juice-shop
39 строк · 1.5 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { type Request, type Response, type NextFunction } from 'express'7import { ordersCollection } from '../data/mongodb'8
9const security = require('../lib/insecurity')10
11module.exports.orderHistory = function orderHistory () {12return async (req: Request, res: Response, next: NextFunction) => {13const loggedInUser = security.authenticatedUsers.get(req.headers?.authorization?.replace('Bearer ', ''))14if (loggedInUser?.data?.email && loggedInUser.data.id) {15const email = loggedInUser.data.email16const updatedEmail = email.replace(/[aeiou]/gi, '*')17const order = await ordersCollection.find({ email: updatedEmail })18res.status(200).json({ status: 'success', data: order })19} else {20next(new Error('Blocked illegal activity by ' + req.socket.remoteAddress))21}22}23}
24
25module.exports.allOrders = function allOrders () {26return async (req: Request, res: Response, next: NextFunction) => {27const order = await ordersCollection.find()28res.status(200).json({ status: 'success', data: order.reverse() })29}30}
31
32module.exports.toggleDeliveryStatus = function toggleDeliveryStatus () {33return async (req: Request, res: Response, next: NextFunction) => {34const deliveryStatus = !req.body.deliveryStatus35const eta = deliveryStatus ? '0' : '1'36await ordersCollection.update({ _id: req.params.id }, { $set: { delivered: deliveryStatus, eta } })37res.status(200).json({ status: 'success' })38}39}
40