diff options
| author | syuilo <syuilotan@yahoo.co.jp> | 2017-03-01 14:43:41 +0900 |
|---|---|---|
| committer | syuilo <syuilotan@yahoo.co.jp> | 2017-03-01 14:43:41 +0900 |
| commit | e407cca90b2e3727d7d585a2fcb670117f515987 (patch) | |
| tree | 3bb3ada2633c7b816c4f32dc0f1e4d464fb0831d /src/api/endpoints/messaging | |
| parent | [Test] Add some messaging tests (diff) | |
| download | sharkey-e407cca90b2e3727d7d585a2fcb670117f515987.tar.gz sharkey-e407cca90b2e3727d7d585a2fcb670117f515987.tar.bz2 sharkey-e407cca90b2e3727d7d585a2fcb670117f515987.zip | |
[API] Fix bug
Closes #215
Diffstat (limited to 'src/api/endpoints/messaging')
| -rw-r--r-- | src/api/endpoints/messaging/messages/create.js | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/api/endpoints/messaging/messages/create.js b/src/api/endpoints/messaging/messages/create.js index 498883057b..47bc1a9968 100644 --- a/src/api/endpoints/messaging/messages/create.js +++ b/src/api/endpoints/messaging/messages/create.js @@ -31,6 +31,16 @@ module.exports = (params, user) => // Get 'user_id' parameter let recipient = params.user_id; if (recipient !== undefined && recipient !== null) { + // Validate id + if (!mongo.ObjectID.isValid(recipient)) { + return rej('incorrect user_id'); + } + + // Myself + if (new mongo.ObjectID(recipient).equals(user._id)) { + return rej('-need-translate-'); + } + recipient = await User.findOne({ _id: new mongo.ObjectID(recipient) }, { |