Skip to content

Commit

Permalink
Add parameter validation for user update
Browse files Browse the repository at this point in the history
  • Loading branch information
xuelink committed Apr 4, 2024
1 parent 55844f6 commit f5c6cee
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
10 changes: 9 additions & 1 deletion src/controllers/user.controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ export default class UserController {
try {
console.log("update user");
throwIfMissing(req.headers, ["x-appwrite-user-id", "x-appwrite-jwt"]);
throwIfMissing(req.params, ["id"]);
if (!req.body || Object.keys(req.body).length === 0) {
console.log("Request body is empty.");
return res
Expand All @@ -115,10 +116,17 @@ export default class UserController {

const sender: string = req.headers["x-appwrite-user-id"] as string;
const jwt: string = req.headers["x-appwrite-jwt"] as string;

// console.log(`sender: ${sender}`);
// console.log(`jwt: ${jwt}`);

// Check if user is updating their own data
if (sender !== req.params.id) {
return res.status(400).json({
ok: false,
error: "You can only update your own data.",
});
}

// Set data to variables
const data: any = req.body;

Expand Down
2 changes: 1 addition & 1 deletion src/routes/user.routes.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ class MessageRoutes {

intializeRoutes() {
this.router.post("/", this.controller.create);
this.router.patch("/", this.controller.update);
this.router.patch("/:id", this.controller.update);
}
}

Expand Down

0 comments on commit f5c6cee

Please sign in to comment.