Tetardtek/ClickerZ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): IDOR verifyToken+verifySelf, resetTokenSecret, firstname/lastname add, JWT expiresIn 7d

Browse Source
This commit is contained in:
Tetardtek
2026-03-15 17:25:31 +01:00
parent 4e93753250
commit be9c28b59d
2 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Backend/src/controllers/userControllers.js
View File

@@ -7,6 +7,7 @@ const nodemailer = require("nodemailer");
const tables = require("../tables");
const secretKey = process.env.APP_SECRET;
const resetTokenSecret = process.env.RESET_TOKEN_SECRET;
const saltRounds = 10;
const passwordSchema = Joi.string()
@@ -171,7 +172,7 @@ const login = async (req, res) => {
return res.status(401).json({ message: "Mot de passe incorrect" });
}
const token = jwt.sign({ user: user.id }, secretKey);
const token = jwt.sign({ user: user.id }, secretKey, { expiresIn: "7d" });
return res.status(200).json({
message: "Connexion réussie",
@@ -309,7 +310,7 @@ const edit = async (req, res) => {
const add = async (req, res, next) => {
try {
const { nickname, mail, password, confirmPassword } =
const { firstname, lastname, nickname, mail, password, confirmPassword } =
req.body;
const existingUserByMail = await tables.users.getByMail(mail);
@@ -353,7 +354,7 @@ const add = async (req, res, next) => {
const insertId = await tables.users.create(user);
const token = jwt.sign({ user: user.id }, secretKey);
const token = jwt.sign({ user: user.id }, secretKey, { expiresIn: "7d" });
res.status(201).json({ insertId, token });
return insertId;