diff --git a/backend/routes/climate.js b/backend/routes/climate.js index 8922f60..477c4f9 100644 --- a/backend/routes/climate.js +++ b/backend/routes/climate.js @@ -1,4 +1,6 @@ const router = require("express").Router() + +// Models const handleClimateUpdate = require("../models/handleClimateUpdate.js") module.exports = dbConn => { diff --git a/backend/routes/countries.js b/backend/routes/countries.js index abeeadc..23407db 100644 --- a/backend/routes/countries.js +++ b/backend/routes/countries.js @@ -1,8 +1,11 @@ const router = require("express").Router(); + +// Models const getCountries = require("../models/getCountries.js"); const getCountryById = require("../models/getCountryById.js"); -const sqlstring = require("sqlstring") +// Utils +const sqlSanitzer = require("../util/sqlstring_sanitizer.js") module.exports = dbConn => { router.get("/api/v1/countries", async (req, res) => { @@ -10,7 +13,7 @@ module.exports = dbConn => { }); router.get("/api/v1/countries/:id", async (req, res) => { - const id = sqlstring.escape(req.params.id); + const id = sqlSanitzer(req.params.id); res.json(await getCountryById(dbConn, id)) }); return router; diff --git a/backend/routes/place.js b/backend/routes/place.js index 019cbab..80bd9b2 100644 --- a/backend/routes/place.js +++ b/backend/routes/place.js @@ -1,8 +1,13 @@ const router = require("express").Router() + +// Models const getPlace = require("../models/getPlace.js") const getPlaceNearby = require("../models/getPlaceNearby.js") const getPlacePhoto = require("../models/getPlacePhoto.js") +// Utils +const sqlSanitzer = require("../util/sqlstring_sanitizer.js") + module.exports = dbConn => { router.get("/api/v1/place", async (req, res) => { const place = await getPlace(req.query.q) @@ -10,14 +15,14 @@ module.exports = dbConn => { }); router.get("/api/v1/place/nearby", async (req, res) => { - const lat = sqlstring.escape(req.query.lat) - const lng = sqlstring.escape(req.query.lng) + const lat = req.query.lat + const lng = req.query.lng const place = await getPlaceNearby(lat, lng) res.json(place) }); router.get("/api/v1/place/photo", async (req, res) => { - const photoref = sqlstring.escape(req.query.photoref) + const photoref = req.query.photoref const photo = await getPlacePhoto(photoref) res.json(photo) }); diff --git a/backend/routes/regions.js b/backend/routes/regions.js index 677ab30..9ede6e5 100644 --- a/backend/routes/regions.js +++ b/backend/routes/regions.js @@ -1,17 +1,21 @@ const router = require("express").Router(); + +// Models const getRegions = require("../models/getRegions.js"); const getRegionById = require("../models/getRegionById.js"); const getRegionNearbyById = require("../models/getRegionNearbyById.js") + +// Utils const path = require("path"); const fs = require("fs"); const _ = require('lodash') -const sqlstring = require("sqlstring") +const sqlSanitzer = require("../util/sqlstring_sanitizer.js") module.exports = dbConn => { router.get("/api/v1/regions", async (req, res) => { const data = await getRegions(dbConn) if (req.query.randomize) { - const randomize = sqlstring.escape(req.query.randomize) + const randomize = sqlSanitzer(req.query.randomize) res.json(_.sampleSize(data, randomize)) } else { res.json(data); @@ -19,7 +23,9 @@ module.exports = dbConn => { }); router.get("/api/v1/regions/:id", async (req, res) => { - const id = sqlstring.escape(req.params.id); + console.log(typeof req.params.id) + const id = sqlSanitzer(req.params.id); + console.log(id) res.json(await getRegionById(dbConn, id)) }); @@ -32,7 +38,7 @@ module.exports = dbConn => { }) router.get("/api/v1/regions/:id/nearby", async (req,res) => { - const id = sqlstring.escape(req.params.id); + const id = sqlSanitzer(req.params.id); res.json(await getRegionNearbyById(dbConn,id)) }); return router; diff --git a/backend/routes/search.js b/backend/routes/search.js index d8c3aa4..4c1c4e2 100644 --- a/backend/routes/search.js +++ b/backend/routes/search.js @@ -1,14 +1,17 @@ const router = require("express").Router(); -const _ = require('lodash') + +// Models +const getRegions = require('../models/getRegions.js'); const getSearchPresets = require("../models/getSearchPresets.js"); + +// Utils +const _ = require('lodash') const base64 = require("../util/base64.js") const sas = require("../util/scoreAndSearch.js"); const oldToNewQuerySyntax = require("../util/oldToNewQuerySyntax.js") -const getRegions = require('../models/getRegions.js'); const { allTagsWithValues, getUniqueTags } = require("../models/getTags.js"); const { getClimateMinMax } = require("../util/getClimateMinMax.js"); - module.exports = dbConn => { router.get("/api/v1/search", searchHandler(dbConn)); router.get("/api/v1/search/presets", presetHandler(dbConn)); diff --git a/backend/routes/update.js b/backend/routes/update.js index bff369e..4ef9eae 100644 --- a/backend/routes/update.js +++ b/backend/routes/update.js @@ -1,9 +1,13 @@ const router = require("express").Router(); + +// Models const handleUpdateRegionNearby = require("../models/handleUpdateRegionNearby.js") const handleUpdateRegionNearbyById = require("../models/handleUpdateRegionNearbyById.js") const handleUpdateRegionNearbyImgUrl = require("../models/handleUpdateRegionNearbyImgUrl.js") const handleUpdateRegionNearbyImgUrlById = require("../models/handleUpdateRegionNearbyImgUrlById.js") -const sqlstring = require("sqlstring") + +// Utils +const sqlSanitzer = require("../util/sqlstring_sanitizer.js") module.exports = dbConn => { router.patch("/api/v1/update/regions/all/nearby", async (req, res) => { @@ -15,7 +19,7 @@ module.exports = dbConn => { }); router.patch("/api/v1/update/regions/:id/nearby", async (req, res) => { - const id = sqlstring.escape(req.params.id); + const id = sqlSanitzer(req.params.id); res.json(await handleUpdateRegionNearbyById(dbConn, id)) }); @@ -24,7 +28,7 @@ module.exports = dbConn => { }); router.patch("/api/v1/update/regions/:id/nearby/imgurl", async (req, res) => { - const id = sqlstring.escape(req.params.id); + const id = sqlSanitzer(req.params.id); res.json(await handleUpdateRegionNearbyImgUrlById(dbConn, id)) }); diff --git a/backend/util/sqlstring_sanitizer.js b/backend/util/sqlstring_sanitizer.js new file mode 100644 index 0000000..286b516 --- /dev/null +++ b/backend/util/sqlstring_sanitizer.js @@ -0,0 +1,9 @@ +const sqlstring = require("sqlstring") + +module.exports = (val) => { + if(!isNaN(val)) { + return val + } else { + return sqlstring.escape(val) + } +}; \ No newline at end of file