vape-sensor-inventory's Issues
Valid MongoDB connection string exposed in plaintext
Just a heads - these are sufficient to access your database on Atlas:
vape-sensor-inventory/src/.env
Line 1 in 85579d8
Tested by inserting a doc to a new db and collection:
MongoDB Enterprise cluster-vape-sensor-inventory-shard-0:PRIMARY> db.getSiblingDB("hello")["world"].find()
{ "_id" : ObjectId("5e3cb4d666f9fa4df195e6c2"), "example" : "doc" }
Doesn't look like the database itself has been used for much yet, but these credentials should be rotated as soon as is reasonable.
Defensive Coding in Controller
In line 30 (post_new_bearing
function) of bearing_info_controller.py
This function tries to access tags
and sensorId
field from body
. If these fields do not exist, the API will likely throw 500 errors when it clearly is the user's fault. We should practice defensive coding for this part. Although, tags
is an optional field. If tags
is not found in body
a default {}
dict should be used.
Duplicate Sensor Ids in the `sensorsId` List
This is a snapshot of what we have in the databse. It looks like whenever we are adding a sensor to bearing, it just does a simple append without deduplicate..
"sensorsId": [
"5e4c06b3df9931ea80aea288",
"5e4c06b3df9931ea80aea288",
"5e4c06b3df9931ea80aea288",
"5e4c06b3df9931ea80aea288",
"5e4c06b3df9931ea80aea288",
"5e4c06b3df9931ea80aea288",
500 returned when query /bearing?id=some id that does not exit in db
Currently if query a bearing that does not exist in the databse, the api would return 500. Ideally the api should return 400, since it is likely the user's fault:
Suggested action is to add try block to catch ModelDoesNotExist Exceptions.
See Line 18 (return Bearing.objects.get(id=id)
) in bearing_info.py
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.