Skip to content

Commit

Permalink
Added route protection in admin router.
Browse files Browse the repository at this point in the history
  • Loading branch information
@nh602
nh602 committed Jan 31, 2024
1 parent 5cd1879 commit fd4919c
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions backend/routes/AdminRouter.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,19 @@ const {

const sendSuccessResponse = require('../middleware/successResponse');

router.get('/events/requests/:eventId', getEventRequests, sendSuccessResponse);
router.get('/events/requests/:eventId', verify('admin'), getEventRequests, sendSuccessResponse);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

router.get('/events/requests', getAllEventRequests, sendSuccessResponse);
router.get('/events/requests', verify('admin'), getAllEventRequests, sendSuccessResponse);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs authorization, but is not rate-limited.
This route handler performs authorization, but is not rate-limited.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

router.get('/violations/:vendorId', getViolations, sendSuccessResponse);
router.get('/violations/:vendorId', verify('admin'), getViolations, sendSuccessResponse);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

router.get('/violations', getAllViolations, sendSuccessResponse);
router.get('/violations', verify('admin'), getAllViolations, sendSuccessResponse);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

router.put('events/requests/:requestId', processEventRequest, sendSuccessResponse);
router.put('events/requests/:requestId', verify('admin'), processEventRequest, sendSuccessResponse);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

router.post('/violations/:vendorId', createVendorViolation, sendSuccessResponse);
router.post('/violations/:vendorId', verify('admin'), createVendorViolation, sendSuccessResponse);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

router.delete('/violations/:violationId', deleteVendorViolation, sendSuccessResponse);
router.delete('/violations/:violationId', verify('admin'), deleteVendorViolation, sendSuccessResponse);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs authorization, but is not rate-limited.
This route handler performs authorization, but is not rate-limited.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

router.post('/login', getAdminByEmail, signAdminToken, (req, res) => {
res.status(200).json({status: 'success'});
Expand Down

0 comments on commit fd4919c

Please sign in to comment.