Issues in admins.js (dev) - Issues in dev - FalkenDev/SparkRentals-REST-API - Measure and Improve Code Quality continuously with Scrutinizer

Issues (50)

v1/models/admins.js (4 issues)

Labels

Best Practice 4

Severity

Minor 4

const bcrypt = require('bcryptjs');
const sanitize = require('mongo-sanitize'); // To prevent malicious users overwriting (NoSQL Injection)
const { MongoClient, ObjectId } = require("mongodb");
const mongoURI = process.env.DBURI;

const admins = {
    // Field for editing admins
    editFields: {
        firstName: "firstName",
        lastName: "lastName",
        email: "email",
        password: "password"
    },

    // Get all admins information
    getAdmins: async function(res, path) {
        let client = new MongoClient(mongoURI);
        try {
            let db = client.db("spark-rentals");
            let admins_collection = db.collection("admins");
            let admins = await admins_collection.find().toArray();

            // If nothing in db collection
            if (admins === null) {
                return res.status(401).json({
                    errors: {
                        status: 401,
                        source: "GET /admins" + path,
                        title: "Admins collection is empty",
                        detail: "Admins collection is empty in database."
                    }
                });
            }

            res.status(200).send({ admins }); // Sends the whole collection with data

        } catch(e) { return res.status(500).send(); } finally { await client.close(); }
    },

    // Get specific admin information
    getSpecificAdmin: async function(res, admin_id, path) {
        let adminId = sanitize(admin_id);

        // Check if the adminId are a valid MongoDB id.
        if (!ObjectId.isValid(adminId)) {
            return res.status(400).json({
                errors: {
                    status: 400,
                    detail: "The admin_id is not a valid MongoDB id."
                }
            });
        }

        let client = new MongoClient(mongoURI);
        try {
            let db = client.db("spark-rentals");
            let admins_collection = db.collection("admins");
            let admin = await admins_collection.findOne({_id: ObjectId(adminId)});

            // If nothing in collection
            if (admin === null) {
                return res.status(401).json({
                    errors: {
                        status: 401,
                        source: "GET /admins" + path,
                        title: "Admin not exists in database",
                        detail: "The admin dosen't exists in database with the specified admin_id."
                    }
                });
            }

            res.status(200).send({ admin }); // Sends data from the specific admin

        } catch(e) { return res.status(500).send(); } finally { await client.close(); }

    },

    // Delete specific admin
    deleteAdmin: async function(res, admin_id, path) {
        let adminId = sanitize(admin_id)

        // Check if the adminId are a valid MongoDB id.
        if (!ObjectId.isValid(adminId)) {
            return res.status(400).json({
                errors: {
                    status: 400,
                    detail: "The admin_id is not a valid MongoDB id."
                }
            });
        }

        let client = new MongoClient(mongoURI);
        try {
            let db = client.db("spark-rentals");
            let admins_collection = db.collection("admins");
            let admins = await admins_collection.findOne({_id: ObjectId(adminId)});

            // If nothing in db collection
            if (admins === null) {
                return res.status(401).json({
                    errors: {
                        status: 401,
                        source: "DELETE /admins" + path,
                        title: "Admin not exists in database",
                        detail: "The admin dosen't exists in database with the specified admin_id."
                    }
                });
            }

            // Delete the admin by id
            await admins_collection.deleteOne( { "_id" : ObjectId(adminId) } );

            return res.status(204).send();

        } catch(e) { return res.status(500).send(); } finally { await client.close(); }

    },

    // Edit specific admin
    editAdmin: async function(res, body, path) {
        let adminId = sanitize(body.admin_id)
        let updateFields = {};

        // Check if the adminId are a valid MongoDB id.
        if (!ObjectId.isValid(adminId)) {
            return res.status(400).json({
                errors: {
                    status: 400,
                    detail: "The admin_id is not a valid MongoDB id."
                }
            });
        }

        let client = new MongoClient(mongoURI);
        try {
            let db = client.db("spark-rentals");
            let admins_collection = db.collection("admins");
            let admin = await admins_collection.findOne({_id: ObjectId(adminId)});

            // If nothing in db collection
            if (admin === null) {
                return res.status(401).json({
                    errors: {
                        status: 401,
                        source: "PUT /admins" + path,
                        title: "Admin not exists in database",
                        detail: "The admin dosen't exists in database with the specified admin_id."
                    }
                });
            }

            for (const field in admins.editFields) {
                if (body[field] !== undefined) {
                    if (field === "password") { // If it's a password it needs to be encrypted
                        bcrypt.hash(sanitize(body[field]), 10, async function(err, hash) {
                            if (err) {
                                return res.status(500).json({ // if error with bcrypt
                                    errors: {
                                        status: 500,
                                        source: "PUT /admins" + path,
                                        title: "bcrypt error",
                                        detail: "bcrypt error"
                                    }
                                });
                            }
                            updateFields[field] = hash;

                        })
                    } else {
                        updateFields[field] = sanitize(body[field]); 
                    }
                }
            }

            // Update the admin fields
            await admins_collection.updateOne({_id: ObjectId(adminId)}, {$set: updateFields }); // Update the admin information

            return res.status(204).send(); // Everything went good

        } catch(e) { return res.status(500).send(); } finally { await client.close(); }

    }
}

module.exports = admins;

