Is there a way to make laravel report a malformed JSON on input? Now the controller just doesnt receive any data and I would want it to raise an exception if content type is json on request
Do it in a before filter:
App::before(function ($request)
{
if ( ! str_contains($request->getContentType(), 'json')) return;
json_decode($request->getContent());
if (json_last_error() != JSON_ERROR_NONE)
{
throw new Exception('Malformed JSON.');
}
});
If you don't want it to fail when there's no content, use this:
App::before(function ($request)
{
if ( ! ($content = $request->getContent())) return;
if ( ! str_contains($request->getContentType(), 'json')) return;
json_decode($content);
if (json_last_error() != JSON_ERROR_NONE)
{
throw new Exception('Malformed JSON.');
}
});
Related
My server is supposed to send me back some data (stored as json) read when asked. To avoid blocking communications, I set-up 2 promises: one to read a file:
function readingfile(survey) {
return new Promise(
function (data_read, err) {
fs.stat(`./data/${survey}.json`, function (err, stat) {
if (err == null) {
fs.readFile(`./data/${survey}.json`, 'utf8', (err, data) => {
data_read((data))
})
} else
console.error(`./data/${survey}.json doesnt exist`)
})
})
}
and one to read all files from a user:
function readingusersurveys(user) {
let questionnaires = [];
let count = 0;
return new Promise(
function (data_read, err) {
user.surveys.forEach((survey) => {
readingfile(survey).then(function (all_surveys) {
count++;
//console.log((all_surveys)) //ok here
questionnaires.push((all_surveys))
if (count == user.surveys.length) {
console.log((questionnaires)) //not ok here (wtf)
data_read((questionnaires))
}
})
})
})
}
and the code snippet that send the data:
[...]
readingusersurveys(req.user).then(function (all_surveys) {
//console.log(all_surveys)
questionnaires.push((all_surveys))
console.log(questionnaires)
if (questionnaires != null) {
res.status(200).json({
questionnaires
});
} else {
res.status(500).json({});
}
})
but when readingusersurveys() return the data read, it get filled with tons of \r\n making the file unreadable. If I try to place a JSON.parse somewhere, I either: enter a infinite loop or the data become unreadable/undefined (eg: {"asset": ["value"]} become {"asset": [Object]}).
I have tried to place a JSON.parse pretty much everywhere to change comportement but no luck. Any idea how to get rid of \r\n and/or what's missing in my code ? :/
After many tries, I found out that it wasn't the JSON.parse the problem but questionnaire.push. It wasn't doing what I though it was doing(adding 2 json array together).
Added the JSON.parse here
function readingusersurveys(user) {
let questionnaires = [];
let count = 0;
return new Promise(
function (data_read, err) {
user.surveys.forEach((survey) => {
readingfile(survey).then(function (all_surveys) {
count++;
questionnaires.push(JSON.parse(all_surveys)) // <-- HERE
if (count == user.surveys.length) {
data_read((questionnaires)) //<-- array of JSON at this point
}
})
})
})
}
[...]
readingusersurveys(req.user).then(function (all_surveys) {
questionnaires = (all_surveys) //<-- pushing an array of JSON into another array was what created problems
if (questionnaires != null) {
res.status(200).json({
questionnaires
});
} else {
res.status(500).json({});
}
})
If I wanted to do a loop there and add more surveys, I needed to use concat() instead
if (questionnaires[0] == null)
questionnaires = all_surveys
else
questionnaires = questionnaires.concat(all_surveys)
I was trying to make a simple LDAP client to just retrieve the data from an LDAP server. I am returning array of JSON objects from the JSP. On click of any value I will get some data from online server. I am able to load the first set of array into a tree. The arrays got in the next step dont get attached to the JSTree. My codes:
function getGroupsStructure(id) {
console.log("in getGroupsStructure-->");
var paramId = "";
if(id == '') {
console.log("in if-->");
paramId = "c=de";
} else {
console.log("in else-->");
paramId = id;
}
var params = {
"DN" : paramId,
};
console.log("params-->",params);
var getGroupsStructureForUserService = service(webURL + "sendingValues/getGroupsStructureForUser",params,"POST");
getGroupsStructureForUserService.success(function(data) {
console.log("in success-->dta-->",data);
if(data.errorCode == '0') {
console.log("in error code 0-->dta-->",data.treeData);
$('.treeNode').jstree({
'core': {
'data': function (obj, cb) {
cb.call(this,
data.treeData);
}
}
});
console.log("Tree Created...");
} else {
console.log("error code not 0--data-->",data);
}
$(document).off('click').on('click', '.treeNode a', function() {
console.log("on click of a-->");
var id = $(this).parent().attr('id');
console.log("id-->",id);
getGroupsStructure(id);
console.log("after getGroupsStructure");
});
});
getGroupsStructureForUserService.error(function(data) {
console.log(" empty error");
