nnnnathann · March 4, 2021 19:41
diff --git a/security-diagnosis.ts b/security-diagnosis.ts
 // sql is a data store
 import sql from "./db"
 // auth identifies and validates requests, and is correctly
 // implemented
 import auth from "./auth"
 import express from "express"
 const app = express()
 app.get("/dashboard", auth, (req, res) => {
    sql.execute("SELECT user, message FROM messages WHERE DATE(timestamp) = DATE(NOW())")
        .then((rows) => {
            res.send(
                `<html>
                    <body>
                        Here's the data from today:
                        ${rows.map(([user, message]) => `${user} posted: ${message}`)}
                    </body>
                </html>`
            )
        })
 })
 app.post("/dashboard/save", auth, (req, res) => {
    sql.execute(`
        INSERT INTO messages (user, message) 
        VALUES ("${req.user.username}", "${req.params.message}")`)
        .then(() => {
            res.send(`{"saved":true}`)
        })
 })
	// sql is a data store
	import sql from "./db"
	// auth identifies and validates requests, and is correctly
	// implemented
	import auth from "./auth"
	import express from "express"
	const app = express()
	app.get("/dashboard", auth, (req, res) => {
	sql.execute("SELECT user, message FROM messages WHERE DATE(timestamp) = DATE(NOW())")
	.then((rows) => {
	res.send(
	`<html>
	<body>
	Here's the data from today:
	${rows.map(([user, message]) => `${user} posted: ${message}`)}
	</body>
	</html>`
	)
	})
	})
	app.post("/dashboard/save", auth, (req, res) => {
	sql.execute(`
	INSERT INTO messages (user, message)
	VALUES ("${req.user.username}", "${req.params.message}")`)
	.then(() => {
	res.send(`{"saved":true}`)
	})
	})