'),
-    mailer = require('./mailer');
+    mailer = require('./mailer'),
+    validator = require('validator');
 
 exports.getAll = function (req, res) {
     const ORDER_BY_DATE_ASC = 'asc',
@@ -191,7 +192,7 @@ exports.createEntry = function (req, res) {
         files = [],
         errorFields = [],
         out = {},
-        requiredFields = ['email', 'firstname', 'anon', 'message'],
+        requiredFields = ['email', 'firstname', 'anon', 'country'],
         allowedFields = ['email', 'firstname', 'lastname', 'anon', 'message', 'country', 'beta', 'newsletter', 'pax'];
 
     form.uploadDir = __dirname + '/../uploads/';
@@ -221,6 +222,46 @@ exports.createEntry = function (req, res) {
 
             fields[[field]] = value;
         }
+        if (field === 'firstname') {
+            fields[[field]] = validator.escape(validator.trim(value));
+            if (!validator.isLength(value, {min: 1, max: 200})) {
+                errorFields.push('firstname');
+                out['firstname'] = 'This field needs to have between 1 and 200 characters';
+            }
+        }
+        if (field === 'lastname') {
+            fields[[field]] = validator.escape(validator.trim(value));
+            if (!validator.isLength(value, {max: 200})) {
+                errorFields.push('lastname');
+                out['lastname'] = 'Limit of 200 characters for this field exceeded';
+            }
+        }
+        if (field === 'email') {
+            fields[[field]] = validator.escape(validator.trim(value));
+            if (!validator.isEmail(value)) {
+                errorFields.push('email');
+                out['email'] = 'No valid email address';
+            }
+            if (!validator.isLength(value, {max: 200})) {
+                errorFields.push('email');
+                out['message'] = 'Limit of 200 characters for this field exceeded';
+            }
+        }
+        if (field === 'country') {
+            fields[[field]] = validator.escape(validator.trim(value));
+            if (!validator.isISO31661Alpha2(value)) {
+                errorFields.push('country');
+                out['country'] = 'No valid country code';
+            }
+        }
+        if (field === 'message') {
+            fields[[field]] = validator.escape(validator.trim(value));
+            if (!validator.isLength(value, {max: 500})) {
+                errorFields.push('message');
+                out['message'] = 'Limit of 500 characters for this field exceeded';
+            }
+        }
+
     }).on('file', function (field, file) {
         files.push({
             size: file.size,