Code Room
Code reviewMediumcr-g556
Subject Security injection nosqlLevel Mid–Senior~18 minCommon in Security · Databases & SQL interviewsIndustries Software development

Question

Review this Node.js MongoDB authentication query.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjavascript
app.post('/api/auth', async (req, res) => {  // body parsed as JSON  const user = await db.collection('users').findOne({    username: req.body.username,    password: req.body.password,  });  if (user) {    req.session.uid = user._id;    return res.json({ ok: true });  }  res.status(401).json({ ok: false });});
Run or narrate your approach, then ask the coach.