nnnnathann/security-diagnosis.ts

## security-diagnosis.ts
// sql is a data store
import sql from "./db"
// auth identifies and validates requests, and is correctly
// implemented
import auth from "./auth"
import express from "express"
const app = express()
app.get("/dashboard", auth, (req, res) => {
    sql.execute("SELECT user, message FROM messages WHERE DATE(timestamp) = DATE(NOW())")
        .then((rows) => {
            res.send(
                `<html>
                    <body>
                        Here's the data from today:
                        ${rows.map(([user, message]) => `${user} posted: ${message}`)}
                    </body>
                </html>`
            )
        })
})
app.post("/dashboard/save", auth, (req, res) => {
    sql.execute(`
        INSERT INTO messages (user, message)
        VALUES ("${req.user.username}", "${req.params.message}")`)
        .then(() => {
            res.send(`{"saved":true}`)
        })
})
	// sql is a data store
	import sql from "./db"
	// auth identifies and validates requests, and is correctly
	// implemented
	import auth from "./auth"
	import express from "express"
	const app = express()
	app.get("/dashboard", auth, (req, res) => {
	sql.execute("SELECT user, message FROM messages WHERE DATE(timestamp) = DATE(NOW())")
	.then((rows) => {
	res.send(
	`<html>
	<body>
	Here's the data from today:
	${rows.map(([user, message]) => `${user} posted: ${message}`)}
	</body>
	</html>`
	)
	})
	})
	app.post("/dashboard/save", auth, (req, res) => {
	sql.execute(`
	INSERT INTO messages (user, message)
	VALUES ("${req.user.username}", "${req.params.message}")`)
	.then(() => {
	res.send(`{"saved":true}`)
	})
	})