// console.log(err);
});
}
The JSP Code is
def NextLevelLDAP(String DN) {
// println "Next Level===>"
assert ldap!=null
def responseArray=[]
def results=ldap.search('objectClass=*',DN,SearchScope.ONE) //Will be triggered when + is pressed in GUI to get next level of tree
// assert results==null
if(DN.startsWith("c="))
{
JSONObject responseJson1=new JSONObject()
responseJson1.put("id", initialDN )
responseJson1.put("parent", "#")
responseJson1.put("text","Parent")
responseArray.add(responseJson1)
for(entry in results) {
// println entry
// println "In NextLevel Using InitialDN"
JSONObject responseJson=new JSONObject()
responseJson.put("id", entry.dn)
responseJson.put("parent", DN)
String tempResDN=entry.dn.toString()
def tempLength=tempResDN.length() - DN.length()
// println tempResDN
String tempName=tempResDN.substring(2,tempLength-1)
// println tempName
responseJson.put("text",tempName)
responseArray.add(responseJson)
// println entry
println responseJson.toString()
}
return responseArray
}
if(results.size!=0)
{
for(entry in results) {
println entry
JSONObject responseJson=new JSONObject()
responseJson.put("id", entry.dn)
responseJson.put("parent", DN)
String tempResDN=entry.dn.toString()
def tempLength=tempResDN.length() - DN.length()
// println tempResDN
String tempName=tempResDN.substring(2,tempLength-1)
println tempName
responseJson.put("text",tempName)
responseArray.add(responseJson)
// println entry
}
return responseArray
}
}
Please Ignore the way of getting the Parent ID. Its Something COmplicated.
Please help me out how do I get The tree nodes created dynamically. I am just getting the fist level of the tree. The data on click for other levels is being shown in the console but not getting attached to the tree.
Thank you.
You have it the other way around - you need to create the tree and have it make the request for you, so instead of this:
'data': function (obj, cb) {
cb.call(this, data.treeData);
}
Use something like this:
'data': function (obj, cb) {
// you probably need to pass the obj.id as a parameter to the service
// keep in mind if obj.id is "#" you need to return the root nodes
service(...).success(function (data) {
cb.call(this, data.treeData);
});
}
This way you do not need to detach and reattach click handlers every time and it will work out of the box for opening nodes. If you want to open a node on click, you can use this:
$('#tree').on('select_node.jstree', function (e, data) {
data.instance.open_node(data.node);
});
So your whole code should look something like this:
function load(id) {
var params = {
"DN" : id && id !== '#' ? id : "c=de"
};
return service(webURL + "sendingValues/getGroupsStructureForUser", params, "POST");
}
$('#tree')
.jstree({
'core' : {
'data': function (obj, cb) {
load(obj.id).success(function (data) {
cb.(data.treeData);
});
}
}
})
.on('select_node.jstree', function (e, data) {
data.instance.open_node(data.node);
});
Just make sure you mark the nodes your return as having children (set their children property to boolean true).
I'm a little newbie in node.js + mysql + object oriented.
Following question here I would like the 'Content' object to use the values returned by a mysql query. What I'm doing now I find it is really redundant and possibly stupid as rows[0] itself is the object I want to use. Any better way for doing this? Or different approach if this is wrong also appreciated.
(I'm using binary uuid keys that must be hex-stringifyed again to send as resource response)
content.js:
function Content() {
this.id = '';
this.name = '';
this.domain = '';
}
Content.prototype.validate = function(path, queryParams) {
...
return true;
};
Content.prototype.whatever = function(apiVersion, params, callback) {
...
return callback(null, newParams);
};
mysql.js:
MySQLDb.SELECT_CONTENT_ID = "SELECT id, name, domain FROM content WHERE id = UNHEX(?)";
MySQLDb.prototype.findContentByID = function(id, callback) {
this.dbConnection.query(MySQLDb.SELECT_CONTENT_ID, [ id ],
function(err, rows, fields) {
var content = new Content();
if (rows.length > 0) {
var i = 0;
for (var key in rows[0]) {
if (rows[0].hasOwnProperty(key) && content.hasOwnProperty(key)) {
// BINARY(16) --> HEX string
if (fields[i].columnType === 254) {
content[key] = rows[0][key].toString('hex').toUpperCase();
} else {
content[key] = rows[0][key];
}
} else {
console.log('Column ' + key + ' out of sync on table "content"');
}
i += 1;
}
}
callback(err, content);
});
};
contentRes.js:
contentRes.GETWhatever = function(req, res) {
db.findContentByID(req.params.id, function onContent(err, content) {
if (err || !content.validate(req.path, req.query)) {
return res.send({});
}
content.whatever(req.query.apiVersion, req.query.d,
function onWhateverdone(err, params) {
if (err) {
return res.send({});
}
return res.send(params);
});
});
};
I think a lot of people would say you are doing it generally the right way even though it admittedly feels redundant.
