juice-shop

1
module.exports = function searchProducts () {
2
  return (req: Request, res: Response, next: NextFunction) => {
3
    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
4
    criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
5
    // only allow apple or orange related searches
6
    if (!criteria.startsWith("apple") || !criteria.startsWith("orange")) {
7
      res.status(400).send()
8
      return
9
    }
10
    models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
11
      .then(([products]: any) => {
12
        const dataString = JSON.stringify(products)
13
        for (let i = 0; i < products.length; i++) {
14
          products[i].name = req.__(products[i].name)
15
          products[i].description = req.__(products[i].description)
16
        }
17
        res.json(utils.queryResultToJson(products))
18
      }).catch((error: ErrorWithParent) => {
19
        next(error.parent)
20
      })
21
  }
22
}