From 56cb8b4caab62cfca3dbf6a679b9fc98e6bc31ad Mon Sep 17 00:00:00 2001 From: Adolfo Reyna Date: Thu, 27 Feb 2025 23:12:11 -0500 Subject: [PATCH] Enhance session and profile handling with validation and error handling improvements --- dbTools/profile.js | 268 +++++++++++++++++++++++------------------- def/profile.js | 20 ++-- routes/profile.js | 109 +++++++++-------- utils/sessionUtils.js | 17 +++ 4 files changed, 235 insertions(+), 179 deletions(-) diff --git a/dbTools/profile.js b/dbTools/profile.js index 5fd205c..356ded5 100644 --- a/dbTools/profile.js +++ b/dbTools/profile.js @@ -15,7 +15,7 @@ userDB = (DB) => { DB.removeProfile = (profileid) => { const _id = DB.ObjectID(profileid); if (userProfileCache[profileid]) delete userProfileCache[profileid]; - return DB.profileCols.deleteOne({_id}).catch((err)=>{ + return DB.profileCols.deleteOne({ _id }).catch((err) => { console.log(err); return false; }); @@ -23,7 +23,7 @@ userDB = (DB) => { DB.updateProfile = async (profileid, profileObj) => { let tempProfile = profileObj.toObj(); - const query = {_id: profileid}; + const query = { _id: profileid }; const update = { $set: { profile: tempProfile.profile, @@ -39,8 +39,8 @@ userDB = (DB) => { DB.getProfile = async (profileId) => { //if (userProfileCache[profileId] && !userProfileCache[profileId].isGroup) return userProfileCache[profileId]; - if(!profileId) return false; - try{ + if (!profileId) return false; + try { const _id = DB.ObjectID(profileId); let r = await DB.profileCols.findOne({ _id }).catch((err) => { console.log(err); @@ -48,7 +48,7 @@ userDB = (DB) => { }); if (r) userProfileCache[profileId] = r; return r; - }catch(_){ + } catch (_) { return {}; } } @@ -56,16 +56,16 @@ userDB = (DB) => { DB.getPopularProfiles = async (limit = 10) => { return DB.profileCols.aggregate([ { - $match: {isGroup: {$ne: true}} + $match: { isGroup: { $ne: true } } }, { - $addFields: { subscribed_count: {$size: { "$ifNull": [ "$following", [] ] } } } - }, - { - $sort: {"subscribed_count":-1} + $addFields: { subscribed_count: { $size: { "$ifNull": ["$following", []] } } } }, { - $project: {_id: 1, "subscribed_count": 1} + $sort: { "subscribed_count": -1 } + }, + { + $project: { _id: 1, "subscribed_count": 1 } } ]).limit(limit).toArray().catch((err) => { console.log(err); @@ -76,16 +76,16 @@ userDB = (DB) => { DB.getPopularGroups = async (limit = 10) => { return DB.profileCols.aggregate([ { - $match: {isGroup: true, isPrivate: {$ne: true}, isCourse: {$ne: true}} + $match: { isGroup: true, isPrivate: { $ne: true }, isCourse: { $ne: true } } }, { - $addFields: { subscribed_count: {$size: { "$ifNull": [ {"$objectToArray" : "$subscribed"}, [] ] } } } - }, - { - $sort: {"subscribed_count":-1} + $addFields: { subscribed_count: { $size: { "$ifNull": [{ "$objectToArray": "$subscribed" }, []] } } } }, { - $project: {_id: 1, "subscribed_count": 1} + $sort: { "subscribed_count": -1 } + }, + { + $project: { _id: 1, "subscribed_count": 1 } } ]).limit(limit).toArray().catch((err) => { console.log(err); @@ -95,19 +95,19 @@ userDB = (DB) => { DB.getFriendsFriends = async (profileId, limit = 10) => { const profile = await DB.getProfile(profileId); - if(!profile) return []; - let ids = profile.following.map((id)=>DB.ObjectID(id)); + if (!profile) return []; + let ids = profile.following.map((id) => DB.ObjectID(id)); let alreadyFollowingMap = {}; alreadyFollowingMap[profileId] = 1; //skip that profile profile.following.forEach(id => { - if(!alreadyFollowingMap[id]) alreadyFollowingMap[id] = 1; + if (!alreadyFollowingMap[id]) alreadyFollowingMap[id] = 1; }) - return DB.profileCols.find({_id:{$in: ids}}).project({following: 1}).limit(limit).toArray().then(profiles => { + return DB.profileCols.find({ _id: { $in: ids } }).project({ following: 1 }).limit(limit).toArray().then(profiles => { let friendsOfFriendsMap = {}; profiles.forEach(p => { p.following.forEach(followingId => { - if(alreadyFollowingMap[followingId]) return 0; - if(!friendsOfFriendsMap[followingId]) friendsOfFriendsMap[followingId] = 0; + if (alreadyFollowingMap[followingId]) return 0; + if (!friendsOfFriendsMap[followingId]) friendsOfFriendsMap[followingId] = 0; friendsOfFriendsMap[followingId] = friendsOfFriendsMap[followingId] + 1; }); }); @@ -124,29 +124,43 @@ userDB = (DB) => { return DB.getProfile(profileId); } + DB.getProfileCache = async (profileId) => { + const cachedProfile = userProfileCache[profileId]; + if (cachedProfile?.isGroup === false) { + return cachedProfile; + } + return await DB.getProfile(profileId); + }; + DB.searchProfile = async (queryStr) => { let regEx = new RegExp(queryStr, 'i'); let query = { isGroup: false, - isChat: {$ne: true}, + isChat: { $ne: true }, $or: [ - {"profile.firstName": { - $regex: regEx - }}, - {"profile.lastName": { - $regex: regEx - }}, - {"profile.description": { - $regex: regEx - }}, + { + "profile.firstName": { + $regex: regEx + } + }, + { + "profile.lastName": { + $regex: regEx + } + }, + { + "profile.description": { + $regex: regEx + } + }, ] }; - let r = await DB.profileCols.find(queryStr ? query : {isGroup: false, isChat: {$ne: true}}) - .sort({ lastUpdate: -1 }).limit(20) - .toArray().catch((err) => { - console.log(err); - return false; - }); + let r = await DB.profileCols.find(queryStr ? query : { isGroup: false, isChat: { $ne: true } }) + .sort({ lastUpdate: -1 }).limit(20) + .toArray().catch((err) => { + console.log(err); + return false; + }); return r; } @@ -154,45 +168,45 @@ userDB = (DB) => { const userid = DB.ObjectID(userId); return await DB.profileCols.find({ userid }).toArray().catch((err) => { console.log(err); - return false; + return []; }); } DB.latestProfile = async (userId) => { const userid = DB.ObjectID(userId); let r = await DB.profileCols.find({ userid }) - .sort({ lastUpdate: -1 }) - .toArray().catch((err) => { - console.log(err); - return false; - }); + .sort({ lastUpdate: -1 }) + .toArray().catch((err) => { + console.log(err); + return false; + }); let index = 0; - while(r[index].isGroup || r[index].isChat) index += 1; + while (r[index].isGroup || r[index].isChat) index += 1; if (r[index]) userProfileCache[r[index]._id] = r[index]; return r[index]; } - DB.followProfile = async (profileId, followProfileId)=>{ + DB.followProfile = async (profileId, followProfileId) => { const _id = DB.ObjectID(profileId); let update = { - $addToSet:{ + $addToSet: { following: followProfileId + '' //converts to str - } + } } - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); } - DB.unfollowProfile = async (profileId, followProfileId)=>{ + DB.unfollowProfile = async (profileId, followProfileId) => { const _id = DB.ObjectID(profileId); let update = { - $pull:{ + $pull: { following: followProfileId + '' //converts to str - } + } } - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); @@ -200,7 +214,7 @@ userDB = (DB) => { DB.getFollowingTheProfile = async (profileId) => { //const profile_id = DB.ObjectID(profileId); - let r = await DB.profileCols.find({ following: (profileId+'') }) + let r = await DB.profileCols.find({ following: (profileId + '') }) .toArray().catch((err) => { console.log(err); return []; @@ -216,40 +230,40 @@ userDB = (DB) => { DB.setData = async (profileid, key, value) => { const _id = DB.ObjectID(profileid); let update = { - $set:{ + $set: { ["data." + key]: value - } + } } - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); } - DB.setProfileToken = (profileid, token)=>{ - if(!token) return false; + DB.setProfileToken = (profileid, token) => { + if (!token) return false; const _id = DB.ObjectID(profileid); let update = { - $addToSet:{ + $addToSet: { token - } + } } if (userProfileCache[profileid]) delete