validate sign up request body in mobile sign-up router

packages/api/src/routers/auth/auth_router.ts

@@ -54,6 +54,15 @@ import {
 import { createWebAuthToken } from './jwt_helpers'
 import { createSsoToken, ssoRedirectURL } from '../../utils/sso'
 
+export interface SignupRequest {
+  email: string
+  password: string
+  name: string
+  username: string
+  bio?: string
+  pictureUrl?: string
+}
+
 const logger = buildLogger('app.dispatch')
 const signToken = promisify(jwt.sign)
 
@@ -62,6 +71,19 @@ const cookieParams = {
   maxAge: 365 * 24 * 60 * 60 * 1000,
 }
 
+export const isValidSignupRequest = (obj: any): obj is SignupRequest => {
+  return (
+    'email' in obj &&
+    obj.email.trim().length > 0 && // email must not be empty
+    'password' in obj &&
+    obj.password.length >= 8 && // password must be at least 8 characters
+    'name' in obj &&
+    obj.name.trim().length > 0 && // name must not be empty
+    'username' in obj &&
+    obj.username.trim().length > 0 // username must not be empty
+  )
+}
+
 export function authRouter() {
   const router = express.Router()
 
@@ -443,26 +465,6 @@ export function authRouter() {
     '/email-signup',
     cors<express.Request>(corsConfig),
     async (req: express.Request, res: express.Response) => {
-      interface SignupRequest {
-        email: string
-        password: string
-        name: string
-        username: string
-        bio?: string
-        pictureUrl?: string
-      }
-      function isValidSignupRequest(obj: any): obj is SignupRequest {
-        return (
-          'email' in obj &&
-          obj.email.trim().length > 0 && // email must not be empty
-          'password' in obj &&
-          obj.password.length >= 8 && // password must be at least 8 characters
-          'name' in obj &&
-          obj.name.trim().length > 0 && // name must not be empty
-          'username' in obj &&
-          obj.username.trim().length > 0 // username must not be empty
-        )
-      }
       if (!isValidSignupRequest(req.body)) {
         return res.redirect(
           `${env.client.url}/auth/email-signup?errorCodes=INVALID_CREDENTIALS`

packages/api/src/routers/auth/mobile/mobile_auth_router.ts

@@ -32,13 +32,8 @@ export function mobileAuthRouter() {
   })
 
   router.post('/email-sign-up', async (req, res) => {
-    const { email, password, username, name } = req.body
-    const payload = await createMobileEmailSignUpResponse(
-      email,
-      password,
-      username,
-      name
-    )
+    const payload = await createMobileEmailSignUpResponse(req.body)
+
     res.status(payload.statusCode).json(payload.json)
   })
 

packages/api/src/routers/auth/mobile/sign_up.ts

@@ -11,6 +11,7 @@ import { createPendingUserToken, suggestedUsername } from '../jwt_helpers'
 import UserModel from '../../../datalayer/user'
 import { hashPassword } from '../../../utils/auth'
 import { createUser } from '../../../services/create_user'
+import { isValidSignupRequest } from '../auth_router'
 
 export async function createMobileSignUpResponse(
   isAndroid: boolean,
@@ -45,15 +46,13 @@ export async function createMobileSignUpResponse(
 }
 
 export async function createMobileEmailSignUpResponse(
-  email?: string,
-  password?: string,
-  username?: string,
-  name?: string
+  requestBody: any
 ): Promise<JsonResponsePayload> {
   try {
-    if (!email || !password || !username || !name) {
+    if (!isValidSignupRequest(requestBody)) {
       throw new Error('Missing username, password, name, or username')
     }
+    const { email, password, name, username } = requestBody
 
     // trim whitespace in email address
     const trimmedEmail = email.trim()