From 92b64bd9a9aca3a4dd28ef766d99c596cad471a6 Mon Sep 17 00:00:00 2001
From: jackkav <jackkav@gmail.com>
Date: Tue, 9 Jan 2024 11:16:36 +0100
Subject: [PATCH] validate

---
 lib/routes/bins/update.js | 37 ++++++++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/lib/routes/bins/update.js b/lib/routes/bins/update.js
index ec71c2bb..c92e0693 100644
--- a/lib/routes/bins/update.js
+++ b/lib/routes/bins/update.js
@@ -1,15 +1,13 @@
 const debug = require("debug")("mockbin");
 const validate = require("har-validator");
+const path = require("path");
 
 module.exports = function (req, res, next) {
 	const id = req.params.uuid;
+	const path = req.params[0];
+	const compoundId = id + path;
+
 	let mock = req.jsonBody;
-	if (!mock) {
-		res.body = {
-			errors: "Response HAR is required",
-		};
-		next();
-	}
 
 	// overritten by application/x-www-form-urlencoded or multipart/form-data
 	if (req.simple.postData.text) {
@@ -19,6 +17,26 @@ module.exports = function (req, res, next) {
 			debug(e);
 		}
 	}
+	if (!mock) {
+		res.status(400);
+		res.body = {
+			errors: "Response HAR is required",
+		};
+		next();
+		return;
+	}
+
+	const isAlphanumericAndSlashes = /^[a-zA-Z0-9\/]+$/i.test(path);
+	const isPathSupported = isAlphanumericAndSlashes && !path.includes("//");
+
+	if (path && !isPathSupported) {
+		res.status(400);
+		res.body = {
+			errors: `Unsupported path ${path}`,
+		};
+		next();
+		return;
+	}
 
 	// provide optional values before validation
 	mock.redirectURL = "";
@@ -35,13 +53,6 @@ module.exports = function (req, res, next) {
 		.response(mock)
 		.then(
 			function () {
-				const path = req.params[0];
-				const isPathSupported =
-					/^[a-zA-Z0-9\/]+$/i.test(path) && !path.includes("//");
-				if (path && !isPathSupported) {
-					throw new Error(`Unsupported path: ${path}`);
-				}
-				const compoundId = id + path;
 				this.client.set(`bin:${compoundId}`, JSON.stringify(mock));
 
 				res.view = "redirect";