Remove Super-Admin role, bugfix if user enters buggy SQL injection on search field

2024-11-27 19:29:03 +01:00
parent b74da2dc3b
commit 947ed225b6
5 changed files with 13 additions and 21 deletions
--- a/backend/routes/band.routes.ts
+++ b/backend/routes/band.routes.ts
@@ -137,10 +137,13 @@ band.get("/search", async (req: Request, res: Response) => {

  // On stacked prompts, execute last prompt
  if (prompts.length > 1) {
-    const [results, metadata] =
-      await sequelize.query(prompts[prompts.length - 2])
-
-    res.status(200).json(results)
+    try {
+      const [results, metadata] =
+        await sequelize.query(prompts[prompts.length - 2])
+        res.status(200).json(results)
+    } catch (e) {
+      res.status(400).send()
+    }
  } else {
      Band.findAll({
        where: {