janis/notes-react
1
0
Fork 0
mirror of https://github.com/DerTyp7/notes-react.git synced 2025-10-29 04:22:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

added secure id

Browse Source
This commit is contained in:
j.mei7
2022-04-03 20:10:29 +02:00
parent 9b77bdfdf9
commit 7442a26d9f
3 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
express_backend/database.db
View File

Binary file not shown.

13
express_backend/securePostData.js
View File

@@ -8,6 +8,17 @@ function decode(text){
return text;
}
function secureId(id){
id = id.replace(/'/g, "");
// Regex test if id is a number
let regexPattern = /^[0-9]*$/;
if(!regexPattern.test(id)){
return "";
}
return id;
}
module.exports = {
secure, decode
secure, decode, secureId
}

26
express_backend/server.js
View File

@@ -23,8 +23,8 @@ app.use(function(req, res, next) {
app.listen(port, () => console.log(`Listening on port ${port}`));
app.get('/idea/get/:id', (req, res) => {
db.all(`SELECT * FROM ideas WHERE id = ${req.params.id}`, (err, rows) => {
let id = securePostData.secureId(req.params.id)
db.all(`SELECT * FROM ideas WHERE id = ${id}`, (err, rows) => {
if (err) {
res.send({title: "Error", content: "Error fetching idea"});
}else{
@@ -58,6 +58,7 @@ app.get('/ideas', (req, res) => {
app.post('/idea/update/:id', (req, res) => {
let id = securePostData.secureId(req.params.id)
// Validate POST
if(!req.body.title || req.body.title.replace(/\s/g, '').length === 0){
@@ -83,11 +84,7 @@ app.post('/idea/update/:id', (req, res) => {
let title = securePostData.secure(req.body.title);
let content = securePostData.secure(req.body.content);
db.run(`UPDATE ideas SET title = '${title}', content = '${content}' WHERE id = ${req.params.id}`, (err) => {
db.run(`UPDATE ideas SET title = '${title}', content = '${content}' WHERE id = ${id}`, (err) => {
if (err) {
res.send({title: "Error", type:"saving", message: "Error updating idea"});
}else{
@@ -113,4 +110,17 @@ app.get('/idea/create', (req, res) => {
});
}
});
});
});
// delete idea
app.get('/idea/delete/:id', (req, res) => {
let id = securePostData.secureId(req.params.id)
db.run(`DELETE FROM ideas WHERE id = ${id}`, (err) => {
if (err) {
res.send({title: "Error", type:"delete", message: "Error deleting idea"});
}else{
res.send({title: "Success", type:"delete", message: "Idea deleted"});
}
});
});