Fix ldb lookup and add sanitization

2023-01-11 21:03:04 +00:00 · 2023-01-11 21:03:04 +00:00 · 68576d8869
parent 2d3abdc84c
commit 68576d8869
6 changed files with 70 additions and 28 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -13,7 +13,8 @@
        "express": "^4.18.2",
        "ldbs-json": "^1.2.1",
        "mongodb": "^4.13.0",
-        "node-gzip": "^1.1.2"
+        "node-gzip": "^1.1.2",
+        "string-sanitizer-fix": "^2.0.1"
      }
    },
    "node_modules/@aws-crypto/ie11-detection": {
@ -1979,6 +1980,11 @@
        "node": ">= 0.8"
      }
    },
+    "node_modules/string-sanitizer-fix": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/string-sanitizer-fix/-/string-sanitizer-fix-2.0.1.tgz",
+      "integrity": "sha512-I5RSqL5vDfKnoAbpFP2mU0QAh7Gc1KoeIg02N+5+NBfDB/MiSddgNNXfmWND7+BBwy3zub6s/ZWRbZICZKUA0g=="
+    },
    "node_modules/strnum": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz",
@ -3635,6 +3641,11 @@
      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
      "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ=="
    },
+    "string-sanitizer-fix": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/string-sanitizer-fix/-/string-sanitizer-fix-2.0.1.tgz",
+      "integrity": "sha512-I5RSqL5vDfKnoAbpFP2mU0QAh7Gc1KoeIg02N+5+NBfDB/MiSddgNNXfmWND7+BBwy3zub6s/ZWRbZICZKUA0g=="
+    },
    "strnum": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz",
--- a/package.json
+++ b/package.json
@ -4,7 +4,8 @@
    "express": "^4.18.2",
    "ldbs-json": "^1.2.1",
    "mongodb": "^4.13.0",
-    "node-gzip": "^1.1.2"
+    "node-gzip": "^1.1.2",
+    "string-sanitizer-fix": "^2.0.1"
  },
  "name": "owlboard",
  "description": "OwlBoard is an API and PWA for live rail departure board in the UK.",
--- a/src/services/dbAccess.services.js
+++ b/src/services/dbAccess.services.js
@ -75,9 +75,11 @@ async function updateMeta(type, target, unixTime){

 async function query(collection, query){
    await client.connect();
+    log.out(`dbAccess.query: Connecting to collection: '${collection}'`)
    var qcoll = db.collection(collection);
    var qcursor = qcoll.find(query)
    qcursor.project({_id: 0})
+    log.out(`dbAccess.query: Running Query: ${JSON.stringify(query)}`)
    var qresult = await qcursor.toArray();
    return qresult;
 }
--- a/src/services/ldb.services.js
+++ b/src/services/ldb.services.js
@ -10,26 +10,28 @@
 const log      = require('../utils/log.utils');          // Log Helper
 const ldb  = require('ldbs-json')
 const util = require('../utils/ldb.utils')
+const san = require('../utils/sanitizer.utils')

 const ldbKey   = process.env.OWL_LDB_KEY
 const ldbsvKey = process.env.OWL_LDB_SVKEY

 async function get(body, id){
-    // Read request body for information on request
-    // Check whether input is CRS or TIPLOC with util.checkInput(input)
-    // if TIPLOC then convert to CRS,
-    // then check whether staff is true or false,
-    // then call the correct function and
-    // return that output to calling function
-    // for now, just call arrDepBoard(CRS) with the id from the url directly used - UNSAFE
-    var output = await arrDepBoard(id)
-    return output
+    var cleanId = san.cleanApiEndpoint(id);
+    var obj = await util.checkCrs(cleanId);
+    try {
+        var crs = obj[0]['3ALPHA'];
+        log.out(`ldbService.get: Determined CRS for lookup to be: ${crs}`);
+        var data = await arrDepBoard(crs);
+    } catch (err) {
+        log.out(`ldbService.get: Error, Unable to find CRS: ${err}`)
+        var data = {ERROR:'NOT_FOUND',description:'The entered station was not found.  Please check and try again.'};
+    }
+    return data;
 }

