Donat/SerpentRace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth Check For Decks

Browse Source
This commit is contained in:
magdo
2025-10-24 20:28:45 +02:00
parent 5722846da3
commit b9fedb3601
5 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SerpentRace_Backend/src/Application/Deck/commands/DeleteDeckCommand.ts
+2
View File
@@ -1,4 +1,6 @@
export interface DeleteDeckCommand {
userid: string;
authLevel: number;
id: string;
soft?: boolean;
}
SerpentRace_Backend/src/Application/Deck/commands/DeleteDeckCommandHandler.ts
+14
View File
@@ -1,10 +1,24 @@
import { IDeckRepository } from '../../../Domain/IRepository/IDeckRepository';
import { logAuth, logError } from '../../Services/Logger';
import { DeleteDeckCommand } from './DeleteDeckCommand';
export class DeleteDeckCommandHandler {
constructor(private readonly deckRepo: IDeckRepository) {}
async execute(cmd: DeleteDeckCommand): Promise<boolean> {
//get decks userid
const deck = await this.deckRepo.findById(cmd.id);
if (!deck) {
logError(`Deck not found with ID: ${cmd.id}`);
throw new Error('Deck not found');
}
if(cmd.authLevel !==1 && deck.userid !== cmd.userid) {
logAuth(`Unauthorized access attempt to deck with ID: ${cmd.id}, UserID: ${cmd.userid}`);
throw new Error('Unauthorized');
}
if (cmd.soft) {
await this.deckRepo.softDelete(cmd.id);
} else {
SerpentRace_Backend/src/Application/Deck/commands/UpdateDeckCommand.ts
+2 -3
View File
@@ -1,11 +1,10 @@
import { n } from "framer-motion/dist/types.d-D0HXPxHm";
export interface UpdateDeckCommand {
userid: string;
authLevel: number;
id: string;
userstate?: number;
name?: string;
type?: number;
userid?: string;
cards?: any[];
ctype?: number;
state?: number;
SerpentRace_Backend/src/Application/Deck/commands/UpdateDeckCommandHandler.ts
+6 -1
View File
@@ -3,7 +3,7 @@ import { UpdateDeckCommand } from './UpdateDeckCommand';
import { ShortDeckDto } from '../../DTOs/DeckDto';
import { DeckMapper } from '../../DTOs/Mappers/DeckMapper';
import { DeckAggregate } from '../../../Domain/Deck/DeckAggregate';
import { logError } from '../../Services/Logger';
import { logAuth, logError } from '../../Services/Logger';
export class UpdateDeckCommandHandler {
constructor(private readonly deckRepo: IDeckRepository) {}
@@ -24,6 +24,11 @@ export class UpdateDeckCommandHandler {
throw new Error('Deck not found');
}
if(cmd.authLevel !==1 && existingDeck.userid !== cmd.userid) {
logAuth(`Unauthorized access attempt to deck with ID: ${cmd.id}, UserID: ${cmd.userid}`);
throw new Error('Unauthorized');
}
const for_update: Partial<DeckAggregate> = {};
if(cmd.name !== undefined) for_update.name = cmd.name;
if(cmd.type !== undefined) for_update.type = cmd.type;