Conversation
utils/transporter.js
Outdated
| const transporter = nodemailer.createTransport({ | ||
| service: "gmail", | ||
| auth: { | ||
| user: "santanrathore75209@gmail.com", |
There was a problem hiding this comment.
Better to use any credentials used in config files or default.json. Can be used at multiple places and will have to update at one place only, if needed.
| `, | ||
| }; | ||
|
|
||
| try { |
There was a problem hiding this comment.
Should try-catch the whole function, and return the error. Anything could fail not just the mail.
app.js
Outdated
| require("dotenv").config(); | ||
| require("./db/connectionDB"); | ||
| require('./models/user') | ||
| require('./models/Survey') |
There was a problem hiding this comment.
Should be /survey. Filename case should match always.
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| res.send({ token }); | ||
| try { | ||
| const { email, password } = req.body; | ||
| const user = await User.findOne({ email }); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| const updateProfile = async (req, res) => { | ||
| try { | ||
| const { _id } = req.body; | ||
| const userexist = await User.findOneAndUpdate({ _id }, { $set: req.body }); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| const updateProfile = async (req, res) => { | ||
| try { | ||
| const { _id } = req.body; | ||
| const userexist = await User.findOneAndUpdate({ _id }, { $set: req.body }); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
|
|
||
| router.post("/signup", signup); | ||
| router.post("/activate", verifyAccount); | ||
| router.post("/activate/:token", verifyAccount); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
| router.post("/activate/:token", verifyAccount); | ||
| router.post("/resetlink", resetlink); | ||
| router.post("/changepassword", changepassword); | ||
| router.post("/changepassword/:token", changepassword); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
| router.post("/changepassword", changepassword); | ||
| router.post("/changepassword/:token", changepassword); | ||
| router.post("/login", login); | ||
| router.put("/updateprofile", updateProfile); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
|
|
||
| router.post("/createsurvey", createSurvey); | ||
|
|
||
| router.post("/createsurvey", protect, createSurvey); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
| router.post("/createsurvey", createSurvey); | ||
|
|
||
| router.post("/createsurvey", protect, createSurvey); | ||
| router.put("/response/yes/:id", responseYes); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
|
|
||
| router.post("/createsurvey", protect, createSurvey); | ||
| router.put("/response/yes/:id", responseYes); | ||
| router.put("/response/no/:id", responseNo); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
| router.post("/createsurvey", protect, createSurvey); | ||
| router.put("/response/yes/:id", responseYes); | ||
| router.put("/response/no/:id", responseNo); | ||
| router.get("/getSurvey", getSurvey); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
2 participants
No description provided.