middleware for content-type validation, refactoring

client/src/scripts/create.js

@@ -2,15 +2,10 @@ import { DeckStateManager } from '../modules/DeckStateManager.js';
 import { GameCreationStepManager } from '../modules/GameCreationStepManager.js';
 import { injectNavbar } from '../modules/Navbar.js';
 import createTemplate from '../view_templates/CreateTemplate.js';
-import { io } from 'socket.io-client';
 import { toast } from '../modules/Toast';
 
 const create = () => {
     injectNavbar();
-    const socket = io();
-    socket.on('broadcast', (message) => {
-        toast(message, 'warning', true, false);
-    });
     document.getElementById('game-creation-container').innerHTML = createTemplate;
     const deckManager = new DeckStateManager();
     const gameCreationStepManager = new GameCreationStepManager(deckManager);

client/src/scripts/home.js

@@ -1,13 +1,8 @@
 import { XHRUtility } from '../modules/XHRUtility.js';
 import { toast } from '../modules/Toast.js';
 import { injectNavbar } from '../modules/Navbar.js';
-import { io } from 'socket.io-client';
 
 const home = () => {
-    const socket = io();
-    socket.on('broadcast', (message) => {
-        toast(message, 'warning', true, false);
-    });
     injectNavbar();
     document.getElementById('join-form').addEventListener('submit', attemptToJoinGame);
 };

client/src/scripts/howToUse.js

@@ -1,13 +1,7 @@
 import { injectNavbar } from '../modules/Navbar.js';
-import { io } from 'socket.io-client';
-import { toast } from '../modules/Toast';
 
 const howToUse = () => {
     injectNavbar();
-    const socket = io();
-    socket.on('broadcast', (message) => {
-        toast(message, 'warning', true, false);
-    });
 };
 
 if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {

client/src/scripts/join.js

@@ -3,14 +3,9 @@ import { toast } from '../modules/Toast.js';
 import { XHRUtility } from '../modules/XHRUtility.js';
 import { UserUtility } from '../modules/UserUtility.js';
 import { globals } from '../config/globals.js';
-import { io } from 'socket.io-client';
 
 const join = () => {
     injectNavbar();
-    const socket = io();
-    socket.on('broadcast', (message) => {
-        toast(message, 'warning', true, false);
-    });
     const splitUrl = window.location.pathname.split('/join/');
     const accessCode = splitUrl[1];
     if (/^[a-zA-Z0-9]+$/.test(accessCode) && accessCode.length === globals.ACCESS_CODE_LENGTH) {

client/src/scripts/notFound.js

@@ -1,13 +1,7 @@
 import { injectNavbar } from '../modules/Navbar.js';
-import { io } from 'socket.io-client';
-import { toast } from '../modules/Toast';
 
 const notFound = () => {
     injectNavbar();
-    const socket = io();
-    socket.on('broadcast', (message) => {
-        toast(message, 'warning', true, false);
-    });
 };
 
 if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {

index.js

@@ -3,16 +3,12 @@
 const express = require('express');
 const path = require('path');
 const app = express();
-const bodyParser = require('body-parser');
 const GameManager = require('./server/modules/GameManager.js');
 const SocketManager = require('./server/modules/SocketManager.js');
 const globals = require('./server/config/globals');
 const ServerBootstrapper = require('./server/modules/ServerBootstrapper');
 
-app.use(bodyParser.json());
+app.use(express.json());
-app.use(bodyParser.urlencoded({
-    extended: true
-}));
 
 const args = ServerBootstrapper.processCLIArgs();
 

server/api/AdminAPI.js

@@ -26,6 +26,7 @@ if (process.env.NODE_ENV.trim() === 'production') {
 router.use(cors(globals.CORS));
 
 router.use((req, res, next) => {
+    req.accepts()
     if (isAuthorized(req)) {
         next();
     } else {
@@ -33,6 +34,14 @@ router.use((req, res, next) => {
     }
 });
 
+router.post('/sockets/broadcast', (req, res, next) => {
+    globals.CONTENT_TYPE_VALIDATOR(req, res, next);
+});
+router.put('/games/state', (req, res, next) => {
+    globals.CONTENT_TYPE_VALIDATOR(req, res, next);
+});
+
+// TODO: implement client-side display of this message.
 router.post('/sockets/broadcast', function (req, res) {
     logger.info('admin user broadcasting message: ' + req.body?.message);
     socketManager.broadcast(req.body?.message);
@@ -44,7 +53,7 @@ router.get('/games/state', function (req, res) {
 });
 
 router.put('/games/state', function (req, res) {
-    // TODO: validate the request body - can break the application if malformed.
+    // TODO: validate the JSON object sent - ones that don't match the expected model could break the application.
     gameManager.activeGameRunner.activeGames = req.body;
     res.status(201).send(gameManager.activeGameRunner.activeGames);
 });

server/api/GamesAPI.js

@@ -28,6 +28,16 @@ router.options('/:code/players', cors(globals.CORS));
 router.options('/create', cors(globals.CORS));
 router.options('/restart', cors(globals.CORS));
 
+router.post('/create', (req, res, next) => {
+    globals.CONTENT_TYPE_VALIDATOR(req, res, next);
+});
+router.patch('/players', (req, res, next) => {
+    globals.CONTENT_TYPE_VALIDATOR(req, res, next);
+});
+router.patch('/restart', (req, res, next) => {
+    globals.CONTENT_TYPE_VALIDATOR(req, res, next);
+});
+
 if (process.env.NODE_ENV.trim() === 'production') {
     router.use(apiLimiter);
     router.use('/create', gameEndpointLimiter);

server/config/globals.js

@@ -12,6 +12,14 @@ const globals = {
             origin: 'https://play-werewolf.app',
             optionsSuccessStatus: 200
         },
+    CONTENT_TYPE_VALIDATOR: (req, res, next) => {
+        req.accepts()
+        if (req.is('application/json')) {
+            next();
+        } else {
+            res.status(400).send('Request has invalid content type.');
+        }
+    },
     STALE_GAME_HOURS: 12,
     CLIENT_COMMANDS: {
         FETCH_GAME_STATE: 'fetchGameState',