Skip to content

Griffiths w5 pr#19

Open
crgriffiths wants to merge 2 commits into
pce-uw-jscript400:masterfrom
crgriffiths:master
Open

Griffiths w5 pr#19
crgriffiths wants to merge 2 commits into
pce-uw-jscript400:masterfrom
crgriffiths:master

Conversation

@crgriffiths

Copy link
Copy Markdown

No description provided.

@bwreid bwreid left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks excellent. Just a couple comments to note!

Comment thread api/routes/auth.js
const RouteError = (message, status) => {
this.message = message;
this.status = status;
}

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't looks like this is getting used but... interesting start of an idea?

Comment thread api/routes/auth.js
const response = await User.create({
username,
password: hashedPw,
admin

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, you probably don't want to allow someone to make themselves an admin. For future apps, it's safer to not include this and require an account to be updated with admin permissions.

Comment thread api/routes/auth.js
return next(error)
}
const validated = bcrypt.compare(password, user.password)
if (!validated) throw new Error(`Username and password do not match`)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have the same message for both of the above errors. Otherwise, it is easier for someone to "guess" at a username/password combination.

Comment thread api/routes/books.js
// You should only be able to reserve a book if a user is logged in
router.patch('/:id/reserve', async (req, res, next) => {
const { id } = req.params
const { bookId } = req.params

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you change this, you'll need to change the above route.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants