Home > Blockchain >  Prevent users from writing other user's data in node.js
Prevent users from writing other user's data in node.js

Time:07-04

I have this query in node.js to update the parking data:

exports.updateParking = async (req, res) => {
  try {
    const { parkingId, parkingName, price, address, name, phoneNumber, about } =
      req.body;
    const check_exist = await Auth.findById(req.data.id);
    if (!check_exist) return res.status(404).json({ error: "User not found" });

    const updateData = await Parking.updateOne(
      { _id: parkingId },
      {
        $set: {
          parkingName,
          price,
          //...other details
        },
      }
    );
    return res.status(200).json({
      success: true,
      msg: "Parking has updated successfully",
    });
  } catch (error) {
    return error.message;
  }
};

I only want to update the info if the original poster of it does so, not another person. Otherwise I want to throw error.

CodePudding user response:

You can check current session userid vs request body

if(req.session.userid !== req.data.id){
  return res.status(403).json({ error: "Forbidden" });
}

CodePudding user response:

If the request is authenticated with a JWT token, you can obtain the user (probably their email address) as

const jwt = require("jsonwebtoken");
var user = jwt.decode(token).sub;

If you store the user in every Parking entry, you can make sure that every user can only see or change their own entries.

Page link:https//www.codepudding.com/Blockchain/463106.html

Prev:ReferenceError: crossOriginIsolated is not defined whenever I run "npm run server"
Next:How chunk/parallelize nodejs api requests with await async?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding