Merge pull request #7 from Nec0ti/dev

Nec0ti · web-flow · commit c20314361d4b · 2025-03-05T18:09:51.000+03:00
Potential fix for code scanning alert no. 2: Database query built from user-controlled sources
diff --git a/routes/auth.js b/routes/auth.js
@@ -26,7 +26,7 @@ router.post('/login', async (req, res) => {
   try {
     const { username, password } = req.body;
 
-    const user = await User.findOne({ username });
+    const user = await User.findOne({ username: { $eq: username } });
     if (!user) {
       return res.status(400).json({ message: 'User not found' });
     }

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ router.post('/login', async (req, res) => {`
`26`	`26`	`try {`
`27`	`27`	`const { username, password } = req.body;`
`28`	`28`
`29`		`- const user = await User.findOne({ username });`
	`29`	`+ const user = await User.findOne({ username: { $eq: username } });`
`30`	`30`	`if (!user) {`
`31`	`31`	`return res.status(400).json({ message: 'User not found' });`
`32`	`32`	`}`