From c6dda1f4baa1cc4565c98eba6dd079d7981e1a91 Mon Sep 17 00:00:00 2001
From: luchenqun <luchenqun@qq.com>
Date: Sat, 20 Apr 2019 22:37:48 +0800
Subject: [PATCH] forbid update others bookmark

---
 database/db.js | 12 ++++++++----
 routes/api.js  |  3 ++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/database/db.js b/database/db.js
index ebf51d9..2641667 100644
--- a/database/db.js
+++ b/database/db.js
@@ -1,8 +1,8 @@
 var mysql = require('mysql');
 var dbConfig = {
     host: '127.0.0.1',
-    user: 'test', // mysql的账号
-    password: '123456', // mysql 的密码
+    user: 'lcq', // mysql的账号
+    password: 'fendoubuxi596320', // mysql 的密码
     database: 'mybookmarks',
     multipleStatements: true,
     useConnectionPooling: true,
@@ -92,14 +92,18 @@ db.delBookmark = function(id) {
 }
 
 db.updateBookmark = function(bookmark) {
-    var sql = "UPDATE `bookmarks` SET `title`='" + bookmark.title + "', `description`=" + client.escape(bookmark.description) + ", `url`='" + bookmark.url + "', `public`='" + bookmark.public + "' WHERE (`id`='" + bookmark.id + "')";
+    var sql = "UPDATE `bookmarks` SET `title`='" + bookmark.title + "', `description`=" + client.escape(bookmark.description) + ", `url`='" + bookmark.url + "', `public`='" + bookmark.public + "' WHERE (`id`='" + bookmark.id + "' AND `user_id`='" + bookmark.userId + "' )";
     console.log("sql updateBookmark = " + sql);
     return new Promise(function(resolve, reject) {
         client.query(sql, (err, result) => {
             if (err) {
                 reject(err);
             } else {
-                resolve(result.affectedRows);
+                if(result.affectedRows === 1){
+                    resolve(1);
+                } else {
+                    reject(new Error("bookmark not found"));
+                }
             }
         });
     });
diff --git a/routes/api.js b/routes/api.js
index 72fafad..451b736 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -330,7 +330,8 @@ api.post('/updateBookmark', function(req, res) {
     var bookmark = req.body.params;
     var userId = req.session.user.id;
     var tags = bookmark.tags;
-    var ret = {}
+    var ret = {};
+    bookmark.userId = userId;
     console.log('hello updateBookmark', JSON.stringify(bookmark));
     db.updateBookmark(bookmark) // 更新标签信息
         .then((affectedRows) => db.delBookmarkTags(bookmark.id)) // 将之前所有的书签分类信息删掉