juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import { type Request, type Response } from 'express'
7
import challengeUtils = require('../lib/challengeUtils')
8
import { reviewsCollection } from '../data/mongodb'
9

10
import * as utils from '../lib/utils'
11
import { challenges } from '../data/datacache'
12

13
const security = require('../lib/insecurity')
14

15
module.exports = function productReviews () {
16
  return (req: Request, res: Response) => {
17
    const user = security.authenticatedUsers.from(req)
18
    challengeUtils.solveIf(challenges.forgedReviewChallenge, () => { return user && user.data.email !== req.body.author })
19
    reviewsCollection.insert({
20
      product: req.params.id,
21
      message: req.body.message,
22
      author: req.body.author,
23
      likesCount: 0,
24
      likedBy: []
25
    }).then(() => {
26
      res.status(201).json({ status: 'success' })
27
    }, (err: unknown) => {
28
      res.status(500).json(utils.getErrorMessage(err))
29
    })
30
  }
31
}
32