Closed hiyaryan closed 9 months ago
Important!
The last commit fixes a critical potential mal-use of the API where an attacker may post an entry to a non-existent journal. This is one instance where middleware should be used to prevent this from occurring. Other holes in the API should be patched and will likely be discovered in future PRs where being logged in and authorized is required.
This PR incorporates Joi schema validations. It is the first of several (
loggedIn
,authorized
, to name a few) middleware added to API requests.