 async function arrDepBoard(CRS){
-    var valid = await util.checkCrs(CRS)
-    log.out(`ldbService.arrDepBoard: Fetching ArrDep Board for ${CRS}`)
-    if (valid != false){
+    log.out(`ldbService.arrDepBoard: Trying to fetch ArrDep Board for ${CRS}`)
+    try {
        var options = {
            numRows: 10,
            crs: CRS.toUpperCase()
@ -37,8 +39,8 @@ async function arrDepBoard(CRS){
        var api = new ldb(ldbKey,false)
        var reply = await api.call("GetArrDepBoardWithDetails",options)
        return reply
-    } else if (valid == false) {
-        log.out(`ldbService.arrDepBoard: Invalid 3ALPHA for lookup: ${CRS}`)
+    } catch (err) {
+        log.out(`ldbService.arrDepBoard: Lookup Failed for: ${CRS}`)
        return {GetStationBoardResult: "not available", Reason: `The CRS code ${CRS} is not valid`, Why: `Sometimes a station will have more than one CRS - for example Filton Abbey Wood has FIT and FAW however schedules are only available when looking up with FIT - this is how the National Rail Enquiries systems work.`};
    }
 };
--- a/src/utils/ldb.utils.js
+++ b/src/utils/ldb.utils.js
@ -1,18 +1,15 @@
-const log      = require('../utils/log.utils');          // Log Helper
+const log  = require('../utils/log.utils');            // Log Helper
+const db   = require('../services/dbAccess.services') // DB Access

 async function checkCrs(input){
-    // Check whether CRS is valid
-    // if not, try to get tiploc
-    // Until implemented always return true
-    return true
-}
-
-async function convertTiploc(input){
-    // Convert TIPLOC to CRS with DBLookup
-    return input
+    var INPUT = input.toUpperCase()
+    log.out(`ldbUtils.checkCrs: Building database query to find: '${INPUT}'`)
+    var query = {'$or':[{'3ALPHA':INPUT},{'TIPLOC':INPUT},{'STANOX':INPUT}]};
+    var result = await db.query("stations", query)
+    log.out(`ldbUtils.checkCrs: Query results: ${JSON.stringify(result)}`)
+    return result
 }

 module.exports = {
-    checkCrs,
-    convertTiploc
+    checkCrs
 }
--- a/src/utils/sanitizer.utils.js
+++ b/src/utils/sanitizer.utils.js
@ -0,0 +1,29 @@
+const clean = require('string-sanitizer-fix');
+const log   = require('../utils/log.utils');
+
+/*
+string.sanitize("a.bc@d efg#h"); // abcdefgh
+string.sanitize.keepSpace("a.bc@d efg#h"); // abcd efgh
+string.sanitize.keepUnicode("a.bc@d efg#hক"); // abcd efghক
+string.sanitize.addFullstop("a.bc@d efg#h"); // abcd.efgh
+string.sanitize.addUnderscore("a.bc@d efg#h"); // abcd_efgh
+string.sanitize.addDash("a.bc@d efg#h"); // abcd-efgh
+string.sanitize.removeNumber("@abcd efgh123"); // abcdefgh
+string.sanitize.keepNumber("@abcd efgh123"); // abcdefgh123
+string.addFullstop("abcd efgh"); // abcd.efgh
+string.addUnderscore("@abcd efgh"); // @abcd_efgh
+string.addDash("@abcd efgh"); // @abcd-efgh
+string.removeSpace("@abcd efgh"); // @abcdefgh
+*/
+
+function cleanApiEndpoint(input) {
+    var output = clean.sanitize(input)
+    if (output != input){
+        log.out(`sanitizerUtils.cleanApiEndpoint: WARN: Sanitizing changed string. Input = ${input}`);
+    }
+    return output
+}
+
+module.exports = {
+    cleanApiEndpoint
+}