From 1c5e47b4c4daec00dd326f2d3554c18a3e4c2e1d Mon Sep 17 00:00:00 2001
From: Danny Coates <dannycoates@gmail.com>
Date: Mon, 5 Feb 2018 17:21:32 -0800
Subject: [PATCH] validate id param without middleware

---
 server/routes/index.js | 21 ++++++++++-----------
 server/validation.js   | 12 ------------
 2 files changed, 10 insertions(+), 23 deletions(-)
 delete mode 100644 server/validation.js

diff --git a/server/routes/index.js b/server/routes/index.js
index 69886e6f..f2c7e79d 100644
--- a/server/routes/index.js
+++ b/server/routes/index.js
@@ -5,11 +5,11 @@ const languages = require('../languages');
 const storage = require('../storage');
 const config = require('../config');
 const pages = require('./pages');
-const validation = require('../validation');
 const { negotiateLanguages } = require('fluent-langneg');
 const IS_DEV = config.env === 'development';
 const acceptLanguages = /(([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?/g;
 const langData = require('cldr-core/supplemental/likelySubtags.json');
+const idregx = '([0-9a-fA-F]{10})';
 
 module.exports = function(app) {
   app.use(function(req, res, next) {
@@ -82,22 +82,21 @@ module.exports = function(app) {
     next();
   });
   app.use(bodyParser.json());
-  app.use(validation.middleware);
   app.get('/', pages.index);
   app.get('/legal', pages.legal);
   app.get('/jsconfig.js', require('./jsconfig'));
-  app.get('/share/:id', pages.blank);
-  app.get('/download/:id', pages.download);
+  app.get(`/share/:id${idregx}`, pages.blank);
+  app.get(`/download/:id${idregx}`, pages.download);
   app.get('/completed', pages.blank);
   app.get('/unsupported/:reason', pages.unsupported);
-  app.get('/api/download/:id', require('./download'));
-  app.get('/api/exists/:id', require('./exists'));
-  app.get('/api/metadata/:id', require('./metadata'));
+  app.get(`/api/download/:id${idregx}`, require('./download'));
+  app.get(`/api/exists/:id${idregx}`, require('./exists'));
+  app.get(`/api/metadata/:id${idregx}`, require('./metadata'));
   app.post('/api/upload', require('./upload'));
-  app.post('/api/delete/:id', require('./delete'));
-  app.post('/api/password/:id', require('./password'));
-  app.post('/api/params/:id', require('./params'));
-  app.post('/api/info/:id', require('./info'));
+  app.post(`/api/delete/:id${idregx}`, require('./delete'));
+  app.post(`/api/password/:id${idregx}`, require('./password'));
+  app.post(`/api/params/:id${idregx}`, require('./params'));
+  app.post(`/api/info/:id${idregx}`, require('./info'));
 
   app.get('/__version__', function(req, res) {
     res.sendFile(require.resolve('../../dist/version.json'));
diff --git a/server/validation.js b/server/validation.js
deleted file mode 100644
index 5707e29f..00000000
--- a/server/validation.js
+++ /dev/null
@@ -1,12 +0,0 @@
-function validateID(route_id) {
-  return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
-}
-
-module.exports = {
-  middleware: function(req, res, next) {
-    if (req.params.id && !validateID(req.params.id)) {
-      return res.sendStatus(404);
-    }
-    next();
-  }
-};