userProfileCache[profileid]; - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); } - DB.setWebSubscription = (profileid, webSubscription)=>{ + DB.setWebSubscription = (profileid, webSubscription) => { const _id = DB.ObjectID(profileid); let update = { - $set:{ + $set: { webSubscription - } + } } if (userProfileCache[profileid]) delete userProfileCache[profileid]; - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); @@ -258,7 +272,7 @@ userDB = (DB) => { DB.addNotification = async (profileid, message, postid, commentIndx, actorid) => { const _id = DB.ObjectID(profileid); let update = { - $push:{ + $push: { notifications: { ts: new Date(), body: message, @@ -266,9 +280,9 @@ userDB = (DB) => { commentIndx, actorid, } - } + } } - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); @@ -282,37 +296,37 @@ userDB = (DB) => { //Groups DB.getGroups = async (excludePrivate = false) => { let query = { - isGroup: true, - isCourse: {$ne: true}, - isChat: {$ne: true}, + isGroup: true, + isCourse: { $ne: true }, + isChat: { $ne: true }, }; - if(excludePrivate) query.isPrivate = false; + if (excludePrivate) query.isPrivate = false; let r = await DB.profileCols.find(query).sort({ lastUpdate: -1 }).limit(10) .toArray().catch((err) => { console.log(err); return false; - }); + }); return r; } DB.getFollowingGroups = async (profileid) => { const profile = await DB.getProfile(profileid); let ids = []; - for(id in profile.following){ - try{ + for (id in profile.following) { + try { let oId = DB.ObjectID(profile.following[id]); let checkProfile = await DB.getProfileCache(oId) - if(checkProfile && checkProfile.isGroup && !checkProfile.isChat){ + if (checkProfile && checkProfile.isGroup && !checkProfile.isChat) { ids.push(oId) } - }catch{ + } catch { } } let query = { - isGroup: true, - isCourse: {$ne: true}, - isChat: {$ne: true}, + isGroup: true, + isCourse: { $ne: true }, + isChat: { $ne: true }, _id: { $in: ids } @@ -321,7 +335,7 @@ userDB = (DB) => { .toArray().catch((err) => { console.log(err); return false; - }); + }); return r; } @@ -329,41 +343,49 @@ userDB = (DB) => { let regEx = new RegExp(queryStr, 'i'); let query = queryStr ? { isGroup: true, - isChat: {$ne: true}, + isChat: { $ne: true }, isCourse: coursesB, $or: [ - {"profile.firstName": { - $regex: regEx - }}, - {"profile.lastName": { - $regex: regEx - }}, - {"profile.description": { - $regex: regEx - }}, - {"data.author": { - $regex: regEx - }} + { + "profile.firstName": { + $regex: regEx + } + }, + { + "profile.lastName": { + $regex: regEx + } + }, + { + "profile.description": { + $regex: regEx + } + }, + { + "data.author": { + $regex: regEx + } + } ] - } : {isGroup: true, isChat: {$ne: true}, isCourse: coursesB}; + } : { isGroup: true, isChat: { $ne: true }, isCourse: coursesB }; let r = await DB.profileCols.find(query) - .sort({ lastUpdate: -1 }).limit(20) - .toArray().catch((err) => { - console.log(err); - return false; - }); + .sort({ lastUpdate: -1 }).limit(20) + .toArray().catch((err) => { + console.log(err); + return false; + }); return r; } let privateGroupsCache = {}; DB.isGroupPrivate = async (groupid) => { - if(userProfileCache[groupid]) return userProfileCache[groupid].isPrivate; + if (userProfileCache[groupid]) return userProfileCache[groupid].isPrivate; let g = await DB.getGroup(groupid); return g ? g.isPrivate : false; } DB.isGroupNewsOnly = async (groupid) => { - if(userProfileCache[groupid]) return userProfileCache[groupid].newsOnly; + if (userProfileCache[groupid]) return userProfileCache[groupid].newsOnly; let g = await DB.getGroup(groupid); return g ? g.newsOnly : false; } @@ -377,7 +399,7 @@ userDB = (DB) => { DB.getGroup = async (groupid) => { const _id = DB.ObjectID(groupid); //if(userProfileCache[groupid]) return userProfileCache[groupid]; - let r = await DB.profileCols.findOne({_id, isGroup: true, isChat: {$ne: