For the record your middleware code seems to do the trick without having to use the mongo-secure module. Without the middleware the password in my example would still be protected from injection because bcrypt.compareSync returns:
However, if the attacker knew the password and not the email there would still be a threat so your middleware code still comes in handy for my use case. I don't know if the middleware will affect my other endpoints but I'm sure it will be revealed if it does. Thanks for the post.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
For the record your middleware code seems to do the trick without having to use the mongo-secure module. Without the middleware the password in my example would still be protected from injection because bcrypt.compareSync returns:
{
"message": "Illegal arguments: object, string"
}
However, if the attacker knew the password and not the email there would still be a threat so your middleware code still comes in handy for my use case. I don't know if the middleware will affect my other endpoints but I'm sure it will be revealed if it does. Thanks for the post.