Merge pull request #19 from Asymmetrik/fix/sanitize-oauth

Add sanitize to auth routes
bluehalo · May 7, 2018 · 9a154dd · 9a154dd
2 parents 6cb4f90 + a57cbd8
commit 9a154dd
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/src/server/oauth/oauth.config.js b/src/server/oauth/oauth.config.js
@@ -28,17 +28,39 @@ let routes = [
 			name: 'aud',
 			type: 'string',
 			required: true
+		},
+		{
+			name: 'launch',
+			type: 'string'
 		}],
 		scopes: [{
 			name: 'code',
 			type: 'string'
-		}],
+		},
+	],
 		controller: controller.authorize
 	},
 	{
 		type: 'post',
 		path: '/token',
-		args: [],
+		args: [{
+			name: 'grant_type',
+			type: 'string',
+			required: true
+		},
+		{
+			name: 'code',
+			type: 'string',
+			required: true
+		},
+		{
+			name: 'secret',
+			type: 'string'
+		},
+		{
+			name: 'refresh_token',
+			type: 'string'
+		}],
 		scopes: [],
 		controller: controller.token
 	}

diff --git a/src/server/oauth/routes/oauth.routes.js b/src/server/oauth/routes/oauth.routes.js
@@ -1,5 +1,7 @@
 const cors = require('cors');
 const { routes } = require('../oauth.config');
+const { sanitizeMiddleware } = require('../../utils/sanitize.utils');
+
 
 /**
  * @name exports
@@ -25,9 +27,10 @@ module.exports = (app, config, logger) => {
 			app[route.type](
 				route.path,
 				cors(corsOptions),
+				sanitizeMiddleware(route.args),
 				route.controller(oauth, config, logger)
 			);
 		});
 	}
 
-};
+};