Hot fix: regex pattern for resource & id

gslack-app · Apr 23, 2020 · 09c4f4f · 09c4f4f
1 parent 7212e13
commit 09c4f4f
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 10 deletions.
diff --git a/docs/api.md b/docs/api.md
@@ -177,7 +177,11 @@ JSON Payload
   }
 ```
 
-The successful result contain a JSON object describing the created resource.
+### Return Value
+
+The successful result contain an array of created object.
+
+UPDATE.
 
 ## Update (POST)
 
@@ -202,7 +206,9 @@ JSON Payload
 }
 ```
 
-The successful result contain a JSON object describing the updated resource.
+### Return Value
+
+The successful result contain an array of updated object.
 
 ## Delete (POST)
 
@@ -218,6 +224,10 @@ POST https://<script_url>?url=/api/v1/delete/<resource-name>/id
 POST https://<script_url>?url=/api/v1/delete/contacts/101
 ```
 
+### Return Value
+
+The successful result contain an array of deleted object.
+
 ## Bulk Create/Update/Delete (POST)
 
 Sheet API that allows a user to send a collection of `resource` in single request using param `batch=1`
@@ -265,4 +275,7 @@ for `Delete` action, the request body should be the array of resource id
 [101, 102]
 ```
 
+### Return Value
+
+The successful result contain an array of created/updateddeleted objects.
 
diff --git a/docs/resources.md b/docs/resources.md
@@ -32,10 +32,9 @@ Every sheet has a primary column. This column is mandatory and cannot be deleted
 
 ## Naming Syntax
 
-- The name must be unique within a single sheet.
-- A worksheet name cannot exceed 31 characters.
-- You can use all alphanumeric characters but not the following special characters: \ , / , ** , ? , : , [ , ].
-- You can use spaces, underscores (_) and periods (.) in the name as word separators.
+- An identifier must begin with a letter, an underscore. The remaining part of identifier can contain letters, digits, ( _ ), ( - ), ( . ) and ( @ ).
+- Whitespaces are not allowed. Neither it can have symbols other than letter, digits, ( _ ), ( - ), ( . ) and ( @ ).
+- The maximum length of a valid name is 36 characters.
 
 ## Primary Column Properties
 

diff --git a/www/api-gatekeeper.ts b/www/api-gatekeeper.ts
@@ -55,7 +55,7 @@ export class ApiGatekeeper extends HttpFilter {
         }
 
         // Authorization check
-        let apiRegex = /^\/api\/v1\/(?<action>(create|update|delete))?\/?(?<resource>[\w\-_]+)\/?(?<id>[\w\-_@\.]+)?\/?$/i;
+        let apiRegex = /^\/api\/v1\/(?<action>(create|update|delete))?\/?(?<resource>[^\s\/]{2,36})\/?(?<id>[^\s\/]{2,36})?(\/|$)/i;
         let authorized = apiRegex.test(req.url);
         if (authorized) {
             let { groups: { action, resource } } = apiRegex.exec(req.url);

diff --git a/www/app.ts b/www/app.ts
@@ -107,15 +107,15 @@ function getConfig(): WebConfig {
                 method: 'GET',
                 handler: 'ApiServlet',
                 patterns: [
-                    /^\/api\/v1\/(?<resource>[\w\-_]+)\/?(?<id>[\w\-_@\.]+)?\/?$/i
+                    /^\/api\/v1\/(?<resource>[^\s\/]{2,36})\/?(?<id>[^\s\/]{2,36})?(\/|$)/i
                 ]
             },
             {
                 method: 'POST',
                 handler: 'ApiServlet',
                 patterns: [
-                    /^\/api\/v1\/(?<action>(create))\/(?<resource>[\w\-_]+)\/?$/i,
-                    /^\/api\/v1\/(?<action>(update|delete))\/(?<resource>[\w\-_]+)\/?(?<id>[\w\-_@\.]+)?\/?$/i
+                    /^\/api\/v1\/(?<action>(create))\/(?<resource>[^\s\/]{2,36})(\/|$)/i,
+                    /^\/api\/v1\/(?<action>(update|delete))\/(?<resource>[^\s\/]{2,36})\/?(?<id>[^\s\/]{2,36})?(\/|$)/i
                 ]
             }
         ],