[BUG 🐞] Fix code scanning alert - Change user-controlled sources for GoogleSignIn

[warmachine028]

Description

• Location: server/controllers/user
• If a database query (such as a SQL or NoSQL query) is built from user-provided data without sufficient sanitization, a malicious user may be able to run malicious database queries.
• Perform the following change

Tracking issue for:

• [x] https://github.com/warmachine028/memories/security/code-scanning/2

Screenshots

Before:

export const googleSignin = async (req, res) => {
    const { name, email, image, googleId } = req.body

    try {
        const id = new mongoose.Types.ObjectId(googleId)
        const user = await User.findByIdAndUpdate(id, { name, email, image }, { upsert: true })
                ...

After:

export const googleSignin = async (req, res) => {
    const { name, email, image, googleId } = req.body

    try {
        if (![name, email, image].every((field) => typeof field === "string")) {
            return res.status(400).json({ status: "error" });
        }
        const user = await User.findByIdAndUpdate(googleId, { name, email, image }, { upsert: true })

Additional information

• Always use styled components instead of plain CSS and MUI components.

  Make sure to read the CONTRIBUTING and SETUP docs before proceeding

  Happy contributing. 💐

  Star my other Repositories here

[vibh1103]

Hi @warmachine028 can i pick this issue ?

[warmachine028]

Sure, I'm assigning you

[vibh1103]

Hi @warmachine028 https://github.com/warmachine028/memories/commit/7e348c0d8655deb1ade828a28fc6a4fe40e9d7c5 This change is made in this commit can you confirm me once what i have to do ?

[warmachine028]

Seems like this Issue was already fixed by the Commit, wait I am creating another similar issue for another vulnerability, you can fix that.

[warmachine028]

@vibh1103 please see #85