basiqio-oss · basiq-ash · Aug 6, 2024 · Aug 6, 2024 · Aug 6, 2024
diff --git a/pages/api/accounts.js b/pages/api/accounts.js
@@ -1,25 +1,31 @@
 const axios = require('axios');
 const { getBasiqAuthorizationHeader } = require('../../serverAuthentication');
+const { validateUserId } = require('../../utils/validation');
 
 /**
  * This API endpoint retrieves a list of accounts. Each entry in the array is a separate account object.
  *
  * https://api.basiq.io/reference/list-all-accounts
  */
 
-export default async function accounts(req, res) {
+const accounts = async (req, res) => {
+
   const { userId } = req.query;
+
+  // Validate the userId query parameter
+  if (!validateUserId(userId)) {
+    res.status(400).json({ message: 'Invalid userId' });
+    return;
+  }
+
   try {
-    const { data } = await axios.get(
-      `https://au-api.basiq.io/users/${userId}/accounts`,
-      {
-        headers: {
-          Authorization: await getBasiqAuthorizationHeader(),
-          Accept: 'application/json',
-          'Content-Type': 'application/json',
-        },
-      }
-    );
+    const { data } = await axios.get(`https://au-api.basiq.io/users/${userId}/accounts`, {
+      headers: {
+        Authorization: await getBasiqAuthorizationHeader(),
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+      },
+    });
 
     const sortedAccounts = data.data
       .map(account => {
@@ -38,4 +44,6 @@ export default async function accounts(req, res) {
   } catch (error) {
     res.status(400).json({ message: error.message });
   }
-}
+};
+
+module.exports = accounts;
diff --git a/pages/api/client-token.js b/pages/api/client-token.js
@@ -1,17 +1,26 @@
 const { getNewClientToken } = require('../../serverAuthentication');
+const { validateUserId } = require('../../utils/validation');
 
 /**
  * This API endpoint retrieves a Basiq API token with the scope of `CLIENT_ACCESS`
  *
  * https://api.basiq.io/reference/authentication
  */
 
-export default async function clientToken(req, res) {
+const clientToken = async (req, res) => {
   const { userId } = req.query;
+
+  // Validate the userId query parameter
+  if (!validateUserId(userId)) {
+    res.status(400).json({ message: 'Invalid userId' });
+    return;
+  }
   try {
     const clientToken = await getNewClientToken(userId);
     res.status(200).json(clientToken);
   } catch (error) {
     res.status(400).json({ message: error.message });
   }
-}
+};
+
+module.exports = clientToken;
diff --git a/pages/api/create-user.js b/pages/api/create-user.js
@@ -1,14 +1,22 @@
 const axios = require('axios');
 const { getBasiqAuthorizationHeader } = require('../../serverAuthentication');
+const { validateEmail } = require('../../utils/validation');
+
 
 /**
  * This API endpoint creates a user, which gives you a "bucket" to store all your financial data.
  *
  * https://api.basiq.io/reference/create-a-user
  */
 
-export default async function createUser(req, res) {
+const createUser = async (req, res) => {
   if (req.method === 'POST') {
+    const { email } = req.body;
+    // Validate the request body fields
+    if (!validateEmail(email)) {
+      res.status(400).json({ message: 'Invalid email' });
+      return;
+    }
     try {
       const { data } = await axios({
         method: 'post',
@@ -28,4 +36,6 @@ export default async function createUser(req, res) {
     // Only POST is allowed
     res.status(400).json({ message: 'Invalid method' });
   }
-}
+};
+
+module.exports = createUser;
diff --git a/pages/api/institutions.js b/pages/api/institutions.js
@@ -7,7 +7,7 @@ const { getBasiqAuthorizationHeader } = require('../../serverAuthentication');
  * https://api.basiq.io/reference/list-all-institutions
  */
 
-export default async function institutions(req, res) {
+const institutions = async (req, res) => {
   try {
     const { data } = await axios.get('https://au-api.basiq.io/institutions', {
       headers: {
@@ -36,4 +36,6 @@ export default async function institutions(req, res) {
   } catch (error) {
     res.status(400).json({ message: error.message });
   }
-}
+};
+
+module.exports = institutions;
diff --git a/utils/validation.js b/utils/validation.js
@@ -0,0 +1,12 @@
+export const userIdRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+export const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; 
+
+export const validateUserId = (userId) => {
+  return userIdRegex.test(userId);
+};
+
+export const validateEmail = (email) => {
+    return emailRegex.test(email);
+};
+
+