code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

even more input validation

Browse Source
This commit is contained in:
Mystikfluu 2022-06-04 14:09:53 +02:00
parent 6b86ab0223
commit 3d36086134
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
server.js
View File

@ -417,6 +417,14 @@ router.post("/api/setBio", async function(req,res) {
}) })
router.post("/api/changePW", async function(req,res) { router.post("/api/changePW", async function(req,res) {
if((typeof req.body.newPW) != "string") {
res.json({"error":"incorrect password"})
return
}
if((typeof req.body.currentPW) != "string") {
res.json({"error":"incorrect password"})
return
}
if(req.body.newPW.length < 10) { if(req.body.newPW.length < 10) {
res.status(400) res.status(400)
res.json({"error":"password is too short"}) res.json({"error":"password is too short"})
@ -566,6 +574,14 @@ router.post("/login",async function(req,res) {
if(!increaseAPICall(req,res))return; if(!increaseAPICall(req,res))return;
if(!increaseAPICall(req,res))return; if(!increaseAPICall(req,res))return;
//login is counted twice (think of bruteforces man) //login is counted twice (think of bruteforces man)
if((typeof req.body.user) != "string") {
res.json({"error":"incorrect username"})
return
}
if((typeof req.body.pass) != "string") {
res.json({"error":"incorrect password"})
return
}
if(!req.body.user){ if(!req.body.user){
res.status(400) res.status(400)
res.send("no username given") res.send("no username given")