diff --git a/public/js/app.js b/public/js/app.js
index 09dfa0987a176ad918db2d6951e5bd88c5db7d67..7b7c05dc9bab2c2057150e89de8dbf9521fdcda1 100644
--- a/public/js/app.js
+++ b/public/js/app.js
@@ -16,6 +16,24 @@ document.getElementById('logout-btn').addEventListener('click', async () => {
}
});
+
+// Function to check if the currently processed task belongs to user account
+async function isValidTask(taskId) {
+ try {
+ const res = await fetch("/api/todos");
+ const todos = await res.json();
+ let valid = false;
+
+ todos.forEach(todo => {
+ if (todo._id == taskId)
+ valid = true;
+ });
+ return valid;
+ } catch (err) {
+ console.error("Error loading tasks:", err);
+ }
+}
+
// Load every task when the page is initialzed
document.addEventListener('DOMContentLoaded', async () => {
try {
@@ -87,8 +105,8 @@ newTaskForm.addEventListener('submit', async (e) => {
// Mark task as completed
async function markAsDone(taskId, isDone) {
// Input sanitation
- if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean') {
- console.error('Invalid task ID or task status is invalid');
+ if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean' && isValidTask(taskId)) {
+ console.error('Invalid task ID, task status is invalid or task does not belong to account');
return;
}
@@ -135,8 +153,8 @@ async function deleteTask(taskId) {
// Edit task
async function updateTask(taskId, newDescription) {
// Input sanitation
- if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string') {
- console.error('Invalid task ID or new description is not string');
+ if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string' && isValidTask(taskId)) {
+ console.error('Invalid task ID, task status is invalid or task does not belong to account');
return;
}
diff --git a/public/js/index.js b/public/js/index.js
index 0b6456db9827a9f117335978e05251b65fef1774..fd999b880251debdf6368381abdeee28c89d30ee 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -7,6 +7,23 @@ document.addEventListener('DOMContentLoaded', async () => {
let showCompletedTasks = false;
+ // Function to check if the currently processed task belongs to user account
+ async function isValidTask(taskId) {
+ try {
+ const res = await fetch("/api/todos");
+ const todos = await res.json();
+ let valid = false;
+
+ todos.forEach(todo => {
+ if (todo._id == taskId)
+ valid = true;
+ });
+ return valid;
+ } catch (err) {
+ console.error("Error loading tasks:", err);
+ }
+ }
+
// Load the tasks when page is initiated
async function loadTasks() {
try {
@@ -119,13 +136,13 @@ document.addEventListener('DOMContentLoaded', async () => {
// Function to alternate to the completed state
async function toggleComplete(taskId, isDone) {
// Input sanitation
- if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean') {
- console.error('Invalid task ID or task status is invalid');
+ if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean' && isValidTask(taskId)) {
+ console.error('Invalid task ID, task status is invalid or task does not belong to account');
return;
}
try {
- const res = await fetch(`/api/todos/${taskId}/done`, {
+ const res = await fetch(`/api/todos/${taskId}/done`, {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ isDone })
@@ -161,8 +178,8 @@ document.addEventListener('DOMContentLoaded', async () => {
// Function to update the description of a task
async function updateTask(taskId, newDescription) {
// Input sanitation
- if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string') {
- console.error('Invalid task ID or new description is not string');
+ if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string' && isValidTask(taskId)) {
+ console.error('Invalid task ID, task status is invalid or task does not belong to account');
return;
}