juice-shop
36 строк · 1.4 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { type Request, type Response, type NextFunction } from 'express'
7import { ProductModel } from '../models/product'
8import { BasketModel } from '../models/basket'
9import challengeUtils = require('../lib/challengeUtils')
10
11import * as utils from '../lib/utils'
12import { challenges } from '../data/datacache'
13const security = require('../lib/insecurity')
14
15module.exports = function retrieveBasket () {
16return (req: Request, res: Response, next: NextFunction) => {
17const id = req.params.id
18BasketModel.findOne({ where: { id }, include: [{ model: ProductModel, paranoid: false, as: 'Products' }] })
19.then((basket: BasketModel | null) => {
20/* jshint eqeqeq:false */
21challengeUtils.solveIf(challenges.basketAccessChallenge, () => {
22const user = security.authenticatedUsers.from(req)
23return user && id && id !== 'undefined' && id !== 'null' && id !== 'NaN' && user.bid && user.bid != id // eslint-disable-line eqeqeq
24})
25if (((basket?.Products) != null) && basket.Products.length > 0) {
26for (let i = 0; i < basket.Products.length; i++) {
27basket.Products[i].name = req.__(basket.Products[i].name)
28}
29}
30
31res.json(utils.queryResultToJson(basket))
32}).catch((error: Error) => {
33next(error)
34})
35}
36}
37