From 3be94dd83caaf47bf82cedb7e82dafef65c802d9 Mon Sep 17 00:00:00 2001
From: Vignesh <vignesh@pillarproject.io>
Date: Wed, 28 Feb 2024 13:47:33 +0530
Subject: [PATCH] added api key formats to all sql operations

---
 backend/src/routes/admin.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backend/src/routes/admin.ts b/backend/src/routes/admin.ts
index b78d053..0e9f120 100644
--- a/backend/src/routes/admin.ts
+++ b/backend/src/routes/admin.ts
@@ -112,6 +112,8 @@ const adminRoutes: FastifyPluginAsync = async (server) => {
       if (!body) return reply.code(ReturnCode.FAILURE).send({ error: ErrorMessage.EMPTY_BODY });
       if (!body.API_KEY)
         return reply.code(ReturnCode.FAILURE).send({ error: ErrorMessage.INVALID_DATA });
+      if (!/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*-_&])[A-Za-z\d@$!%*-_&]{8,}$/.test(body.API_KEY))
+        return reply.code(ReturnCode.FAILURE).send({ error: ErrorMessage.API_KEY_VALIDATION_FAILED })
       const result: any[] = await new Promise((resolve, reject) => {
         server.sqlite.db.get("SELECT * FROM api_keys WHERE API_KEY=?", [body.API_KEY], (err: any, row: any) => {
           if (err) reject(err);
@@ -164,6 +166,8 @@ const adminRoutes: FastifyPluginAsync = async (server) => {
       if (!body) return reply.code(ReturnCode.FAILURE).send({ error: ErrorMessage.EMPTY_BODY });
       if (!body.API_KEY)
         return reply.code(ReturnCode.FAILURE).send({ error: ErrorMessage.INVALID_DATA });
+      if (!/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*-_&])[A-Za-z\d@$!%*-_&]{8,}$/.test(body.API_KEY))
+        return reply.code(ReturnCode.FAILURE).send({ error: ErrorMessage.API_KEY_VALIDATION_FAILED })
       await new Promise((resolve, reject) => {
         server.sqlite.db.run("DELETE FROM api_keys WHERE API_KEY=?", [body.API_KEY], (err: any, rows: any) => {
           if (err) reject(err);