lucien/tanuki-s-forum
1
0
Fork 0
generated from lucien/api-template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: fixed sql injections

Browse source
This commit is contained in:
Lukian 2025-03-25 18:30:52 +01:00
parent 48503a4c9c
commit c34df6609c
3 changed files with 129 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

20
back/api/auth.js
View file

@ -7,6 +7,11 @@ const router = express.Router();
router.post('/login', async (req, res) => {
const { username, password } = req.body;
if (!username || !password) {
return res.status(400).send({ error: 'Invalid username or password' });
}
const connection = await getConnection();
const user = await getUserByUsername(connection, username);
connection.end();
@ -25,6 +30,11 @@ router.post('/register', async (req, res) => {
const { username, password } = req.body;
const connection = await getConnection();
if (!username || !password) {
connection.end();
return res.status(400).send({ error: 'Invalid username or password' });
}
const user = await getUserByUsername(connection, username);
if (user[0]) {
connection.end();
@ -44,7 +54,17 @@ router.post('/register', async (req, res) => {
router.post('/me', async (req, res) => {
const { token } = req.body;
if (!token) {
return res.status(400).send({ error: 'Invalid token' });
}
const decoded = jwt.verify(token, process.env.JWT_SECRET);
if (!decoded.id) {
return res.status(400).send({ error: 'Invalid token' });
}
const connection = await getConnection();
const users = await getUser(connection, decoded.id);
connection.end();

10
back/api/channels.js
View file

@ -62,6 +62,11 @@ router.post('/:name/messages/send', async (req, res) => {
router.post('/:name/messages/delete', async (req, res) => {
const { token, message_id } = req.body;
const name = req.params.name;
if (!message_id || !token) {
return res.status(400).send({ error: 'Missing parameters' });
}
const connection = await getConnection();
const decoded = jwt.verify(token, process.env.JWT_SECRET);
@ -89,6 +94,11 @@ router.post('/:name/messages/delete', async (req, res) => {
router.post('/add', async (req, res) => {
const { name, description, token } = req.body;
if (!name || !description || !token) {
return res.status(400).send({ error: 'Missing parameters' });
}
const connection = await getConnection();
const decoded = jwt.verify(token, process.env.JWT_SECRET);