From 5add43a0ce43a356286ea9db42c0cdcf5b58a718 Mon Sep 17 00:00:00 2001
From: Saransh Sinha <saranshsinha084@gmail.com>
Date: Tue, 22 Oct 2024 20:20:51 +0530
Subject: [PATCH] Fix code scanning alert no. 1: Database query built from
 user-controlled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 pages/api/v1/certificates/index.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pages/api/v1/certificates/index.js b/pages/api/v1/certificates/index.js
index bb44ade..5265608 100644
--- a/pages/api/v1/certificates/index.js
+++ b/pages/api/v1/certificates/index.js
@@ -9,10 +9,10 @@ export default async function handler(req, res) {
     if (req.method === "POST") {
         const { email, event, type } = req.body;
 
-        if (!email || !event || !type) {
+        if (!email || !event || !type || typeof email !== "string") {
             return res
                 .status(400)
-                .json({ success: false, error: "All fields are required." });
+                .json({ success: false, error: "All fields are required and email must be a string." });
         }
 
         try {
@@ -59,7 +59,7 @@ export default async function handler(req, res) {
             });
 
             const User = db.model(eventData.collection[type], userSchema);
-            const userData = await User.findOne({ email });
+            const userData = await User.findOne({ email: { $eq: email } });
 
             if (!userData || !userData.checkin) {
                 return res.status(404).json({