express-rest-boilerplate icon indicating copy to clipboard operation
express-rest-boilerplate copied to clipboard

Published 20 hours ago verified publisher icon danielfsousa

Auth middleware wrong check ?

Open matamune94 opened this issue 3 years ago • 0 comments

I found a piece of code that is difficult to understand

  if (roles === LOGGED_USER) {
    if (user.role !== 'admin' && req.params.userId !== user._id.toString()) {
      apiError.status = httpStatus.FORBIDDEN
      apiError.message = 'Forbidden'
      return next(apiError)
    }
  }

This roles === LOGGED_USER how can equal ? roles is Array type and LOGGED_USER is String type.

matamune94 avatar Apr 15 '22 11:04 matamune94