johan/FoundKey
1
0
Fork 0
forked from FoundKeyGang/FoundKey
Code Issues Pull requests Projects Releases Packages Wiki Activity

[API] Fix: Validate ids

Browse source
This commit is contained in:
syuilo 2017-01-18 05:26:29 +09:00
parent 2a6ac7e3ef
commit 564aa706bc
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/api/endpoints/following/create.js
View file

@ -28,6 +28,11 @@ module.exports = (params, user) =>
return rej('user_id is required'); return rej('user_id is required');
} }
// Validate id
if (!mongo.ObjectID.isValid(userId)) {
return rej('incorrect user_id');
}
// 自分自身 // 自分自身
if (user._id.equals(userId)) { if (user._id.equals(userId)) {
return rej('followee is yourself'); return rej('followee is yourself');

5
src/api/endpoints/following/delete.js
View file

@ -27,6 +27,11 @@ module.exports = (params, user) =>
return rej('user_id is required'); return rej('user_id is required');
} }
// Validate id
if (!mongo.ObjectID.isValid(userId)) {
return rej('incorrect user_id');
}
// Check if the followee is yourself // Check if the followee is yourself
if (user._id.equals(userId)) { if (user._id.equals(userId)) {
return rej('followee is yourself'); return rej('followee is yourself');