stackoom
  简体   繁体   中英

Use Express JS to block unwanted requests from the Client SIde

 原文  2020-02-22 14:05:15       javascript/ node.js/ express

Question

Consider the Express router :

const express = require("express");
const router = express.Router();
const DUMMY_PLACES = [
  {
    id: "p1",
    title: "Empire State Building",
    description: "One of the most famous sky scrapers in the world!",
    location: {
      lat: 40.7484474,
      lng: -73.9871516
    },
    address: "20 W 34th St, New York, NY 10001",
    creator: "u1"
  }
];


// @ http://localhost:5000/api/places/user/u1
router.get("/user/:uid", (req, res, next) => {
  const user_id = req.params.uid;
  const place = DUMMY_PLACES.find(p => {
    return p.creator === user_id;
  });

  return res.status(200).json({
    place
  });
});

module.exports = router;

And the Server :

const express = require("express");
const bodyParser = require("body-parser");
const app = express();

const placesRoutes = require("./routes/places-routes");
app.use("/api/places", placesRoutes);

const PORT = 5000;
app.listen(PORT, () => {
  console.log(`Listening on port ${PORT}`);
});

When clients hit the request http://localhost:5000/api/places/user/u1 , they get the dummy object ... however when hitting the request

http://localhost:5000/api/places/user

... it produces an empty object.

How can I return something like NOT ALLOWED instead of the empty object ?

2 answers

solution1
 1  2020-02-22 14:23:15

Maybe you could check for the existence of a user_id and send an error response if there isn't one?

router.get('/user/:uid', (req, res, next) => {
  const user_id = req.params.uid

  if (!user_id) {
    return res.status(400).json({
      error: 'User ID required'
    })
  }

  const place = DUMMY_PLACES.find((p) => {
    return p.creator === user_id
  })

  return res.status(200).json({
    place
  })
})

solution2
 1  2020-02-22 14:24:30

The HTTP status codes are born to handle a lot of situation. In your case, there is a client error: the resource requested has not been found on the server (error 404).

In this case, your API can change in this way:

router.get("/user/:uid", (req, res, next) => {
  const user_id = req.params.uid;
  const place = DUMMY_PLACES.find(p => {
    return p.creator === user_id;
  });

  if (!place) { // if the place does not exist
    return res.status(404).json({
      message: 'The requested resource has not been found in the server.'
    });
  }

  return res.status(200).json({
    place
  });
});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Express app, multiple POST requests from the client side crashing page How do I receive and use a JSON object on the client-side from the server (Node JS and Express)? Express, how to pass variables from routes to JS file that is in the client side Get variable on client-side from the server-side (express.js, node.js) showing an alert box from server side to client side in express js, react js Does express-rate-limit work on server requests from client side? Authentication, Compare data input from client side with mySql in server side using express JS How to serve html in express.js that references js file from server and run it on client side? Can I use PostgreSQL (pg) in the client-side (express/node.js) Defining the route parameter from client side in express
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM