From 0bb81881b28063f6105f1aa9936828426fab750b Mon Sep 17 00:00:00 2001
From: JesseKagumu <149514875+JesseKagumu@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:12:03 -0400
Subject: [PATCH] Update authentication.js from the AppSec Hack Pod

Consistent Response Format: Changed res.send(true) to res.status(200).json({ authenticated: true }) for better structure and extensibility.

HTTP Status Code: Explicitly added status(200) to make sure the response is properly handled by clients expecting HTTP status codes.

Maintained the Principle of Least Privilege
---
 server/routes/api/authentication.js | 30 +++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/server/routes/api/authentication.js b/server/routes/api/authentication.js
index 8875c8891..d05ff4440 100644
--- a/server/routes/api/authentication.js
+++ b/server/routes/api/authentication.js
@@ -1,25 +1,27 @@
-require('dotenv').config()
-const express = require('express')
-const router = express.Router()
+require('dotenv').config();
+const express = require('express');
+const router = express.Router();
 
 const {
   getPublicMessage,
   getProtectedMessage
-} = require('../../auth/messages/messages.service')
-const { checkJwt } = require('../../auth/check-jwt')
+} = require('../../auth/messages/messages.service');
+const { checkJwt } = require('../../auth/check-jwt');
 
 router.get('/isAuthenticated', checkJwt, (req, res) => {
-  res.send(true)
-})
+  res.status(200).json({ authenticated: true });
+});
 
 router.get('/public-message', (req, res) => {
-  const message = getPublicMessage()
-  res.status(200).send(message)
-})
+  const message = getPublicMessage();
+  res.status(200).json({ message });
+});
 
 router.get('/protected-message', checkJwt, (req, res) => {
-  const message = getProtectedMessage()
-  res.status(200).send(message)
-})
+  const message = getProtectedMessage();
+  res.status(200).json({ message });
+});
+
+
+module.exports = router;
 
-module.exports = router