login web endpoint fastify body schema validation (#2653)

* feat: add body schema validation to login endpoint

#2623

When a request is made, the following error is displayed on log
error--- Promise may not be fulfilled with 'undefined' when statusCode is not 204

https://github.com/fastify/fastify/pull/2702

* feat: add body schema validation to resetPassword endpoint

Co-authored-by: Juan Picado <juanpicado19@gmail.com>

packages/core/server/src/routes/web/api/login.ts

@@ -6,70 +6,104 @@ import { JWTSignOptions } from '@verdaccio/types';
 import { validatePassword } from '@verdaccio/utils';
 
 const debug = buildDebug('verdaccio:api:login');
+const loginBodySchema = {
+  body: {
+    type: 'object',
+    required: ['username', 'password'],
+    additionalProperties: false,
+    properties: {
+      username: { type: 'string' },
+      password: { type: 'string' },
+    },
+  },
+};
+
+const resetPasswordSchema = {
+  body: {
+    type: 'object',
+    required: ['password'],
+    additionalProperties: false,
+    properties: {
+      password: { type: 'string' },
+    },
+  },
+};
 
 async function loginRoute(fastify: FastifyInstance) {
-  fastify.post('/login', async (request, reply) => {
+  fastify.post(
-    // @ts-expect-error
+    '/login',
-    const { username, password } = request.body;
+    {
-    debug('authenticate %o', username);
+      schema: loginBodySchema,
-    fastify.auth.authenticate(
+    },
-      username,
+    async (request, reply) => {
-      password,
+      // @ts-expect-error
-      async function callbackAuthenticate(err, user): Promise<void> {
+      const { username, password } = request.body;
-        if (err) {
+      debug('authenticate %o', username);
-          const errorCode = err.message
+      fastify.auth.authenticate(
-            ? fastify.statusCode.UNAUTHORIZED
+        username,
-            : fastify.statusCode.INTERNAL_ERROR;
+        password,
-          reply.send(fastify.errorUtils.getCode(errorCode, err.message));
+        async function callbackAuthenticate(err, user): Promise<void> {
-        } else {
+          if (err) {
-          const jWTSignOptions: JWTSignOptions = fastify.configInstance.security.web.sign;
+            const errorCode = err.message
-          debug('jwtSignOptions: %o', jWTSignOptions);
+              ? fastify.statusCode.UNAUTHORIZED
-          const token = await fastify.auth.jwtEncrypt(user, jWTSignOptions);
+              : fastify.statusCode.INTERNAL_ERROR;
-          reply.code(fastify.statusCode.OK).send({ token, username });
+            reply.send(fastify.errorUtils.getCode(errorCode, err.message));
-        }
-      }
-    );
-  });
-
-  fastify.put('/reset_password', async (request, reply) => {
-    if (_.isNil(request.userRemote.name)) {
-      reply.send(
-        fastify.errorUtils.getCode(
-          fastify.statusCode.UNAUTHORIZED,
-          fastify.errorUtils.API_ERROR.MUST_BE_LOGGED
-        )
-      );
-    }
-    // @ts-ignore
-    const { password } = request.body;
-    const { name } = request.userRemote;
-
-    if (validatePassword(password.new) === false) {
-      fastify.auth.changePassword(
-        name as string,
-        password.old,
-        password.new,
-        (err, isUpdated): void => {
-          if (_.isNil(err) && isUpdated) {
-            reply.code(fastify.statusCode.OK);
           } else {
-            reply.send(
+            const jWTSignOptions: JWTSignOptions = fastify.configInstance.security.web.sign;
-              fastify.errorUtils.getInternalError(
+            debug('jwtSignOptions: %o', jWTSignOptions);
-                fastify.errorUtils.API_ERROR.INTERNAL_SERVER_ERROR
+            const token = await fastify.auth.jwtEncrypt(user, jWTSignOptions);
-              )
+            reply.code(fastify.statusCode.OK).send({ token, username });
-            );
           }
         }
       );
-    } else {
-      reply.send(
-        fastify.errorUtils.getCode(
-          fastify.statusCode.BAD_REQUEST,
-          fastify.errorUtils.APP_ERROR.PASSWORD_VALIDATION
-        )
-      );
     }
-  });
+  );
+
+  fastify.put(
+    '/reset_password',
+    {
+      schema: resetPasswordSchema,
+    },
+    async (request, reply) => {
+      if (_.isNil(request.userRemote.name)) {
+        reply.send(
+          fastify.errorUtils.getCode(
+            fastify.statusCode.UNAUTHORIZED,
+            fastify.errorUtils.API_ERROR.MUST_BE_LOGGED
+          )
+        );
+      }
+      // @ts-ignore
+      const { password } = request.body;
+      const { name } = request.userRemote;
+
+      if (validatePassword(password.new) === false) {
+        fastify.auth.changePassword(
+          name as string,
+          password.old,
+          password.new,
+          (err, isUpdated): void => {
+            if (_.isNil(err) && isUpdated) {
+              reply.code(fastify.statusCode.OK);
+            } else {
+              reply.send(
+                fastify.errorUtils.getInternalError(
+                  fastify.errorUtils.API_ERROR.INTERNAL_SERVER_ERROR
+                )
+              );
+            }
+          }
+        );
+      } else {
+        reply.send(
+          fastify.errorUtils.getCode(
+            fastify.statusCode.BAD_REQUEST,
+            fastify.errorUtils.APP_ERROR.PASSWORD_VALIDATION
+          )
+        );
+      }
+    }
+  );
   // });
 }
 export default loginRoute;