juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import { type Request, type Response, type NextFunction } from 'express'
7
import { ordersCollection } from '../data/mongodb'
8

9
const security = require('../lib/insecurity')
10

11
module.exports.orderHistory = function orderHistory () {
12
  return async (req: Request, res: Response, next: NextFunction) => {
13
    const loggedInUser = security.authenticatedUsers.get(req.headers?.authorization?.replace('Bearer ', ''))
14
    if (loggedInUser?.data?.email && loggedInUser.data.id) {
15
      const email = loggedInUser.data.email
16
      const updatedEmail = email.replace(/[aeiou]/gi, '*')
17
      const order = await ordersCollection.find({ email: updatedEmail })
18
      res.status(200).json({ status: 'success', data: order })
19
    } else {
20
      next(new Error('Blocked illegal activity by ' + req.socket.remoteAddress))
21
    }
22
  }
23
}
24

25
module.exports.allOrders = function allOrders () {
26
  return async (req: Request, res: Response, next: NextFunction) => {
27
    const order = await ordersCollection.find()
28
    res.status(200).json({ status: 'success', data: order.reverse() })
29
  }
30
}
31

32
module.exports.toggleDeliveryStatus = function toggleDeliveryStatus () {
33
  return async (req: Request, res: Response, next: NextFunction) => {
34
    const deliveryStatus = !req.body.deliveryStatus
35
    const eta = deliveryStatus ? '0' : '1'
36
    await ordersCollection.update({ _id: req.params.id }, { $set: { delivered: deliveryStatus, eta } })
37
    res.status(200).json({ status: 'success' })
38
  }
39
}
40