added socket-io to clib, fixed incorrect deep.equal in tests

lib/session.js

@@ -134,7 +134,6 @@ function Session(data, store, sockets, rawSockets) {
 	}
 
 	this.emitToUsers = function(collection, query, event, data) {
-		console.info('EMIT TO USERS');
 		collection.get(query, function(users) {
 			var userSession;
 			// TODO: arguments in weird order

lib/validation.js

@@ -0,0 +1,156 @@
+/**
+ * Dependencies
+ */
+ 
+var revalidator = require('revalidator')
+  , propertyTypes = require('./property-types')
+  , types = require('./types')
+;
+
+/**
+ * Validate the attached resource and request.
+ */
+ 
+module.exports = function (req, res, next) {
+  var method = req.method
+    , resource = req.resource
+    , validation
+    , err
+    , sanitized = {}
+    , type = types[resource.type]
+  ;
+  
+  // inherit types prior to validation
+  if(type && type.properties && resource.properties) {
+    Object.keys(type.properties).forEach(function (key) {
+      !resource.properties[key] && (resource.properties[key] = type.properties[key]);
+    })
+  }
+  
+  // local should skip validation
+  if(!req.isRemote) return next();
+  
+  // root can get anything
+  if(req.method === 'GET' && req.isRoot) return next();
+  
+  // skip without a resource
+  if(!resource) return next({error: 'Could not find a resource to validate.', status: 404});
+  
+  // default _id to current user when logging out
+  if(!req.isRoot && resource.type === 'UserCollection' && req.url.indexOf('/logout') === req.url.lastIndexOf('/')) {
+    if(!req.session) return next({status: 404});
+    req.query._id = req.session._id;
+    return next();
+  }
+  
+  // if modifying data, require an id
+  if(!req.isRoot && (req.method === 'PUT' || req.method === 'DELETE') && (!req.query || !req.query._id)) {
+    return next({error: 'An _id must be included when modifying a resource.'});      
+  }
+  
+  // if trying to write data
+  if((method === 'POST' || method === 'PUT') && req.body && resource && resource.properties) {
+    // sanitize data
+    var keys = Object.keys(resource.properties);
+
+    if (method === 'PUT') { keys = Object.keys(req.body); }
+
+    keys.forEach(function (key) {
+      if (!resource.properties[key]) { return; }
+
+      if (req.body[key] === '') {
+        sanitized[key] = null;
+      } else if (resource.properties[key].type === 'number' && typeof req.body[key] === 'string') {
+        var parsed = parseInt(req.body[key]);
+        sanitized[key] = isNaN(parsed) ? req.body[key] : parsed;
+      } else if (resource.properties[key].type === 'date' && req.body[key]) {
+        try {
+          sanitized[key] = new Date(req.body[key]).toISOString();
+        } catch(e) {
+          sanitized[key] = 'invalid date';
+        }
+      } else if (resource.properties[key].type === 'boolean' && !req.body[key]) {
+        sanitized[key] = false;
+      } else {
+        sanitized[key] = req.body[key];
+      }
+      
+    })
+    
+    // validate login separately
+    if(resource.type === 'UserCollection' && req.url.indexOf('/login') === req.url.lastIndexOf('/')) {
+      // explicitely sanitize login data
+      sanitized = {
+        email: req.body.email,
+        password: req.body.password
+      };
+
+      return next();
+    }
+    
+    // replace input with sanitized data
+    req.body = req.data = sanitized;
+
+    var revalidatorHash = {};
+    Object.keys(sanitized).forEach(function (key) {
+      if (!(resource.properties[key].optional && req.body[key] == null)) {
+        var prop = {};
+        var type = resource.properties[key].type;
+        Object.keys(propertyTypes[type]).forEach(function(ruleKey) {
+          prop[ruleKey] = propertyTypes[type][ruleKey];
+        });
+        if (!resource.properties[key].optional) {
+          prop.required = true;
+        }
+
+        revalidatorHash[key] = prop;
+      }
+    });
+
+    // validate JSON
+    validation = revalidator.validate(req.body, {properties: revalidatorHash});
+    err = validation.valid ? err : transform(validation);
+    
+    next(err);
+  } else {
+    // continue
+    next(err);
+  }
+
+}
+
+/**
+ * Transform revalidator errors into human redable errors.
+ */
+
+function transform(validation) {
+  var err = {}
+    , errors = validation.errors
+    , e
+    , prop
+  ;
+  
+  for(var i = 0, len = errors.length; i < len; i++) {
+    e = errors[i];
+    prop = e.property;
+    
+    switch(e.attribute) {
+      case 'type':
+        err[prop] = 'must be a ' + e.expected;
+      break;
+      case 'required':
+        err[prop] = 'is required';
+      break;
+      default:
+        err[prop] = 'is not valid'
+      break;
+    }
+  }
+  
+  // rename and add human readable errors
+  // validation.validation = validation.errors;
+  delete validation.valid;
+  validation.errors = err;
+  
+  return validation;
+}

test/config-loader.unit.js

@@ -60,8 +60,8 @@ describe('config-loader', function() {
         var resources = JSON.parse(fs.readFileSync(resourcePath));
 
         expect(Object.keys(resources)).to.have.length(2);
-        expect(resources['123']).to.deep.equal(resource1);
-        expect(resources['456']).to.deep.equal(resource2);
+        expect(resources['123']).to.eql(resource1);
+        expect(resources['456']).to.eql(resource2);
 
         done(err);
       });

test/resources.unit.js

@@ -108,7 +108,7 @@ describe('InternalResources', function() {
 
       config.saveConfig({'123': q, '456': q2}, configPath, function() {
         test.ir.handle({req: {method: 'GET', url: '/__resources/456'}, url: '/456', done: function(err, result) {
-          expect(result).to.deep.eql(q2);
+          expect(result).to.eql(q2);
           done();
         }}, function() {
           throw Error("next called");