You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current state of the backend code is not type-safe, this causes a lot of issues in the long run.
There's a few APIs relying on session data to fetch data in the database, but there is no type checking implemented to prevent a casting error from mongoose.
Affected files:
Code that uses db.user.findOne({ userid: req.session.userid }); or similar
No typechecking for req.session.userid before this line runs
Code that uses the checkperms function
Did implement type conversion, but parseInt can return NaN. However, the users model expects userid to be a number
Current state of the backend code is not type-safe, this causes a lot of issues in the long run.
There's a few APIs relying on session data to fetch data in the database, but there is no type checking implemented to prevent a casting error from mongoose.
Affected files:
db.user.findOne({ userid: req.session.userid });
or similarcheckperms
functionparseInt
can returnNaN
. However, theusers
model expectsuserid
to be anumber
https://tovy.canny.io/admin/board/bugs/p/lack-of-proper-typechecking
The text was updated successfully, but these errors were encountered: