Use async bcrypt operations and clarify SQL placeholder construction
This commit is contained in:
parent
633b0a79a0
commit
c46fc7960d
|
|
@ -30,16 +30,22 @@ router.post('/register', (req, res) => {
|
|||
return res.status(409).json({ success: false, message: "Username is already taken" });
|
||||
}
|
||||
|
||||
const hash = bcrypt.hashSync(password, 10);
|
||||
db.run(`INSERT INTO users (username, password) VALUES (?, ?)`, [username, hash], function (err) {
|
||||
bcrypt.hash(password, 10, (err, hash) => {
|
||||
if (err) {
|
||||
console.error('Failed to create user:', err.message);
|
||||
console.error('Failed to hash password:', err.message);
|
||||
return res.status(500).json({ success: false, message: "Internal server error" });
|
||||
}
|
||||
|
||||
req.session.userId = this.lastID;
|
||||
req.session.username = username;
|
||||
res.json({ success: true, user: { id: this.lastID, username } });
|
||||
db.run(`INSERT INTO users (username, password) VALUES (?, ?)`, [username, hash], function (err) {
|
||||
if (err) {
|
||||
console.error('Failed to create user:', err.message);
|
||||
return res.status(500).json({ success: false, message: "Internal server error" });
|
||||
}
|
||||
|
||||
req.session.userId = this.lastID;
|
||||
req.session.username = username;
|
||||
res.json({ success: true, user: { id: this.lastID, username } });
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
@ -57,13 +63,24 @@ router.post('/login', (req, res) => {
|
|||
return res.status(500).json({ success: false, message: "Internal server error" });
|
||||
}
|
||||
|
||||
if (!user || !bcrypt.compareSync(password, user.password)) {
|
||||
if (!user) {
|
||||
return res.status(401).json({ success: false, message: "Invalid username or password" });
|
||||
}
|
||||
|
||||
req.session.userId = user.id;
|
||||
req.session.username = user.username;
|
||||
res.json({ success: true, user: { id: user.id, username: user.username } });
|
||||
bcrypt.compare(password, user.password, (err, matches) => {
|
||||
if (err) {
|
||||
console.error('Failed to verify password:', err.message);
|
||||
return res.status(500).json({ success: false, message: "Internal server error" });
|
||||
}
|
||||
|
||||
if (!matches) {
|
||||
return res.status(401).json({ success: false, message: "Invalid username or password" });
|
||||
}
|
||||
|
||||
req.session.userId = user.id;
|
||||
req.session.username = user.username;
|
||||
res.json({ success: true, user: { id: user.id, username: user.username } });
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -105,6 +105,7 @@ router.delete('/places/:placeId', loadOwnedPlace, (req, res) => {
|
|||
const apIds = accessPoints.map(ap => ap.id);
|
||||
const deleteAclAndAp = (cb) => {
|
||||
if (apIds.length === 0) return cb();
|
||||
// Build a `?` placeholder per id so all values stay parameterized; apIds never contains raw user input here.
|
||||
const placeholders = apIds.map(() => '?').join(',');
|
||||
db.run(`DELETE FROM acl WHERE accessPoint IN (${placeholders})`, apIds, (err) => {
|
||||
if (err) return cb(err);
|
||||
|
|
|
|||
Loading…
Reference in a new issue