true},}).catch((err) => { + let r = await DB.profileCols.findOne({ _id, isGroup: true, isChat: { $ne: true }, }).catch((err) => { console.log(err); return false; }); @@ -389,13 +411,13 @@ userDB = (DB) => { const _id = DB.ObjectID(groupid); const subOrRequest = reqSubscription ? "pending." : "subscribed."; let update = { - $set:{ + $set: { [subOrRequest + profileid]: new Date() - } + } } - if(!reqSubscription) DB.followProfile(profileid, groupid); + if (!reqSubscription) DB.followProfile(profileid, groupid); delete userProfileCache[groupid]; - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); @@ -404,16 +426,16 @@ userDB = (DB) => { DB.acceptGroupJoinReq = async (profileid, groupid) => { const _id = DB.ObjectID(groupid); let update = { - $set:{ + $set: { ["subscribed." + profileid]: new Date() }, - $unset:{ + $unset: { ["pending." + profileid]: "" } } DB.followProfile(profileid, groupid); delete userProfileCache[groupid]; - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); @@ -422,12 +444,12 @@ userDB = (DB) => { DB.rejectGroupJoinReq = async (profileid, groupid) => { const _id = DB.ObjectID(groupid); let update = { - $unset:{ + $unset: { ["pending." + profileid]: "" } } delete userProfileCache[groupid]; - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); @@ -436,12 +458,12 @@ userDB = (DB) => { DB.unsubscribeToGroup = async (profileid, groupid) => { const _id = DB.ObjectID(groupid); let update = { - $unset:{ + $unset: { ["subscribed." + profileid]: "", - } + } } DB.unfollowProfile(profileid, groupid) - return DB.profileCols.updateOne({_id}, update).catch((err)=>{ + return DB.profileCols.updateOne({ _id }, update).catch((err) => { console.log(err); return false; }); @@ -449,12 +471,12 @@ userDB = (DB) => { //Courses DB.getCourses = async () => { - let r = await DB.profileCols.find({isGroup: true, isCourse: true, isChat: {$ne: true}}) - .sort({ lastUpdate: -1 }).limit(20) - .toArray().catch((err) => { - console.log(err); - return false; - }); + let r = await DB.profileCols.find({ isGroup: true, isCourse: true, isChat: { $ne: true } }) + .sort({ lastUpdate: -1 }).limit(20) + .toArray().catch((err) => { + console.log(err); + return false; + }); return r; } diff --git a/def/profile.js b/def/profile.js index be310e7..8698171 100644 --- a/def/profile.js +++ b/def/profile.js @@ -1,15 +1,15 @@ class User { constructor(info){ - if(!info || !info.userid) throw "Can not construct empty profile"; + if(!info || !info.userid) throw new Error("Cannot construct empty profile"); this.userid = info.userid; this.profile = { - firstName: info.profile && info.profile.firstName || '', - lastName: info.profile && info.profile.lastName || '', - photo: info.profile && info.profile.photo || '', - location: info.profile && info.profile.location || 'USA', - language: info.profile && info.profile.language || 'en', - status: info.profile && info.profile.status || '', - description: info.profile && info.profile.description || '', + firstName: info.profile?.firstName || '', + lastName: info.profile?.lastName || '', + photo: info.profile?.photo || '', + location: info.profile?.location || 'USA', + language: info.profile?.language || 'en', + status: info.profile?.status || '', + description: info.profile?.description || '', }; this.data = info.data || {}; this.username = info.username || ''; @@ -23,8 +23,8 @@ class User { this.isCourse = info.isCourse || false; this.isPrivate = info.isPrivate || false; this.isChat = info.isChat || false; - this.subscribed = info.subscribed || {}; //Subscribed user to groups - this.pending = info.pending || {}; //Private groups require authorization + this.subscribed = JSON.parse(JSON.stringify(info.subscribed || {})); //Subscribed user to groups + this.pending = JSON.parse(JSON.stringify(info.pending || {})); //Private groups require authorization } toObj(){ diff --git a/routes/profile.js b/routes/profile.js index 128838c..1af57cb 100644 --- a/routes/profile.js +++ b/routes/profile.js @@ -4,26 +4,18 @@ var router = express.Router() const DB = require("../mongoDB.js"); const Profile = require("../def/profile.js"); const Notifications = require("./../notifications.js"); +const { getSessionId, getUserId, getProfileId } = require("./../utils/sessionUtils.js"); -DB.getDB.then((DB)=>{ - - const getUserId = function(req){ - const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid; - return DB.ObjectID(user_sid); - } - - const getProfileId = (req)=>{ - return DB.ObjectID(req.cookies.profile_id || req.query.profile_id || req.body.profile_id); - } +DB.getDB.then((DB) => { const profileBelongsToUser = async (profileid, userid) => { const profile = await DB.getProfileCache(profileid); - if(!profile) return false; - return profile.userid == (userid + ''); + if (!profile) return false; + return profile.userid === String(userid); } router.get("/mine", async (req, res) => { - let userid = req.cookies.user_sid; + let userid = getUserId(req); let profiles = await DB.getUserProfiles(userid); return res.json({ status: "ok", @@ -34,59 +26,84 @@ DB.getDB.then((DB)=>{ router.get("/new", async (req, res) => { //Deprecated please use route post("/") let profile = { userid: getUserId(req), - ... req.query.content + ...req.query.content }; let profileObj = new Profile(profile); let r = await DB.newProfile(profileObj); return res.json({ status: "ok", - ... profileObj.toObj() + ...profileObj.toObj() }); }); router.post("/", async (req, res) => { let profile = { userid: getUserId(req), - ... req.body.content + ...req.body.content }; - let profileObj = new Profile(profile); - let r = await DB.newProfile(profileObj); - return res.json({ - status: "ok", - ... profileObj.toObj() - }); + try { + let profileObj = new Profile(profile); + let r = await DB.newProfile(profileObj); + return res.json({ + status: "ok", + ...profileObj.toObj() + }); + } catch (error) { + console.error("Error creating profile", error); + return res.json({ + status: error, + }); + } + }); router.post("/invite", async (req, res) => { - const userid = getUserId(req); - const name = req.body.name; - const email = req.body.email; - //validate email? - if(!name || !email) return res.json({status: "incomplete request"}); - let r = await DB.newInvitation(userid, name, email); - if(!r.toLowerCase){ - //send email invitation + try { + const userid = getUserId(req); + let { name, email } = req.body; // Destructuring for clarity + // Validate required fields + if (!name || !email) { + return res.status(400).json({ status: "Name and email are required" }); + } + // Validate email format + email = email.trim().toLowerCase() + const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; + if (!emailRegex.test(email)) { + return res.status(400).json({ status: "Invalid email format" }); + } + // Create new invitation, this returns a string if failed + let r = await DB.newInvitation(userid, name, email); + if (r instanceof String) { + // Handle failure response from DB.newInvitation + return res.status(400).json({ + status: r, + message: `Failed to send invitation: ${r}` + }); + } + // Handle response from DB.newInvitation + // Send email invitation let senderProfile = await DB.getProfile(getProfileId(req)); Notifications.youHaveAnInvitation(name, email, senderProfile); - return res.json({ - status: "ok" + return res.status(200).json({ + status: "ok", + message: `Invitation sent to ${name} (${email})` }); + } catch (error) { + console.error("Error during invitation process:", error); + return res.status(500).json({ status: "error", message: "Something went wrong, please try again later" }); } - return res.json({ - status: r - }); }); router.get("/invite/:email", async (req, res) => { const userid = getUserId(req); const email = req.params.email; //validate email? - if(!email) return res.json({status: "provide valid email"}); + if (!email) return res.json({ status: "provide valid email" }); let r = await DB.getInvitation(email); - if(!r) return res.json({status: "no invitation found with that email"}); + if (!r) return res.json({ status: "no invitation found with that email" }); let isUserAlreadyRegistered = await DB.getUser(email); - if(isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({status: "This user is already registered"}); - return res.json({status: "ok", ... r}); + if (isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({ status: "This user is already registered" }); + return res.json({ status: "ok", ...r }); }); router.get("/groups", async (req, res) => { @@ -110,13 +127,13 @@ DB.getDB.then((DB)=>{ let profile = { userid: getUserId(req), isGroup: true, - ... req.body + ...req.body }; let profileObj = new Profile(profile); DB.newProfile(profileObj) return res.json({ status: "ok", - ... profileObj.toObj() + ...profileObj.toObj() }); }); @@ -133,7 +150,7 @@ DB.getDB.then((DB)=>{ //of an user that attempt to join a private group. const groupid = getProfileId(req); //It needs to have this profile context const groupidBody = req.body.groupid ? DB.ObjectID(req.body.groupid) : undefined; - if(groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)){ + if (groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)) { return res.json({ status: "Only group owner can accept new subscribers" }); @@ -152,7 +169,7 @@ DB.getDB.then((DB)=>{ //of an user that attempt to join a private group. const groupid = getProfileId(req); //It needs to have this profile context const groupidBody = req.body.groupid ? DB.ObjectID(req.body.groupid) : undefined; - if(groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)){ + if (groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)) { return res.json({ status: "Only group owner can reject new subscribers" }); @@ -191,7 +208,7 @@ DB.getDB.then((DB)=>{ const isPrivate = await DB.isGroupPrivate(groupid); DB.subscribeToGroup(profileid, groupid, isPrivate); //Add notification to group owner - if(isPrivate) Notifications.yourGroupHasARequest(profileid, groupid) + if (isPrivate) Notifications.yourGroupHasARequest(profileid, groupid) return res.json({ status: "ok" }); @@ -244,14 +261,14 @@ DB.getDB.then((DB)=>{ let profile = await DB.getProfile(profileId); return res.json({ status: "ok", - ... profile + ...profile }); }); router.delete("/:id", async (req, res) => { const profileId = req.params.id; const userid = getUserId(req); - if(!await profileBelongsToUser(profileId, userid)) + if (!await profileBelongsToUser(profileId, userid)) return res.json({ status: "This profile is not yours." }); diff --git a/utils/sessionUtils.js b/utils/sessionUtils.js index d4d27b6..6f356d3 100644 --- a/utils/sessionUtils.js +++ b/utils/sessionUtils.js @@ -1,14 +1,31 @@ +const { ObjectId } = require("mongodb"); + +const isValidObjectId = (id) => ObjectId.isValid(id); + // Utilities const getSessionId = function (req) { const session_id = req.cookies.session_id || req.query.session_id || req.body.session_id; + if(isValidObjectId(session_id)) { + return session_id; + } + console.error("Invalid session_id format: ", session_id); return session_id; } const getUserId = function (req) { const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid; + // validate user_sid + if(isValidObjectId(user_sid)) { + return user_sid; + } + console.error("Invalid user_sid format: ", user_sid); return user_sid; } const getProfileId = function (req) { const profile_id = req.cookies.profile_id || req.query.profile_id || req.body.profile_id; + if(isValidObjectId(profile_id)) { + return profile_id; + } + console.error("Invalid profile_id format: ", profile_id); return profile_id; }