webahead1 / onshop Goto Github PK

the .env file is supposed to be a secret file, a file which contains settings for an environment but also sensitive details (in the future it might contain passwords and access to APIs which cost money)

to hide it you might need to do the following:

• Copy the contents of the file
• Delete the file
• git add & commit the file change
• then add the file to the .gitignore file

According to the code above, theres is no way to know which products are in which cart, since a cart can have many products, and products can be ordered in many carts, so you would need a relationship table which references both primary keys.

Also the userid field in the cart should be a foreign key that references the users table.

only seen the server.js and the code is not neat as it could be, fastest way to fix this and make life easy is to install the prettier extension on vscode (and make sure it's set to format on save), once you hit save you will see what I mean by the code being more neat 😅 .

if you have any trouble getting prettier to work on your vscode ask a mentor

https://github.com/webAhead1/onShop/blob/master/server.js#L73

This is very dangerous because it's prone to an sql injection, I'll give an example of what is the problem.

In the following query you are a taking an email that a user has written down and adding it to the db, but what if the user is a hacker that instead of writing a valid email wrote the following 1; DROP DATABASE; --. the 1; is to stop the current command and write a new one, the new command DROP DATABASE; (this is not the correct syntax but you get the point) would delete the database and all of our tables, and then the -- would comment out the rest of the query.

refer to this workshop on how to fix this https://github.com/WebAhead/learn-node-postgres#sql-injection

https://github.com/webAhead1/onShop/blob/master/server.js#L45-L57

the controller or handler that I linked above has no response, when you call this the server would hang or get stuck