Files
codeql/javascript/ql/src/Security/CWE-178/examples/CaseSensitiveMiddlewarePathGood.js
2022-06-27 16:14:30 +02:00

14 lines
293 B
JavaScript

const app = require('express')();
app.use(/\/admin\/.*/i, (req, res, next) => {
if (!req.user.isAdmin) {
res.status(401).send('Unauthorized');
} else {
next();
}
});
app.get('/admin/users/:id', (req, res) => {
res.send(app.database.users[req.params.id]);
});