db - sanitize input

bin/database/module.js

@@ -9,6 +9,7 @@
 
 // init
 var mongoose = require('mongoose');
+var sanitize = require('mongo-sanitize');
 var crypto = require('crypto');
 var methods = {};
 
@@ -63,10 +64,10 @@ methods.addUser = (nick, email, passhash, group, callback) => {
 	let userModel = models.user;
 
 	let user = new userModel();
-	user.nickname = nick;
+	user.nickname = sanitize(nick);
-	user.email = email;
+	user.email = sanitize(email);
-	user.passhash = passhash;
+	user.passhash = sanitize(passhash);
-	user.group = group;
+	user.group = sanitize(group);
 
 	user.save((err) => {
 		if(!err) callback(null, 1);
@@ -88,6 +89,9 @@ methods.delUser = (haystack, callback) => {
 
 	let userModel = models.user;
 
+	// sanitize input
+	haystack = sanitize(haystack);
+
 	userModel.findOneAndDelete().or([{nickname: haystack}, {email: haystack}])
 	.then((rep) => {
 		// TODO delete user
@@ -132,6 +136,9 @@ methods.getUser = (haystack, callback) => {
 
 	let userModel = models.user;
 
+	// sanitize input
+	haystack = sanitize(haystack);
+
 	let or = [];
 	if(typeof haystack === 'string') {
 		or = [{nickname: haystack}, {email: haystack}, {token: haystack}];

package.json

@@ -11,6 +11,7 @@
     "cookie-parser": "^1.4.4",
     "express": "^4.17.1",
     "express-session": "^1.16.1",
+    "mongo-sanitize": "^1.0.1",
     "mongoose": "^5.5.12",
     "pug": "^2.0.3",
     "request": "^2.88.0",