f4214c40da
Critical security improvements: - Add requireAuth middleware to /api/upload/project-image endpoint (prevents unauthenticated file uploads) - Fix SQL injection vulnerability in tasks.js DELETE route by whitelisting table names - Add missing resource existence check in shares.js POST endpoint (prevents permissions on non-existent resources) Code quality improvements: - Replace all console.error with logError across all route files for consistent logging - Import logError service in all route modules All tests passing (597 passed).
31 lines
939 B
JavaScript
31 lines
939 B
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const { logError } = require('../services/logService');
|
|
const quotesService = require('../services/quotesService');
|
|
|
|
// GET /api/quotes/random - Get a random quote
|
|
router.get('/quotes/random', (req, res) => {
|
|
try {
|
|
const quote = quotesService.getRandomQuote();
|
|
res.json({ quote });
|
|
} catch (error) {
|
|
logError('Error getting random quote:', error);
|
|
res.status(500).json({ error: 'Internal server error' });
|
|
}
|
|
});
|
|
|
|
// GET /api/quotes - Get all quotes
|
|
router.get('/quotes', (req, res) => {
|
|
try {
|
|
const quotes = quotesService.getAllQuotes();
|
|
res.json({
|
|
quotes,
|
|
count: quotesService.getQuotesCount(),
|
|
});
|
|
} catch (error) {
|
|
logError('Error getting quotes:', error);
|
|
res.status(500).json({ error: 'Internal server error' });
|
|
}
|
|
});
|
|
|
|
module.exports = router;
|