我有猫鼬这种中间件,它只是在实际购物车中进行更新之前进行检查。我想确保它安全:
exports.beforeUpdateCart = catchAsync(async (req,res, next) => {
let cart = await cartModel.findById(req.params.token); // token of a cart in db from param
let cartItems = req.body; // the array of items in a cart
if(!cart)
next(new AppError("Cart with this token does not exist", 404));
for(let i = 0; i < cartItems.items.length; i++){
let itemInner = await watchModel.findById(cartItems.items[i].id_item); //finding item in db
if(!itemInner || cartItems.items[i].cnt > itemInner.cnt)
next(new AppError("You are trying add more items then it's in stack or doesn't exist in db", 404));
}
next();
})
当我检查是否检查错误时,如果用户尝试添加更多项,则它位于db中,这意味着此表达式cartItems.items[i].cnt > itemInner.cnt可以正常工作,但是如果我将item的ID放入该表达式中!itemInner它只是发送了很长时间的请求,基本上没有返回任何错误(((如何正确地检查find方法是否找不到任何东西?