Code Room
Code reviewHardcr-g555
Subject Security missing rate limiting authLevel Senior–Staff~20 minCommon in Security · Networking & APIs interviewsIndustries Software development, Technology

Question

Review this Express login route.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjavascript
app.post('/login', async (req, res) => {  const { email, password } = req.body;  const user = await Users.findByEmail(email);  if (!user) return res.status(401).json({ error: 'invalid' });  const ok = await bcrypt.compare(password, user.passwordHash);  if (!ok) return res.status(401).json({ error: 'invalid' });  const token = signJwt({ sub: user.id });  res.json({ token });});
Run or narrate your approach, then ask the coach.