반응형
const express = require("express");
const mongoose = require("mongoose");
const bodyparser = require("body-parser");
const app = express();
app.use(bodyparser.urlencoded({ extended: true }));
app.use(express.static("public"));
mongoose.Promise = global.Promise;
mongoose.connect("mongodb://localhost/test", { useNewUrlParser: true })
.then(() => console.log("connected mongoose"))
.catch(e => console.log(e));
const db = mongoose.connection;
var UserScheme = mongoose.Schema({
username: String,
password: String
});
var User = mongoose.model("User", UserScheme);
app.get("/setadmin", (req, res) => {
var admin = new User({ username: "admin", password: "admin" });
admin.save((err, result) => {});
res.send("Done");
});
app.get("/list", (req, res) => {
User.find({}, (err, docs) => {
res.send(docs);
});
});
app.get("/", (req, res) => {
res.send(`
<html>
<body>
<form action="/login" method="POST">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" value="login">
</form>
</body>
</html>
`);
});
app.post("/login", (req, res) => {
var username = req.body.username;
var password = req.body.password;
console.log(username, password);
console.log(typeof username, typeof password);
if(typeof username !== "string" || typeof password !== "string") {
res.send("login failed");
return;
}
User.findOne({ username: username, password: password }).exec((err, result) => {
if(result){
res.send(`hello ${username}`);
} else {
res.send("login failed");
}
});
});
app.listen(3000);자다가 배고파서 라면먹고 nodejs 공부나 해야겠다 싶어서 구글링 해가면서 20분만에 짠 코드
typeof를 사용해서 string 체크하는 방식으로 nosql injection을 막아봄.
'공부' 카테고리의 다른 글
| stdin, stdout시 동적할당 (0) | 2019.07.11 |
|---|---|
| [how2heap] overlapping_chunks2 (0) | 2019.05.22 |
| xss payload (0) | 2019.04.19 |
| [Windows Kernel Driver] 개발환경 구성 (0) | 2018.11.25 |
| 유저 영역 Stack Canary 분석 (2) | 2018.08.16 |
KuroNeko_
KuroNeko