It might feel a little cleaner if you refactored your code such that you could call the Content() constructor with an optional object, in this case rows[0] although if you were keeping it clean you wouldn't have access to the fields so you would take a different approach to the data type conversion - either by selecting the HEX representation in query or simply having your Content() know it needs to convert the id property.
Keeping it fairly simple (by which I mean ignoring making the constructor a bit more intelligent as well as any error detection or handling), you would have:
function Content(baseObj) {
this.id = (baseObj && baseObj.id) ? baseObj.id.toString('hex').toUpperCase() : '';
this.name = (baseObj && baseObj.name) ? baseObj.name : '';
this.domain = (baseObj && baseObj.domain) ? baseObj.domain : '';
}
Then you could do something like this:
MySQLDb.prototype.findContentByID = function(id, callback) {
this.dbConnection.query(MySQLDb.SELECT_CONTENT_ID, [ id ],
function(err, rows, fields) {
if (err) return callback(err,null);
return callback(err, new Content(rows[0]));
});
You 'could' also grab the rows[0] object directly, HEX the UUID more or less in situ and modify the __proto__ of the object, or under Harmony/ES6 use the setPrototypeOf() method.
MySQLDb.prototype.findContentByID = function(id, callback) {
this.dbConnection.query(MySQLDb.SELECT_CONTENT_ID, [ id ],
function(err, rows, fields) {
if (err) return callback(err,null);
var content = rows[0];
content.id = content.id.toString('hex').toUpperCase();
content.__proto__ = Content.prototype;
return callback(err, content);
});
Note, I said you 'could' do this. Reasonable people can differ on whether you 'should' do this. __proto__ is deprecated (although it works just fine in Node from what I have seen). If you take this general approach, I would probably suggest using setPrototypeOf(), and install a polyfill until you are otherwise running with ES6.
Just trying to give you a couple of other more terse ways to do this, given that I think the redundancy/verbosity of the first version is what you didn't like. Hope it helps.
I currently have some code from here (https://github.com/jmhnilbog/Nilbog-Lib-AS2/blob/master/mx/mx/remoting/NetServiceProxy.as) which converts a function into a function. This code is shown below:
private var _allowRes:Boolean= false;
function __resolve( methodName:String ):Function {
if( _allowRes ) {
var f = function() :Object {
// did the user give a default client when he created this NetServiceProxy?
if (this.client != null) {
// Yes. Let's create a responder object.
arguments.unshift(new NetServiceProxyResponder(this, methodName));
}
else {
if (typeof(arguments[0].onResult) != "function") {
mx.remoting.NetServices.trace("NetServices", "warning", 3, "There is no defaultResponder, and no responder was given in call to " + methodName);
arguments.unshift(new NetServiceProxyResponder(this, methodName));
}
}
if(typeof(this.serviceName) == "function")
this.serviceName = this.servicename;
arguments.unshift(this.serviceName + "." + methodName);
return( this.nc.call.apply(this.nc, arguments));
};
return f;
}
else {
return null;
}
}
Basically what the code is designed to do is return a new function (returned as f) which performs the correct server operates. However, if I try and use this syntax in AS3, I get the following two errors:
Error: Syntax error: expecting semicolon before colon.
Error: Syntax error: else is unexpected.
How would I go about doing this? I know this is someone else's code, but I am trying to get the old AS1/2 mx.remoting functionality working in AS3. Cheers.
I'm using Node.js and Underscore.js. I can't determine whether to escape JSON data on server side or client side. For underscore doesn't auto escape interpolated values with syntax <%= someValue %> but with <%- someValue %>, which is in the contrast to EJS and may causes confusion. There was a issue on GitHub and also a commit of auto-escape version. But a comment beneath the issue said:
I'm of the general philosophy that escaping should be done closer to
your data than in the templating language
So, any suggestion that when to do HTML escape to AJAX data is better? Here's the server side helper function I have been using:
var htmlEscape = function(html){
return String(html)
.replace(/&(?!\w+;)/g, '&')
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"');
};
var xss = function(obj) {
if (obj instanceof Array) {
for (var i = 0; i < obj.length; i++) {
obj[i] = xss(obj[i]);
}
} else {
for(var key in obj) {
// key != '_id' for mongoose doc
if(obj[key] instanceof Object && !(obj[key] instanceof String)
&& !(obj[key] instanceof Function) && key != '_id') {
obj[key] = xss(obj[key]);
} else if (obj[key] instanceof String || typeof(obj[key]) == "string") {
obj[key] = htmlEscape(obj[key]);
} else {
obj[key] = obj[key];
}
}
}
return obj;
};
Then call it whenever return a JSON:
res.json(xss(someData));
It is always better to perform sanitization/escape operations on the server since anyone can mess with your client side code and send the data any way they want.
There is a great node.js module, node-validator, which has an xss() function as well as a bunch other functions to validate/sanitize your data.