From bcd1bd276e3534797150162f573ec4cae301e3ff Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felixalbrigtsen@gmail.com>
Date: Wed, 16 Mar 2022 15:46:04 +0100
Subject: [PATCH] Start input validation on database interface

---
 src/server/index.js | 33 +++++++--------------------------
 1 file changed, 7 insertions(+), 26 deletions(-)

diff --git a/src/server/index.js b/src/server/index.js
index 582a29b..af48368 100644
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -25,9 +25,14 @@ app.get("/", (req, res) => {
 
 app.get("/tournament/:tournamentId/getMatches", (req, res) => {
   let tournamentId = req.params.tournamentId;
+  if (isNaN(tournamentId)) {
+    res.json({"status": "error", "data": "tournamentId must be a number"});
+    return
+  }
+  tournamentId = parseInt(tournamentId);
   getMatchesByTournamentId(tournamentId)
-    .then((result) => res.send({"status": "OK", "data": result}))
-    .catch((err) => res.send({"status": "ERROR", "data": err}));
+    .then(matches => res.send({"status": "OK", "data": matches}))
+    .catch(err => res.send({"status": "error", "data": err}));
 });
 
 // app.get("/getMatches", (req, res) => {
@@ -40,30 +45,6 @@ app.get("/tournament/:tournamentId/getMatches", (req, res) => {
 //   });
 // });
 
-
-// let tournaments = {
-//   "1": {
-//     "name": "Tournament 1",
-//     "description": "This is the first tournament",
-//     "matches":[
-//       {"id": "2",
-//       "player1": "Player 1",
-//       "player2": "Player 2",
-//       "winner": "Player 1",
-//     }
-//     ]
-//   },
-//   "2": { 
-//     "name": "Tournament 2",
-//     "description": "This is the second tournament",
-//     "matches":[
-//         {"id": "2",
-//         "player1": "Player 1",
-//         "player2": "Player 2",
-//         "winner": "Player 1",
-//       }]
-//     }
-// };
 // app.get("/tournament/:tournamentId", (req, res) => {
 //   res.render(path.join(__dirname, "public", "tournament.html"), {"tournament":tournaments[req.params.tournamentId]});
 // });