lucien/tanuki-s-forum
1
0
Fork 0
generated from lucien/api-template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: fixed sql injections

Browse source
This commit is contained in:
Lukian 2025-03-25 18:30:52 +01:00
parent 48503a4c9c
commit c34df6609c
3 changed files with 129 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

20
back/api/auth.js
View file

@ -7,6 +7,11 @@ const router = express.Router();
router.post('/login', async (req, res) => {
const { username, password } = req.body;
if (!username || !password) {
return res.status(400).send({ error: 'Invalid username or password' });
}
const connection = await getConnection();
const user = await getUserByUsername(connection, username);
connection.end();
@ -25,6 +30,11 @@ router.post('/register', async (req, res) => {
const { username, password } = req.body;
const connection = await getConnection();
if (!username || !password) {
connection.end();
return res.status(400).send({ error: 'Invalid username or password' });
}
const user = await getUserByUsername(connection, username);
if (user[0]) {
connection.end();
@ -44,7 +54,17 @@ router.post('/register', async (req, res) => {
router.post('/me', async (req, res) => {
const { token } = req.body;
if (!token) {
return res.status(400).send({ error: 'Invalid token' });
}
const decoded = jwt.verify(token, process.env.JWT_SECRET);
if (!decoded.id) {
return res.status(400).send({ error: 'Invalid token' });
}
const connection = await getConnection();
const users = await getUser(connection, decoded.id);
connection.end();