From 54387add664e06545c331bd33217d8da49793a35 Mon Sep 17 00:00:00 2001
From: "Josepablo C." <josepablo134@gmail.com>
Date: Sat, 7 Oct 2023 16:30:39 -0600
Subject: [PATCH] fix: validate attachment key name

---
 sections/load-attachments/services.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sections/load-attachments/services.js b/sections/load-attachments/services.js
index 002d082..ff93bb6 100644
--- a/sections/load-attachments/services.js
+++ b/sections/load-attachments/services.js
@@ -126,6 +126,8 @@ const postLoadingAttachment = async(req, res) => {
     if( attachment && file ){
         const s3resp = await uploadFile( s3Bucket, s3BucketKey, file , attachment._id );
         res.send( attachment );
+    }else if( !file ){
+        res.status(400).send({ error : "attachment file not found" , code: 400 });
     }else{
         res.status(401).send({error:"Unauthorized",code:401});
     }
@@ -135,9 +137,11 @@ const postDownloadingAttachment = async(req, res) => {
     const loadId = req.params.id;
     const attachment = await createLoadAttachment( "Downloading", req.JWT.payload.sub , loadId );
     const file = req.files.attachment;
-    if( attachment ){
+    if( attachment && file ){
         const s3resp = await uploadFile( s3Bucket, s3BucketKey, file , attachment._id );
         res.send( attachment );
+    }else if( !file ){
+        res.status(400).send({ error : "attachment file not found" , code: 400 });
     }else{
         res.status(401).send({error:"Unauthorized",code:401});
     }