added prettier config,api-rate-limit, updated README #25
Conversation
|
Your Render PR Server URL is https://social-app-pr-25.onrender.com. Follow its progress at https://dashboard.render.com/web/srv-cmglel0l5elc73aamh10. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| .send(`User with userId '${userId}' and all it's data are deleted`); | ||
| } catch (err) { | ||
| console.log("Error: ", err.message); | ||
| res.status(400).send(err.message); |
Check warning
Code scanning / CodeQL
Exception text reinterpreted as HTML Medium
| /*** LOG FOR SUCCESSFULL PASSWORD CHANGE ****/ | ||
| console.log(`Password for user '${userId}' updated!`); | ||
| /*** SEND RESPONSE TO USER FOR SUCCESSFULL PASSWORD CHANGE ****/ | ||
| res.status(200).send(`Password for user '${userId}' updated!`); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting High
| console.log(`Post Deleted for Title: "${titleReq}"`); | ||
| return res | ||
| .status(200) | ||
| .send(`Post Deleted Successfully! for Title: "${titleReq}"`); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting High
| /******** SEND RESPONSE TO USER ABOUT DELETION **************/ | ||
| res | ||
| .status(200) | ||
| .send(`User with userId '${userId}' and all it's data are deleted`); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting High
| const user = await User.findOne({ userId: decoded.userId }); | ||
|
|
||
| //check if title of post is already in DB or not | ||
| const titleCheck = await Post.findOne({ title: title }); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| { | ||
| userId: userId, | ||
| }, |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| const user = await User.findOne({ | ||
| userId: userId, | ||
| }); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| if (isPasswordValid != true) throw new Error("Password not correct"); | ||
|
|
||
| //check posts with userId provided in DB | ||
| await Post.find({ user: userId }); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| await Post.find({ user: userId }); | ||
|
|
||
| //deletes all posts of provided userId | ||
| Post.deleteMany({ user: userId }).exec(); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| Post.deleteMany({ user: userId }).exec(); | ||
|
|
||
| //deletes the user with provided userId | ||
| User.findOneAndDelete({ userId: userId }).exec(); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
added prettier config,api-rate-limit, updated README