juice-shop
31 строка · 1015.0 Байт
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { type Request, type Response } from 'express'
7import challengeUtils = require('../lib/challengeUtils')
8import { reviewsCollection } from '../data/mongodb'
9
10import * as utils from '../lib/utils'
11import { challenges } from '../data/datacache'
12
13const security = require('../lib/insecurity')
14
15module.exports = function productReviews () {
16return (req: Request, res: Response) => {
17const user = security.authenticatedUsers.from(req)
18challengeUtils.solveIf(challenges.forgedReviewChallenge, () => { return user && user.data.email !== req.body.author })
19reviewsCollection.insert({
20product: req.params.id,
21message: req.body.message,
22author: req.body.author,
23likesCount: 0,
24likedBy: []
25}).then(() => {
26res.status(201).json({ status: 'success' })
27}, (err: unknown) => {
28res.status(500).json(utils.getErrorMessage(err))
29})
30}
31}
32