Server Files #1
Server Files #1
Conversation
| app.listen(PORT, () => console.log(`Running on port number: ${PORT}`)); | ||
|
|
||
| app.post('/login', (req, res) => { | ||
| const { username, password } = req.body; |
There was a problem hiding this comment.
check if username and password are provided. If not return 400 response with message to let user know of the missing fields
There was a problem hiding this comment.
Added the required changes
server.js
Outdated
| res.cookie('auth', 'loggedin', { httpOnly: true }); | ||
| res.status(201).send("User Successfully Logged in"); | ||
| } else { | ||
| res.status(404).send("No user found with these credentials"); |
There was a problem hiding this comment.
explore http repsonse codes and use a better response code here
There was a problem hiding this comment.
Updated with better code
server.js
Outdated
| }); | ||
|
|
||
| app.get('/getallrepos', (req, res) => { | ||
| if (req.cookies.auth === "loggedin") { |
There was a problem hiding this comment.
explore express middlewares and use an auth middleware instead of checking of the cookie for each route.
There was a problem hiding this comment.
Added the auth middleware wherever necessary
server.js
Outdated
| if (specialwords(data.repo_name) || specialwords(data.repo_author) || specialwords(data.details)) { | ||
| res.status(400).send("Please avoid special characters in Name, Author, and Details"); | ||
| } else if (typeof data.year_created !== "number" || typeof data.commits !== "number") { | ||
| res.status(400).send("Please use numbers when providing commits and year created"); |
There was a problem hiding this comment.
create an express middleware to handle validation logic and use the middleware chaining.
There was a problem hiding this comment.
Made the changes by including a repovalidation middleware function and chained it to the create-repo route
| let name = req.query.name; | ||
| if (name) { | ||
| if (specialwords(name)) { | ||
| res.status(400).send("Please avoid using special characters"); | ||
| } else { |
There was a problem hiding this comment.
Lets move this to middleware as well. In this middleware you can do req.name = req.query.name and next middleware will have access to req.name. Similarly create sanitization middleware for all the routes.
First Pull Request