1		const bcrypt = require('bcryptjs');
2		const sanitize = require('mongo-sanitize'); // To prevent malicious users overwriting (NoSQL Injection)
3		const { MongoClient, ObjectId } = require("mongodb");
4		const mongoURI = process.env.DBURI;
5
6		const admins = {
7		// Field for editing admins
8		editFields: {
9		firstName: "firstName",
10		lastName: "lastName",
11		email: "email",
12		password: "password"
13		},
14
15		// Get all admins information
16		getAdmins: async function(res, path) {
17		let client = new MongoClient(mongoURI);
18		try {
19		let db = client.db("spark-rentals");
20		let admins_collection = db.collection("admins");
21		let admins = await admins_collection.find().toArray();
22
23		// If nothing in db collection
24		if (admins === null) {
25		return res.status(401).json({
26		errors: {
27		status: 401,
28		source: "GET /admins" + path,
29		title: "Admins collection is empty",
30		detail: "Admins collection is empty in database."
31		}
32		});
33		}
34
35		res.status(200).send({ admins }); // Sends the whole collection with data
36
37		} catch(e) { return res.status(500).send(); } finally { await client.close(); }
38		},
39
40		// Get specific admin information
41	View Code Duplication	getSpecificAdmin: async function(res, admin_id, path) {
42		let adminId = sanitize(admin_id);
43
44		// Check if the adminId are a valid MongoDB id.
45		if (!ObjectId.isValid(adminId)) {
46		return res.status(400).json({
47		errors: {
48		status: 400,
49		detail: "The admin_id is not a valid MongoDB id."
50		}
51		});
52		}
53
54		let client = new MongoClient(mongoURI);
55		try {
56		let db = client.db("spark-rentals");
57		let admins_collection = db.collection("admins");
58		let admin = await admins_collection.findOne({_id: ObjectId(adminId)});
59
60		// If nothing in collection
61		if (admin === null) {
62		return res.status(401).json({
63		errors: {
64		status: 401,
65		source: "GET /admins" + path,
66		title: "Admin not exists in database",
67		detail: "The admin dosen't exists in database with the specified admin_id."
68		}
69		});
70		}
71
72		res.status(200).send({ admin }); // Sends data from the specific admin
73
74		} catch(e) { return res.status(500).send(); } finally { await client.close(); }
		0 ignored issues – show Best Practice introduced 2022-12-23 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
75		},
76
77		// Delete specific admin
78	View Code Duplication	deleteAdmin: async function(res, admin_id, path) {
79		let adminId = sanitize(admin_id)
80
81		// Check if the adminId are a valid MongoDB id.
82		if (!ObjectId.isValid(adminId)) {
83		return res.status(400).json({
84		errors: {
85		status: 400,
86		detail: "The admin_id is not a valid MongoDB id."
87		}
88		});
89		}
90
91		let client = new MongoClient(mongoURI);
92		try {
93		let db = client.db("spark-rentals");
94		let admins_collection = db.collection("admins");
95		let admins = await admins_collection.findOne({_id: ObjectId(adminId)});
96
97		// If nothing in db collection
98		if (admins === null) {
99		return res.status(401).json({
100		errors: {
101		status: 401,
102		source: "DELETE /admins" + path,
103		title: "Admin not exists in database",
104		detail: "The admin dosen't exists in database with the specified admin_id."
105		}
106		});
107		}
108
109		// Delete the admin by id
110		await admins_collection.deleteOne( { "_id" : ObjectId(adminId) } );
111
112		return res.status(204).send();
113
114		} catch(e) { return res.status(500).send(); } finally { await client.close(); }
		0 ignored issues – show Best Practice introduced 2022-12-23 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
115		},
116
117		// Edit specific admin
118		editAdmin: async function(res, body, path) {
119		let adminId = sanitize(body.admin_id)
120		let updateFields = {};
121
122		// Check if the adminId are a valid MongoDB id.
123		if (!ObjectId.isValid(adminId)) {
124		return res.status(400).json({
125		errors: {
126		status: 400,
127		detail: "The admin_id is not a valid MongoDB id."
128		}
129		});
130		}
131
132		let client = new MongoClient(mongoURI);
133		try {
134		let db = client.db("spark-rentals");
135		let admins_collection = db.collection("admins");
136		let admin = await admins_collection.findOne({_id: ObjectId(adminId)});
137
138		// If nothing in db collection
139		if (admin === null) {
140		return res.status(401).json({
141		errors: {
142		status: 401,
143		source: "PUT /admins" + path,
144		title: "Admin not exists in database",
145		detail: "The admin dosen't exists in database with the specified admin_id."
146		}
147		});
148		}
149
150		for (const field in admins.editFields) {
151		if (body[field] !== undefined) {
152		if (field === "password") { // If it's a password it needs to be encrypted
153		bcrypt.hash(sanitize(body[field]), 10, async function(err, hash) {
154		if (err) {
155		return res.status(500).json({ // if error with bcrypt
156		errors: {
157		status: 500,
158		source: "PUT /admins" + path,
159		title: "bcrypt error",
160		detail: "bcrypt error"
161		}
162		});
163		}
164		updateFields[field] = hash;
		0 ignored issues – show Best Practice introduced 2022-12-23 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
165		})
166		} else {
167		updateFields[field] = sanitize(body[field]);
168		}
169		}
170		}
171
172		// Update the admin fields
173		await admins_collection.updateOne({_id: ObjectId(adminId)}, {$set: updateFields }); // Update the admin information
174
175		return res.status(204).send(); // Everything went good
176
177		} catch(e) { return res.status(500).send(); } finally { await client.close(); }
		0 ignored issues – show Best Practice introduced 2022-12-23 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
178		}
179		}
180
181		module.exports = admins;

FalkenDev / SparkRentals-REST-API

Issues (50)

v1/models/admins.js (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like