Skip to content

Commit

Permalink
Add extra security
Browse files Browse the repository at this point in the history
  • Loading branch information
david emioma committed May 7, 2024
1 parent cdfa19f commit ac38a18
Show file tree
Hide file tree
Showing 13 changed files with 285 additions and 2 deletions.
7 changes: 7 additions & 0 deletions actions/checkText.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
"use server";

import { containBadWords } from "@/lib/utils";
import { comprehendClient } from "@/lib/aws-client-comprehend";
import { DetectSentimentCommand } from "@aws-sdk/client-comprehend";

Expand All @@ -13,6 +14,12 @@ export const checkText = async ({ text }: Props) => {
return { error: "Text shound not be empty!" };
}

const hasBadWords = containBadWords(text);

if (hasBadWords) {
return { error: "Text is inappropiate!" };
}

const languageCode =
"en" ||
"es" ||
Expand Down
14 changes: 14 additions & 0 deletions actions/createStore.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import {
sendCreatedStoreEmail,
sendStoreVerificationTokenEmail,
} from "@/lib/mail";
import { checkText } from "./checkText";

const ratelimit = new Ratelimit({
redis,
Expand Down Expand Up @@ -49,6 +50,19 @@ export const createStore = async (values: StoreValidator) => {

const { name, email, country, postcode, code } = validatedFields.data;

if (process.env.VERCEL_ENV === "production") {
//Check if name and desctiption are appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return { error: "The name of your store is inappropiate! Change it" };
}
}

// Check if postcode is valid
const locationIsValid = postcodeValidator(postcode, country);

Expand Down
32 changes: 32 additions & 0 deletions app/api/stores/[storeId]/banners/[bannerId]/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import { NextResponse } from "next/server";
import { apiRatelimit } from "@/lib/redis";
import { currentRole, currentUser } from "@/lib/auth";
import { BannerSchema } from "@/lib/validators/banner";
import { checkText } from "@/actions/checkText";
import { checkImage } from "@/actions/checkImage";

export async function PATCH(
request: Request,
Expand Down Expand Up @@ -66,6 +68,36 @@ export async function PATCH(

const { name, image } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name and desctiption are appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your banner is inappropiate! Change it.",
{
status: 400,
}
);
}

//Check if images are appropiate
const imgIsAppropiate = await checkImage({ imageUrl: image });

if (!imgIsAppropiate.isAppropiate || imgIsAppropiate.error) {
return new NextResponse(
"The image of your banner is inappropiate! Change it.",
{
status: 400,
}
);
}
}

//Check if banner name exists
const banner = await prismadb.category.findFirst({
where: {
Expand Down
32 changes: 32 additions & 0 deletions app/api/stores/[storeId]/banners/new/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import { apiRatelimit } from "@/lib/redis";
import { NextResponse } from "next/server";
import { currentRole, currentUser } from "@/lib/auth";
import { BannerSchema } from "@/lib/validators/banner";
import { checkText } from "@/actions/checkText";
import { checkImage } from "@/actions/checkImage";

export async function POST(
request: Request,
Expand Down Expand Up @@ -62,6 +64,36 @@ export async function POST(

const { name, image } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name and desctiption are appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your banner is inappropiate! Change it.",
{
status: 400,
}
);
}

//Check if images are appropiate
const imgIsAppropiate = await checkImage({ imageUrl: image });

if (!imgIsAppropiate.isAppropiate || imgIsAppropiate.error) {
return new NextResponse(
"The image of your banner is inappropiate! Change it.",
{
status: 400,
}
);
}
}

//Check if banner name exists
const banner = await prismadb.banner.findFirst({
where: {
Expand Down
21 changes: 20 additions & 1 deletion app/api/stores/[storeId]/categories/[id]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
import prismadb from "@/lib/prisma";
import { UserRole } from "@prisma/client";
import { NextResponse } from "next/server";
import { checkText } from "@/actions/checkText";
import { currentRole, currentUser } from "@/lib/auth";
import { CategorySchema } from "@/lib/validators/category";
import { UserRole } from "@prisma/client";

export async function PATCH(
request: Request,
Expand Down Expand Up @@ -57,6 +58,24 @@ export async function PATCH(

const { name } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name is appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your category is inappropiate! Change it.",
{
status: 400,
}
);
}
}

