Code Room
Code reviewHardcr-g550
Subject Security mass assignmentLevel Senior–Staff~20 minCommon in Security interviewsIndustries Software development

Question

Review this Express handler that updates a user profile.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjavascript
app.patch('/api/users/:id', requireAuth, async (req, res) => {  const { id } = req.params;  if (req.user.id !== id) return res.status(403).end();  // merge whatever fields the client sent  const updated = await User.findByIdAndUpdate(    id,    { $set: req.body },    { new: true }  );  res.json(updated);});
Run or narrate your approach, then ask the coach.