Resolve Expression From Node Api Endpoint (boolean)

I am trying to validate an API key to run an API endpoint function. server.js let db = require('./sql/rest_functions') // Custom modules let session = require('./sql/s

Solution 1:

I would suggest simply returning the count of rows from the database and validating that there exists 1 entry (or more than one, depending on how your data are structured).

Note that to mitigate against SQL Injection, you must use parameter binding, illustrated below; the library does not "automatically" protect against injection, as per the documentation if you do not use parameter binding. Change VarChar(100) to whatever the column type is for those fields.

exports.validateKey = asyncfunction(req) {
  returnawait sql.connect(config.properties)
    .then(pool => pool.request()
        .input('user', sql.VarChar(100), req.header("username"))
        .input('key', sql.VarChar(100), req.header("apiKey"))
        .query('SELECT COUNT(*) AS valid FROM Login WHERE username = @user AND apiKey = @key')
        .then(response => result.recordset[0].valid === 1)
    )
}

Note that validateKey will return a Boolean Promise, so we've added async/await to save modifying the route controller.

Note that I've removed the braces from most of the fat arrow functions: they're all one statement so they're redundant.

Caveat: I can't actually try this, it's an educated guess from reading the documentation. I hope it helps.