//Check if category name exists
const category = await prismadb.category.findFirst({
where: {
Expand Down
21 changes: 20 additions & 1 deletion app/api/stores/[storeId]/categories/new/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
import prismadb from "@/lib/prisma";
import { UserRole } from "@prisma/client";
import { NextResponse } from "next/server";
import { checkText } from "@/actions/checkText";
import { currentRole, currentUser } from "@/lib/auth";
import { CategorySchema } from "@/lib/validators/category";
import { UserRole } from "@prisma/client";

export async function POST(
request: Request,
Expand Down Expand Up @@ -53,6 +54,24 @@ export async function POST(

const { name } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name is appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your category is inappropiate! Change it.",
{
status: 400,
}
);
}
}

//Check if category name exists
const category = await prismadb.category.findFirst({
where: {
Expand Down
19 changes: 19 additions & 0 deletions app/api/stores/[storeId]/colors/[colorId]/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { NextResponse } from "next/server";
import { ColorSchema } from "@/lib/validators/color";
import { currentRole, currentUser } from "@/lib/auth";
import { UserRole } from "@prisma/client";
import { checkText } from "@/actions/checkText";

export async function PATCH(
request: Request,
Expand Down Expand Up @@ -57,6 +58,24 @@ export async function PATCH(

const { name, value } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name is appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your color is inappropiate! Change it.",
{
status: 400,
}
);
}
}

//Check if category name exists
const color = await prismadb.color.findFirst({
where: {
Expand Down
19 changes: 19 additions & 0 deletions app/api/stores/[storeId]/colors/new/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { NextResponse } from "next/server";
import { ColorSchema } from "@/lib/validators/color";
import { currentRole, currentUser } from "@/lib/auth";
import { UserRole } from "@prisma/client";
import { checkText } from "@/actions/checkText";

export async function POST(
request: Request,
Expand Down Expand Up @@ -53,6 +54,24 @@ export async function POST(

const { name, value } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name is appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your category is inappropiate! Change it.",
{
status: 400,
}
);
}
}

//Check if category name exists
const color = await prismadb.color.findFirst({
where: {
Expand Down
51 changes: 51 additions & 0 deletions app/api/stores/[storeId]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import prismadb from "@/lib/prisma";
import { UserRole } from "@prisma/client";
import { NextResponse } from "next/server";
import { checkText } from "@/actions/checkText";
import { checkImage } from "@/actions/checkImage";
import { currentRole, currentUser } from "@/lib/auth";
import { postcodeValidator } from "postcode-validator";
import { StoreSettingsSchema } from "@/lib/validators/storeSettings";
Expand Down Expand Up @@ -54,6 +56,55 @@ export async function PATCH(

const { name, country, postcode, description, logo } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name and description is appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your store is inappropiate! Change it.",
{
status: 400,
}
);
}

const descIsAppropiate = await checkText({
text: description || "hello",
});

if (
descIsAppropiate.success === "NEGATIVE" ||
descIsAppropiate.success === "MIXED" ||
descIsAppropiate.error
) {
return new NextResponse(
"The description of your store is inappropiate! Change it.",
{
status: 400,
}
);
}

if (logo) {
//Check if logo are appropiate
const imgIsAppropiate = await checkImage({ imageUrl: logo });

if (!imgIsAppropiate.isAppropiate || imgIsAppropiate.error) {
return new NextResponse(
"The logo of your store is inappropiate! Change it.",
{
status: 400,
}
);
}
}
}

//Check if postcode is valid
const locationIsValid = postcodeValidator(postcode, country);

Expand Down
34 changes: 34 additions & 0 deletions app/api/stores/[storeId]/sizes/[sizeId]/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { NextResponse } from "next/server";
import { SizeSchema } from "@/lib/validators/size";
import { currentRole, currentUser } from "@/lib/auth";
import { UserRole } from "@prisma/client";
import { checkText } from "@/actions/checkText";

export async function PATCH(
request: Request,
Expand Down Expand Up @@ -57,6 +58,39 @@ export async function PATCH(

const { name, value } = validatedBody;

if (process.env.VERCEL_ENV === "production") {
//Check if name and value are appropiate
const nameIsAppropiate = await checkText({ text: name });

if (
nameIsAppropiate.success === "NEGATIVE" ||
nameIsAppropiate.success === "MIXED" ||
nameIsAppropiate.error
) {
return new NextResponse(
"The name of your size is inappropiate! Change it.",
{
status: 400,
}
);
}

const valueIsAppropiate = await checkText({ text: value });

if (
valueIsAppropiate.success === "NEGATIVE" ||
valueIsAppropiate.success === "MIXED" ||
valueIsAppropiate.error
) {
return new NextResponse(
"The value of your size is inappropiate! Change it.",
{
status: 400,
}
);
}
}

//Check if category name exists
const size = await prismadb.size.findFirst({
where: {
Expand Down
Loading

0 comments on commit ac38a18

Please sign in to comment.