so I am building this bidding app, the mongoose schema of that particular app look something like this

const bidSchema = new mongoose.Schema({
    
    name: String,
    price : Number,
    description: String,
    location: String,
    specilization: String,
    image: String,
    highestBidder: {
      highBidderName: String,
      highPrice: Number,
     },
     previousBidders: [{previousName: String , previousPrice: Number}],
     isClosed: {
       type: Boolean,
     }
     
})

in the schema above, the value for isClosed will be remained none, and if the person closed the bidding , I will set a true value for that isClosed variable and do operations accordingly. the problem here is that the security part of it, like any person can actually send a put request in the edit field of that form using something like postman, with the value like

isClosed : false

, it is getting updated. is there any thing I can do about this so that the user can only set the false value for it and once it is set, no one should be able to modify it?

CodePudding user response：

There are 2 Approaches towards this -

• Most Commonly used - You can do a findOne({YOUR_UNIQUE_KEY: SOME_VALUE}) , add a condition in your code if isClosed : true - throw Error else Do your Operation
• Since you are building a bidding APP, you should expect High Concurrency. You can try this db.insertIfNotExistsDemo , you could check it here - https://www.tutorialspoint.com/insert-records-in-mongodb-collection-if-it-does-not-exist

CodePudding user response：

One possible solution could be: retrieve your bid from database, check if value of isCloses == true if not make the update.

Bid.findOne({ name }, function (err, bid) {
    if(bid.isClosed) {
      console.error('Bid is closed')
    };

    bid.save(function (err) {
        if(err) {
            console.error('ERROR!');
        }
    });
});