From 7442a26d9f2b69fd02e86fb28d6d3570640750dd Mon Sep 17 00:00:00 2001
From: "j.mei7" <janis.meister87@gmail.com>
Date: Sun, 3 Apr 2022 20:10:29 +0200
Subject: [PATCH] added secure id

---
 express_backend/database.db       | Bin 212992 -> 212992 bytes
 express_backend/securePostData.js |  13 ++++++++++++-
 express_backend/server.js         |  26 ++++++++++++++++++--------
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/express_backend/database.db b/express_backend/database.db
index 7b07dff9686b165af713706ec4224a457ea2034c..96ae0500bcd69689502a197dba8411b466d8c64b 100644
GIT binary patch
delta 80
zcmZo@;B9E&ogmHVI#I@%(RE|OGJZzW$?O7(to+|P{(5fi7mQ%s+$uPohlRhEL2|Q#
k+yzDfPI1|g%n}Yk76w7Vl;WbaCWSTy#x@0}WeUs+0LE<=DgXcg

delta 82
zcmV-Y0ImOkfDM3v4UiiFM3Edr0YtH2rVjxelLrtX1r8jD{YkTr5m*7Ug%Otw0v8dJ
oP#zewHXgbG5EB<2RB3c<Wgs9RVRK}|se&MeAOVIT0;V7XAm&*YzW@LL

diff --git a/express_backend/securePostData.js b/express_backend/securePostData.js
index 6522bf3..eb3f907 100644
--- a/express_backend/securePostData.js
+++ b/express_backend/securePostData.js
@@ -8,6 +8,17 @@ function decode(text){
     return text;
 }
 
+function secureId(id){
+    id = id.replace(/'/g, "");
+    // Regex test if id is a number
+    let regexPattern = /^[0-9]*$/;
+    if(!regexPattern.test(id)){
+        return "";
+    }
+
+    return id;
+}
+
 module.exports = {
-    secure, decode
+    secure, decode, secureId
 }
\ No newline at end of file
diff --git a/express_backend/server.js b/express_backend/server.js
index e665aff..b70e78e 100644
--- a/express_backend/server.js
+++ b/express_backend/server.js
@@ -23,8 +23,8 @@ app.use(function(req, res, next) {
 app.listen(port, () => console.log(`Listening on port ${port}`));
 
 app.get('/idea/get/:id', (req, res) => {
-
-    db.all(`SELECT * FROM ideas WHERE id = ${req.params.id}`, (err, rows) => {
+    let id = securePostData.secureId(req.params.id)
+    db.all(`SELECT * FROM ideas WHERE id = ${id}`, (err, rows) => {
         if (err) {
             res.send({title: "Error", content: "Error fetching idea"});
         }else{
@@ -58,6 +58,7 @@ app.get('/ideas', (req, res) => {
 
 
 app.post('/idea/update/:id', (req, res) => {
+    let id = securePostData.secureId(req.params.id)
 
     // Validate POST
     if(!req.body.title || req.body.title.replace(/\s/g, '').length === 0){
@@ -83,11 +84,7 @@ app.post('/idea/update/:id', (req, res) => {
     let title = securePostData.secure(req.body.title);
     let content = securePostData.secure(req.body.content);
 
-
-
-
-
-    db.run(`UPDATE ideas SET title = '${title}', content = '${content}' WHERE id = ${req.params.id}`, (err) => {
+    db.run(`UPDATE ideas SET title = '${title}', content = '${content}' WHERE id = ${id}`, (err) => {
         if (err) {
             res.send({title: "Error", type:"saving", message: "Error updating idea"});
         }else{
@@ -113,4 +110,17 @@ app.get('/idea/create', (req, res) => {
             });
         }
     });
-});
\ No newline at end of file
+});
+
+
+// delete idea
+app.get('/idea/delete/:id', (req, res) => {
+    let id = securePostData.secureId(req.params.id)
+    db.run(`DELETE FROM ideas WHERE id = ${id}`, (err) => {
+        if (err) {
+            res.send({title: "Error", type:"delete", message: "Error deleting idea"});
+        }else{
+            res.send({title: "Success", type:"delete", message: "Idea deleted"});
+        }
+    });
+});