Skip to content

Figma Fiesta certificates #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
djdiptayan1 merged 2 commits into from
Oct 16, 2025
Merged

Figma Fiesta certificates #156

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3cd1e57
Refactor EmailDialogue component to use email instead of name; update…
djdiptayan1 Oct 16, 2025
9857272
Merge pull request #155 from SRM-IST-KTR/dj/applyOD
djdiptayan1 Oct 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 18 additions & 18 deletions components/Events/EmailDialogue/EmailDialogue.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,18 @@ import { toast, ToastContainer } from "react-toastify";
import "react-toastify/dist/ReactToastify.css";

const EmailDialogBox = ({ CertiOBJ, title, handelCloseModel }) => {
// const [formData, setFormData] = useState({
// email: "",
// type: "",
// event: title
// });

//only for ossome hacks 2
const [formData, setFormData] = useState({
name: "",
email: "",
type: "",
event: title
});

//only for ossome hacks 2
// const [formData, setFormData] = useState({
// name: "",
// type: "",
// event: title
// });
const [emailError, setEmailError] = useState("");
const [certificate, setCertificate] = useState(null);
const [isLoading, setIsLoading] = useState(false);
Expand All @@ -29,7 +29,7 @@ const EmailDialogBox = ({ CertiOBJ, title, handelCloseModel }) => {
};

const handleEmailChange = (event) => {
setFormData({ ...formData, name: event.target.value });
setFormData({ ...formData, email: event.target.value });
};

const handleRoleChange = (event) => {
Expand All @@ -38,10 +38,10 @@ const EmailDialogBox = ({ CertiOBJ, title, handelCloseModel }) => {

const handleGetCertificate = async (e) => {
e.preventDefault();
// if (!validateEmail(formData.email)) {
// setEmailError("Please enter a valid SRMIST email address.");
// return;
// }
if (!validateEmail(formData.email)) {
setEmailError("Please enter a valid SRMIST email address.");
return;
}
setEmailError("");
setIsButtonDisabled(true);
try {
Expand Down Expand Up @@ -117,15 +117,15 @@ const EmailDialogBox = ({ CertiOBJ, title, handelCloseModel }) => {
<div className="rounded-md">
<div>
<label htmlFor="email" className="text-gray-800">
Name
Email
</label>
<input
placeholder="Enter Name"
placeholder="Enter Email"
className="appearance-none relative block w-full px-3 py-3 border border-gray-100 bg-gray-100 rounded-md focus:outline-none focus:ring-bright_green focus:border-bright_green focus:z-10 text-black mb-8 mt-2 font-semibold"
required
type="text"
name="text"
value={formData.name}
type="email"
name="email"
value={formData.email}
id="email"
onChange={handleEmailChange}
/>
Expand Down
48 changes: 24 additions & 24 deletions pages/api/v1/certificates/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,24 @@

export default async function handler(req, res) {
if (req.method === "POST") {
// const { email, event, type } = req.body;
const { email, event, type } = req.body;

//only for ossome hacks 2
const { name, event, type } = req.body;
// const { name, event, type } = req.body;

// if (!email || !event || !type) {
// return res
// .status(400)
// .json({ success: false, error: "All fields are required." });
// }

//only for ossome hacks 2
if (!name || !event || !type) {
if (!email || !event || !type) {
return res
.status(400)
.json({ success: false, error: "All fields are required." });
}

//only for ossome hacks 2
// if (!name || !event || !type) {
// return res
// .status(400)
// .json({ success: false, error: "All fields are required." });
// }

try {
const eventData = await Event.findOne({ slug: event });

Expand Down Expand Up @@ -69,28 +69,28 @@
});

const User = db.model(eventData.collection[type], userSchema);
// const userData = await User.findOne({ email });

//only for ossome hacks 2
const userData = await User.findOne({
name: { $regex: new RegExp(`^${name}$`, 'i') }
});

// if (!userData || !userData.checkin) {
// return res.status(404).json({
// success: false,
// error: `No certificate found for email: ${email}`
// });
// }
const userData = await User.findOne({ email });

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources High

This query object depends on a
user-provided value
Loading
.

Copilot Autofix

AI 6 months ago

The best way to fix this is to ensure that the email variable passed into the Mongo query is a primitive string, not an object or other structure. This can be done by either (a) enforcing the use of the $eq operator (making MongoDB treat it as a literal value), or (b) using explicit type-checking before querying. The fix should be added at/just before the query on line 72. For completeness, returning a 400 Bad Request on invalid type increases robustness.

Steps:

  • Before using email in the query, check that typeof email === "string".
  • If not, respond with a 400 error and do not perform any query.
  • If you want to be certain, you may additionally trim or validate the email string.
  • Alternatively, and/or in addition, use the { email: { $eq: email } } query form on line 72, forcibly treating email as a value in the query.

No new imports are needed.

Suggested changeset 1
pages/api/v1/certificates/index.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pages/api/v1/certificates/index.js b/pages/api/v1/certificates/index.js
--- a/pages/api/v1/certificates/index.js
+++ b/pages/api/v1/certificates/index.js
@@ -18,6 +18,10 @@
                 .json({ success: false, error: "All fields are required." });
         }
 
+        if (typeof email !== "string") {
+            return res.status(400).json({ success: false, error: "Invalid email format." });
+        }
+
         //only for ossome hacks 2
         // if (!name || !event || !type) {
         //     return res
@@ -69,7 +73,7 @@
             });
 
             const User = db.model(eventData.collection[type], userSchema);
-            const userData = await User.findOne({ email });
+            const userData = await User.findOne({ email: { $eq: email } });
 
             //only for ossome hacks 2
             // const userData = await User.findOne({
EOF
@@ -18,6 +18,10 @@
.json({ success: false, error: "All fields are required." });
}

if (typeof email !== "string") {
return res.status(400).json({ success: false, error: "Invalid email format." });
}

//only for ossome hacks 2
// if (!name || !event || !type) {
// return res
@@ -69,7 +73,7 @@
});

const User = db.model(eventData.collection[type], userSchema);
const userData = await User.findOne({ email });
const userData = await User.findOne({ email: { $eq: email } });

//only for ossome hacks 2
// const userData = await User.findOne({
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated

//only for ossome hacks 2
// const userData = await User.findOne({
// name: { $regex: new RegExp(`^${name}$`, 'i') }
// });

if (!userData) {
return res.status(404).json({
success: false,
error: `No certificate found for name: ${name}`
error: `No certificate found for email: ${email}`
});
}

//only for ossome hacks 2

// if (!userData) {
// return res.status(404).json({
// success: false,
// error: `No certificate found for name: ${name}`
// });
// }
// console.log("User data:", userData);

const color =
Expand Down