Module upload validation (#857)

https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622/
2025-10-27 11:41:09 -04:00 · 2022-03-29 09:25:35 +02:00
parent 4e7441a5cf
commit 7cde971f8b
4 changed files with 83 additions and 6 deletions
--- a/app/Http/Controllers/V1/Admin/Modules/UnzipModuleController.php
+++ b/app/Http/Controllers/V1/Admin/Modules/UnzipModuleController.php
@ -3,18 +3,18 @@
 namespace Crater\Http\Controllers\V1\Admin\Modules;

 use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\UnzipUpdateRequest;
 use Crater\Space\ModuleInstaller;
-use Illuminate\Http\Request;

 class UnzipModuleController extends Controller
 {
    /**
     * Handle the incoming request.
     *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \Crater\Http\Requests\UnzipUpdateRequest  $request
     * @return \Illuminate\Http\Response
     */
-    public function __invoke(Request $request)
+    public function __invoke(UnzipUpdateRequest $request)
    {
        $this->authorize('manage modules');

--- a/app/Http/Controllers/V1/Admin/Modules/UploadModuleController.php
+++ b/app/Http/Controllers/V1/Admin/Modules/UploadModuleController.php
@ -3,18 +3,18 @@
 namespace Crater\Http\Controllers\V1\Admin\Modules;

 use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\UploadModuleRequest;
 use Crater\Space\ModuleInstaller;
-use Illuminate\Http\Request;

 class UploadModuleController extends Controller
 {
    /**
     * Handle the incoming request.
     *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \Crater\Http\Requests\UploadModuleRequest  $request
     * @return \Illuminate\Http\Response
     */
-    public function __invoke(Request $request)
+    public function __invoke(UploadModuleRequest $request)
    {
        $this->authorize('manage modules');

--- a/app/Http/Requests/UnzipUpdateRequest.php
+++ b/app/Http/Requests/UnzipUpdateRequest.php
@ -0,0 +1,37 @@
+<?php
+
+namespace Crater\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class UnzipUpdateRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'path' => [
+                'required',
+                'regex:/^[\.\/\w\-]+$/'
+            ],
+            'module' => [
+                'required',
+                'string'
+            ]
+        ];
+    }
+}
--- a/app/Http/Requests/UploadModuleRequest.php
+++ b/app/Http/Requests/UploadModuleRequest.php
@ -0,0 +1,40 @@
+<?php
+
+namespace Crater\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class UploadModuleRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'avatar' => [
+                'required',
+                'file',
+                'mimes:zip',
+                'max:20000'
+            ],
+            'module' => [
+                'required',
+                'string',
+                'max:100'
+            ]
+        ];
+    }
+}