From 3c82641aa06ae990b2a1331035b1863ded868dcb Mon Sep 17 00:00:00 2001
From: Jim Laurie <j.laurie6993@gmail.com>
Date: Thu, 8 Feb 2018 14:58:05 +0100
Subject: [PATCH] Fix fetch error mongoose Verify if _id params has mongoose
 ObjectId format

---
 .../templates/mongoose/controller.template                    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/strapi-generate-api/templates/mongoose/controller.template b/packages/strapi-generate-api/templates/mongoose/controller.template
index 599c0b6e98..ecfa5b4d5e 100755
--- a/packages/strapi-generate-api/templates/mongoose/controller.template
+++ b/packages/strapi-generate-api/templates/mongoose/controller.template
@@ -28,6 +28,10 @@ module.exports = {
    */
 
   findOne: async (ctx) => {
+    if (!ctx.params._id.match(/^[0-9a-fA-F]{24}$/)) {
+      return ctx.notFound();
+    }
+
     const data = await strapi.services.<%= id %>.fetch(ctx.params);
 
     // Send 200 `ok`