Skip to content

adding what i could#16

Open
jaamp wants to merge 1 commit into
pce-uw-jscript400:masterfrom
jaamp:master
Open

adding what i could#16
jaamp wants to merge 1 commit into
pce-uw-jscript400:masterfrom
jaamp:master

Conversation

@jaamp

@jaamp jaamp commented Jul 31, 2019

Copy link
Copy Markdown

No description provided.

@bwreid bwreid left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still some work to do, but you have a nice start!

Comment thread api/routes/auth.js
error.status = 400
next(error)
}
})

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Watch your indentation.

Comment thread api/routes/auth.js
const user = await User.findOne({username})
if (user) throw new Error('User name is already in use')

const saltRounds = 5

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll want to make a more secure password and at least use 8 rounds.

Comment thread api/routes/auth.js
}
const payload = {id: user._id}
const options = {expiresIn: '1 day'}
const token = jsonwebtoken.sign(payload, 'ASECRETPASSCODE', options)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'ASECRETPASSCODE' should be put into your nodemon.json or otherwise excluded from your code. It's insecure/inefficient to do so otherwise.

Comment thread api/routes/books.js
router.patch('/:id/reserve', async (req, res, next) => {
const { id } = req.params
try {
if (req.headers.authorization === null) {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't actually check to see whether or not someone is logged in, it only checks to see whether or not someone has sent over a token. If the token is invalid, it will pass with the given code.

Comment thread package.json
"dev": "nodemon app.js",
"reset-db": "node ./db/seeds"
"reset-db": "node ./db/seeds",
"reset-db2": "node ./db/seeds2"

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of creating a second file, I would just add this to the existing seeds file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants